From 688169fe28ed9ce44fb7d92b347263bee28d7cc3 Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Fri, 20 Dec 2024 16:12:20 +0100 Subject: [PATCH] Refactor(eos_designs): Structured config output (#4700) --- .../intended/structured_configs/LEAF1A.yml | 620 +- .../intended/structured_configs/LEAF1B.yml | 620 +- .../intended/structured_configs/LEAF2A.yml | 6968 ++++++++--------- .../intended/structured_configs/LEAF3A.yml | 1076 +-- .../intended/structured_configs/LEAF3B.yml | 1076 +-- .../intended/structured_configs/LEAF3C.yml | 912 +-- .../intended/structured_configs/LEAF3D.yml | 912 +-- .../intended/structured_configs/LEAF3E.yml | 912 +-- .../intended/structured_configs/SPINE1.yml | 460 +- .../intended/structured_configs/SPINE2.yml | 460 +- .../structured_configs/inet-cloud.yml | 226 +- .../structured_configs/mpls-cloud.yml | 222 +- .../intended/structured_configs/pf1.yml | 1102 +-- .../intended/structured_configs/pf2.yml | 1102 +-- .../structured_configs/site1-border1.yml | 698 +- .../structured_configs/site1-border2.yml | 698 +- .../structured_configs/site1-wan1.yml | 1116 +-- .../structured_configs/site1-wan2.yml | 1118 +-- .../structured_configs/site2-leaf1.yml | 612 +- .../structured_configs/site2-leaf2.yml | 612 +- .../structured_configs/site2-wan1.yml | 967 ++- .../structured_configs/site2-wan2.yml | 1113 ++- .../structured_configs/site3-leaf1.yml | 124 +- .../structured_configs/site3-wan1.yml | 852 +- .../structured_configs/dc1-leaf1a.yml | 644 +- .../structured_configs/dc1-leaf1b.yml | 644 +- .../structured_configs/dc1-leaf1c.yml | 110 +- .../structured_configs/dc1-leaf2a.yml | 732 +- .../structured_configs/dc1-leaf2b.yml | 732 +- .../structured_configs/dc1-leaf2c.yml | 110 +- .../structured_configs/dc1-spine1.yml | 232 +- .../structured_configs/dc1-spine2.yml | 232 +- .../structured_configs/dc2-leaf1a.yml | 644 +- .../structured_configs/dc2-leaf1b.yml | 644 +- .../structured_configs/dc2-leaf1c.yml | 110 +- .../structured_configs/dc2-leaf2a.yml | 732 +- .../structured_configs/dc2-leaf2b.yml | 732 +- .../structured_configs/dc2-leaf2c.yml | 110 +- .../structured_configs/dc2-spine1.yml | 232 +- .../structured_configs/dc2-spine2.yml | 232 +- .../intended/structured_configs/p1.yml | 196 +- .../intended/structured_configs/p2.yml | 196 +- .../intended/structured_configs/p3.yml | 184 +- .../intended/structured_configs/p4.yml | 184 +- .../intended/structured_configs/pe1.yml | 344 +- .../intended/structured_configs/pe2.yml | 344 +- .../intended/structured_configs/pe3.yml | 334 +- .../intended/structured_configs/rr1.yml | 314 +- .../intended/structured_configs/rr2.yml | 314 +- .../intended/structured_configs/LEAF1.yml | 218 +- .../intended/structured_configs/LEAF2.yml | 218 +- .../intended/structured_configs/LEAF3.yml | 218 +- .../intended/structured_configs/LEAF4.yml | 218 +- .../intended/structured_configs/SPINE1.yml | 262 +- .../intended/structured_configs/SPINE2.yml | 262 +- .../structured_configs/dc1-leaf1a.yml | 686 +- .../structured_configs/dc1-leaf1b.yml | 686 +- .../structured_configs/dc1-leaf1c.yml | 134 +- .../structured_configs/dc1-leaf2a.yml | 686 +- .../structured_configs/dc1-leaf2b.yml | 686 +- .../structured_configs/dc1-leaf2c.yml | 134 +- .../structured_configs/dc1-spine1.yml | 274 +- .../structured_configs/dc1-spine2.yml | 274 +- .../intended/structured_configs/DC1-BL1A.yml | 648 +- .../intended/structured_configs/DC1-BL1B.yml | 648 +- .../structured_configs/DC1-L2LEAF1A.yml | 118 +- .../structured_configs/DC1-L2LEAF2A.yml | 222 +- .../structured_configs/DC1-L2LEAF2B.yml | 222 +- .../structured_configs/DC1-LEAF1A.yml | 468 +- .../structured_configs/DC1-LEAF2A.yml | 1020 +-- .../structured_configs/DC1-LEAF2B.yml | 1020 +-- .../structured_configs/DC1-SPINE1.yml | 348 +- .../structured_configs/DC1-SPINE2.yml | 348 +- .../structured_configs/DC1-SPINE3.yml | 348 +- .../structured_configs/DC1-SPINE4.yml | 348 +- .../intended/structured_configs/DC1-SVC3A.yml | 1376 ++-- .../intended/structured_configs/DC1-SVC3B.yml | 1246 +-- .../intended/structured_configs/BGP-LEAF1.yml | 84 +- .../intended/structured_configs/BGP-LEAF2.yml | 78 +- .../structured_configs/BGP-SPINE1.yml | 334 +- .../structured_configs/BGP-SPINE2.yml | 342 +- .../structured_configs/ISIS-LEAF1.yml | 90 +- .../structured_configs/ISIS-SPINE1.yml | 128 +- .../structured_configs/L2ONLY-LEAF1.yml | 78 +- .../structured_configs/L2ONLY-LEAF2.yml | 78 +- .../structured_configs/L2ONLY-SPINE1.yml | 158 +- .../structured_configs/L2ONLY-SPINE2.yml | 158 +- .../structured_configs/OSPF-LEAF1.yml | 78 +- .../structured_configs/OSPF-LEAF2.yml | 78 +- .../structured_configs/OSPF-SPINE1.yml | 222 +- .../structured_configs/OSPF-SPINE2.yml | 232 +- .../structured_configs/SITE1-LER1.yml | 564 +- .../structured_configs/SITE1-LER2.yml | 650 +- .../structured_configs/SITE1-LSR1.yml | 226 +- .../structured_configs/SITE1-LSR2.yml | 206 +- .../intended/structured_configs/SITE1-RR1.yml | 256 +- .../structured_configs/SITE2-LER1.yml | 868 +- .../structured_configs/SITE2-LSR1.yml | 226 +- .../structured_configs/SITE2-LSR2.yml | 286 +- .../intended/structured_configs/SITE2-RR1.yml | 256 +- .../structured_configs/SITE3-LER1.yml | 108 +- .../structured_configs/DC1-POD1-L2LEAF1A.yml | 94 +- .../structured_configs/DC1-POD1-L2LEAF2A.yml | 218 +- .../structured_configs/DC1-POD1-L2LEAF2B.yml | 226 +- .../structured_configs/DC1-POD1-LEAF1A.yml | 348 +- .../structured_configs/DC1-POD1-LEAF2B.yml | 1432 ++-- .../structured_configs/DC1-POD1-SPINE1.yml | 400 +- .../structured_configs/DC1-POD1-SPINE2.yml | 292 +- .../structured_configs/DC1-POD2-LEAF1A.yml | 600 +- .../structured_configs/DC1-POD2-SPINE1.yml | 274 +- .../structured_configs/DC1-POD2-SPINE2.yml | 260 +- .../intended/structured_configs/DC1-RS1.yml | 268 +- .../intended/structured_configs/DC1-RS2.yml | 280 +- .../structured_configs/DC1-SUPER-SPINE1.yml | 258 +- .../structured_configs/DC1-SUPER-SPINE2.yml | 264 +- .../structured_configs/DC1.POD1.LEAF2A.yml | 1370 ++-- .../structured_configs/DC2-POD1-L2LEAF1A.yml | 104 +- .../structured_configs/DC2-POD1-L2LEAF2A.yml | 104 +- .../structured_configs/DC2-POD1-LEAF1A.yml | 418 +- .../structured_configs/DC2-POD1-LEAF2A.yml | 286 +- .../structured_configs/DC2-POD1-SPINE1.yml | 274 +- .../structured_configs/DC2-POD1-SPINE2.yml | 238 +- .../intended/structured_configs/DC2-RS1.yml | 196 +- .../intended/structured_configs/DC2-RS2.yml | 170 +- .../structured_configs/DC2-SUPER-SPINE1.yml | 312 +- .../structured_configs/DC2-SUPER-SPINE2.yml | 194 +- .../intended/structured_configs/host1.yml | 192 +- .../intended/structured_configs/host2.yml | 98 +- .../intended/configs/bgp-peer-groups-1.cfg | 2 - .../structured_configs/7010TX-LEAF1.yml | 260 +- .../structured_configs/7010TX-LEAF2.yml | 246 +- .../AUTO_BGP_ASN_LEAF1A.yml | 146 +- .../AUTO_BGP_ASN_LEAF1B.yml | 146 +- .../structured_configs/AUTO_BGP_ASN_LEAF2.yml | 146 +- .../AUTO_BGP_ASN_LEAF3A.yml | 280 +- .../AUTO_BGP_ASN_LEAF3B.yml | 280 +- .../AUTO_BGP_ASN_LEAF4A.yml | 280 +- .../AUTO_BGP_ASN_LEAF4B.yml | 280 +- .../AUTO_BGP_ASN_LEAF5A.yml | 146 +- .../AUTO_BGP_ASN_LEAF7A.yml | 280 +- .../AUTO_BGP_ASN_LEAF7B.yml | 280 +- .../AUTO_BGP_ASN_LEAF8A.yml | 146 +- .../AUTO_BGP_ASN_LEAF8B.yml | 146 +- .../AUTO_BGP_UNGROUPED_LEAF6.yml | 146 +- .../AUTO_NODE_TYPE_LEAF01.yml | 196 +- .../AUTO_NODE_TYPE_SPINE01.yml | 174 +- .../AUTO_NODE_TYPE_SPINE02.yml | 174 +- .../AUTO_NODE_TYPE_UNGROUPED_LEAF02.yml | 196 +- .../CUSTOM-PYTHON_MODULES-L3LEAF1A.yml | 430 +- .../CUSTOM-PYTHON_MODULES-L3LEAF1B.yml | 382 +- .../CUSTOM-PYTHON_MODULES-L3LEAF2.yml | 230 +- .../CUSTOM-PYTHON_MODULES-SPINE1.yml | 170 +- .../CUSTOM-TEMPLATES-L2LEAF1A.yml | 152 +- .../CUSTOM-TEMPLATES-L2LEAF1B.yml | 152 +- .../CUSTOM-TEMPLATES-L3LEAF1A.yml | 454 +- .../CUSTOM-TEMPLATES-L3LEAF1B.yml | 484 +- .../CUSTOM-TEMPLATES-SPINE1.yml | 170 +- .../intended/structured_configs/DC1-BL1A.yml | 1206 +-- .../intended/structured_configs/DC1-BL1B.yml | 1142 +-- .../intended/structured_configs/DC1-BL2A.yml | 598 +- .../intended/structured_configs/DC1-BL2B.yml | 592 +- .../intended/structured_configs/DC1-CL1A.yml | 488 +- .../intended/structured_configs/DC1-CL1B.yml | 502 +- .../structured_configs/DC1-L2LEAF1A.yml | 270 +- .../structured_configs/DC1-L2LEAF1B.yml | 270 +- .../structured_configs/DC1-L2LEAF2A.yml | 240 +- .../structured_configs/DC1-L2LEAF2B.yml | 240 +- .../structured_configs/DC1-L2LEAF3A.yml | 126 +- .../structured_configs/DC1-L2LEAF4A.yml | 126 +- .../structured_configs/DC1-LEAF1A.yml | 808 +- .../structured_configs/DC1-LEAF2A.yml | 1576 ++-- .../structured_configs/DC1-LEAF2B.yml | 1554 ++-- .../structured_configs/DC1-SPINE1.yml | 828 +- .../structured_configs/DC1-SPINE2.yml | 686 +- .../structured_configs/DC1-SPINE3.yml | 678 +- .../structured_configs/DC1-SPINE4.yml | 670 +- .../intended/structured_configs/DC1-SVC3A.yml | 2964 +++---- .../intended/structured_configs/DC1-SVC3B.yml | 2894 +++---- .../structured_configs/DC1.L2LEAF5A.yml | 224 +- .../structured_configs/DC1.L2LEAF5B.yml | 224 +- .../structured_configs/DC1.L2LEAF6A.yml | 206 +- .../structured_configs/DC1.L2LEAF6B.yml | 206 +- .../DC1_UNDEPLOYED_LEAF1A.yml | 1396 ++-- .../DC1_UNDEPLOYED_LEAF1B.yml | 1396 ++-- .../intended/structured_configs/DUP-LEAF1.yml | 192 +- .../intended/structured_configs/DUP-LEAF2.yml | 192 +- .../EVPN-MULTICAST-DISABLED.yml | 1326 ++-- .../EVPN-MULTICAST-L2LEAF1A.yml | 76 +- .../EVPN-MULTICAST-L3LEAF1A.yml | 3150 ++++---- .../EVPN-MULTICAST-L3LEAF1B.yml | 3150 ++++---- .../EVPN-MULTICAST-L3LEAF2A.yml | 1526 ++-- .../EVPN-MULTICAST-L3LEAF3A.yml | 1636 ++-- .../EVPN-MULTICAST-L3LEAF3B.yml | 1636 ++-- .../EVPN-MULTICAST-SPINE1.yml | 300 +- .../IGMP-QUERIER-L2LEAF1A.yml | 68 +- .../IGMP-QUERIER-L3LEAF1A.yml | 586 +- .../structured_configs/MH-L2LEAF1A.yml | 136 +- .../intended/structured_configs/MH-LEAF1A.yml | 646 +- .../intended/structured_configs/MH-LEAF1B.yml | 646 +- .../intended/structured_configs/MH-LEAF2A.yml | 450 +- .../structured_configs/MLAG-ISIS-L3LEAF1A.yml | 240 +- .../structured_configs/MLAG-ISIS-L3LEAF1B.yml | 240 +- .../structured_configs/MLAG-ISIS-SPINE.yml | 154 +- .../structured_configs/MLAG-OSPF-L3LEAF1A.yml | 316 +- .../structured_configs/MLAG-OSPF-L3LEAF1B.yml | 316 +- .../structured_configs/MLAG_IPV6_L3LEAF1A.yml | 264 +- .../structured_configs/MLAG_IPV6_L3LEAF1B.yml | 264 +- .../MLAG_ODD_ID_L3LEAF1A.yml | 284 +- .../MLAG_ODD_ID_L3LEAF1B.yml | 280 +- .../MLAG_SAME_SUBNET_L3LEAF1A.yml | 352 +- .../MLAG_SAME_SUBNET_L3LEAF1B.yml | 352 +- .../MLAG_SAME_SUBNET_L3LEAF2A.yml | 352 +- .../MLAG_SAME_SUBNET_L3LEAF2B.yml | 352 +- .../OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.yml | 116 +- .../OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.yml | 116 +- .../OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1.yml | 50 +- .../OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2.yml | 50 +- .../OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1.yml | 142 +- .../OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2.yml | 144 +- .../OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A.yml | 306 +- .../OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B.yml | 306 +- .../OVERRIDE_VTEP_L3LEAF1A.yml | 264 +- .../OVERRIDE_VTEP_L3LEAF1B.yml | 250 +- .../P2P-UPLINKS-IPV4-PREFIX-LENGTH.yml | 144 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF1.yml | 246 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF2.yml | 246 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF3.yml | 246 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF4.yml | 246 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF5.yml | 246 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF6.yml | 246 +- .../RD-RT-ADMIN-SUBFIELD-L3LEAF7.yml | 246 +- .../intended/structured_configs/SL-LEAF0A.yml | 100 +- .../intended/structured_configs/SL-LEAF0B.yml | 166 +- .../intended/structured_configs/SL-LEAF1A.yml | 148 +- .../intended/structured_configs/SL-LEAF1B.yml | 124 +- .../intended/structured_configs/SL-LEAF2A.yml | 128 +- .../intended/structured_configs/SL-LEAF2B.yml | 128 +- .../intended/structured_configs/SL-MLEAF1.yml | 48 +- .../SNMP_AUTOGEN_ENGINEID.yml | 38 +- .../SNMP_SYSTEM_MAC_ENGINEID_1.yml | 36 +- .../SNMP_SYSTEM_MAC_ENGINEID_2.yml | 34 +- .../structured_configs/SVI_PROFILE_NODE_1.yml | 442 +- .../structured_configs/SVI_PROFILE_NODE_2.yml | 412 +- .../TEST-MGMT-GATEWAY-IN-NODE-GROUP.yml | 56 +- .../UNDERLAY-MULTICAST-L2LEAF1A.yml | 72 +- .../UNDERLAY-MULTICAST-L3LEAF1A.yml | 402 +- .../UNDERLAY-MULTICAST-L3LEAF1B.yml | 378 +- .../UNDERLAY-MULTICAST-L3LEAF2A.yml | 358 +- .../UNDERLAY-MULTICAST-L3LEAF2B.yml | 358 +- .../UNDERLAY-MULTICAST-SPINE1.yml | 262 +- .../UNDERLAY-MULTICAST-SPINE2.yml | 214 +- .../UNDERLAY_FILTER_PEER_AS_L3LEAF1.yml | 130 +- .../UNDERLAY_FILTER_PEER_AS_SPINE1.yml | 108 +- .../UNDERLAY_FILTER_PEER_AS_SPINE2.yml | 108 +- ...UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A.yml | 184 +- ...UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B.yml | 184 +- ...UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A.yml | 370 +- ...UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B.yml | 370 +- .../UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1.yml | 182 +- .../UPLINK_P2P_VRFS_TESTS_L2LEAF1.yml | 54 +- .../UPLINK_P2P_VRFS_TESTS_LEAF1.yml | 286 +- .../UPLINK_P2P_VRFS_TESTS_SPINE1.yml | 136 +- .../UPLINK_P2P_VRFS_TESTS_SPINE2.yml | 136 +- .../always-configure-ip-routing.yml | 28 +- .../autovpn-edge-no-default-policy.yml | 354 +- .../structured_configs/autovpn-edge.yml | 364 +- .../structured_configs/autovpn-rr1.yml | 316 +- .../structured_configs/autovpn-rr2.yml | 320 +- .../bgp-from-network-services-1.yml | 234 +- .../bgp-from-network-services-2.yml | 114 +- .../structured_configs/bgp-options.yml | 98 +- .../structured_configs/bgp-peer-groups-1.yml | 261 +- .../structured_configs/bgp-peer-groups-2.yml | 234 +- .../structured_configs/bgp-peer-groups-3.yml | 112 +- .../connected_endpoints.yml | 242 +- .../structured_configs/core-1-isis-sr-ldp.yml | 480 +- .../structured_configs/core-2-ospf-ldp.yml | 332 +- .../structured_configs/core-3-isis-sr-ldp.yml | 76 +- .../structured_configs/core-4-multicast.yml | 214 +- .../structured_configs/custom-ptp-profile.yml | 224 +- .../custom-structured-configuration.yml | 27 +- ...der-custom-control-plane-policy-edge-1.yml | 664 +- ...der-custom-control-plane-policy-edge-2.yml | 664 +- ...der-custom-control-plane-policy-edge-3.yml | 556 +- ...stom-control-plane-policy-pathfinder-1.yml | 996 +-- ...-pathfinder-edge-custom-default-policy.yml | 566 +- .../cv-pathfinder-edge-no-default-policy.yml | 588 +- .../structured_configs/cv-pathfinder-edge.yml | 1490 ++-- .../cv-pathfinder-edge1.yml | 1950 ++--- .../cv-pathfinder-edge2A.yml | 1010 +-- .../cv-pathfinder-edge2B.yml | 974 +-- .../cv-pathfinder-edge3A.yml | 806 +- .../cv-pathfinder-edge3B.yml | 802 +- .../cv-pathfinder-edge4A.yml | 836 +- .../cv-pathfinder-edge4B.yml | 836 +- .../cv-pathfinder-pathfinder.yml | 1162 +-- .../cv-pathfinder-pathfinder1.yml | 1170 +-- .../cv-pathfinder-pathfinder2.yml | 1214 +-- .../cv-pathfinder-transit1A.yml | 1095 ++- .../cv-pathfinder-transit1B.yml | 1098 +-- .../cvp-instance-ips-cvaas.yml | 120 +- .../cvp-instance-ips-onprem-token.yml | 34 +- .../default_interface_mtu_hostvars.yml | 28 +- .../default_interface_mtu_platform.yml | 28 +- .../default_overlay_protocol_cvx.yml | 76 +- .../default_overlay_protocol_her.yml | 76 +- .../device.with.dots.in.hostname.yml | 100 +- .../downlink-pools-l3leaf1.yml | 158 +- .../downlink-pools-l3leaf2.yml | 158 +- .../downlink-pools-l3leaf3.yml | 200 +- .../downlink-pools-l3leaf4.yml | 200 +- .../downlink-pools-spine1.yml | 230 +- .../downlink-pools-spine2.yml | 230 +- .../structured_configs/duplicate-vrfs.yml | 182 +- .../evpn-to-ipvpn-gateway.yml | 190 +- .../evpn-vtep-with-default-vrf-not-evpn.yml | 142 +- .../evpn_l2_multi_domain.yml | 458 +- .../evpn_services_l2_only_false.yml | 1302 +-- .../evpn_services_l2_only_true.yml | 258 +- .../structured_configs/evpn_vlan_bundle.yml | 404 +- .../evpn_vlan_bundle_svi_l2vlan.yml | 222 +- .../filter.only_vlans_in_use.yml | 56 +- .../structured_configs/filter.vrfs.yml | 112 +- .../flow-tracking-tests-l2-leaf1.yml | 128 +- .../flow-tracking-tests-l2-leaf2.yml | 128 +- .../flow-tracking-tests-leaf1.yml | 378 +- .../flow-tracking-tests-leaf2.yml | 382 +- .../flow-tracking-tests-leaf3.yml | 684 +- .../flow-tracking-tests-leaf4.yml | 684 +- .../flow-tracking-tests-spine1.yml | 358 +- .../flow-tracking-tests-spine2.yml | 356 +- .../structured_configs/generate-cv-tags-1.yml | 156 +- .../structured_configs/generate-cv-tags-2.yml | 112 +- .../structured_configs/hardware_counters.yml | 30 +- .../ignore-custom-keys-in-data-models.yml | 36 +- .../inband-mgmt-dualstack-ips.yml | 105 +- .../inband-mgmt-dualstack-subnets.yml | 105 +- .../structured_configs/inband-mgmt-ip.yml | 95 +- .../inband-mgmt-ipv6-only-vrf.yml | 101 +- .../inband-mgmt-ipv6-only.yml | 99 +- .../structured_configs/inband-mgmt-mlag-a.yml | 231 +- .../structured_configs/inband-mgmt-mlag-b.yml | 231 +- .../inband-mgmt-parent-dualstack1.yml | 563 +- .../inband-mgmt-parent-dualstack2.yml | 563 +- .../inband-mgmt-parent-ipv6-1.yml | 457 +- .../inband-mgmt-parent-ipv6-2.yml | 445 +- .../inband-mgmt-parent-vrf.yml | 329 +- .../structured_configs/inband-mgmt-parent.yml | 325 +- .../inband-mgmt-spine1-ztp.yml | 261 +- .../inband-mgmt-subnet-vrf.yml | 103 +- .../structured_configs/inband-mgmt-subnet.yml | 99 +- .../intended/structured_configs/ipv4-acls.yml | 254 +- .../isis-system-id-format-using-node-id.yml | 94 +- ...stem-id-format-using-underlay-loopback.yml | 94 +- .../structured_configs/l3_edge_bgp.yml | 294 +- .../structured_configs/l3_edge_isis.yml | 170 +- .../structured_configs/l3_edge_multicast.yml | 96 +- .../structured_configs/l3_edge_ospf.yml | 150 +- .../mgmt_interface_default.yml | 70 +- .../mgmt_interface_description.yml | 42 +- .../mgmt_interface_dualstack.yml | 62 +- .../mgmt_interface_fabric.yml | 70 +- .../mgmt_interface_host.yml | 86 +- .../mgmt_interface_ipv6.yml | 44 +- .../mgmt_interface_platform.yml | 86 +- .../network-ports-tests-2.yml | 622 +- .../network-ports-tests.1.yml | 560 +- .../structured_configs/no_mgmt_gateway.yml | 36 +- .../structured_configs/no_mgmt_interface.yml | 24 +- .../node-type-l3-interfaces-bgp.yml | 100 +- .../node-type-l3-interfaces.yml | 148 +- .../structured_configs/ntp-settings-1.yml | 54 +- .../structured_configs/ntp-settings-2.yml | 44 +- .../only-connected-endpoints.yml | 72 +- .../override_uplink_type-d.yml | 56 +- .../override_uplink_type-u.yml | 134 +- .../structured_configs/platform_settings.yml | 46 +- .../ptp-tests-l2leaf1-ptp-disabled.yml | 70 +- ...ts-l2leaf2-ptp-enabled-uplink-disabled.yml | 106 +- .../ptp-tests-l2leaf2-ptp-enabled.yml | 116 +- .../structured_configs/ptp-tests-leaf1.yml | 712 +- .../structured_configs/ptp-tests-leaf2.yml | 708 +- .../structured_configs/ptp-tests-spine1.yml | 332 +- .../structured_configs/ptp-tests-spine2.yml | 284 +- .../structured_configs/ptp-tests-spine3.yml | 148 +- .../relaxed-structured-config-validation.yml | 34 +- .../sflow-tests-l2-leaf1.yml | 124 +- .../sflow-tests-l2-leaf2.yml | 124 +- .../structured_configs/sflow-tests-leaf1.yml | 324 +- .../structured_configs/sflow-tests-leaf2.yml | 266 +- .../structured_configs/sflow-tests-leaf3.yml | 646 +- .../structured_configs/sflow-tests-leaf4.yml | 646 +- .../structured_configs/sflow-tests-spine1.yml | 412 +- .../structured_configs/sflow-tests-spine2.yml | 236 +- .../site-ha-disabled-leaf.yml | 440 +- .../site-ha-enabled-leaf1.yml | 438 +- .../site-ha-enabled-leaf2A.yml | 438 +- .../site-ha-enabled-leaf2B.yml | 438 +- .../structured_configs/snmp-settings-1.yml | 126 +- .../structured_configs/snmp-settings-2.yml | 40 +- .../structured_configs/source-interfaces.yml | 86 +- .../spanning-tree-mode-rapid-pvst.yml | 36 +- .../trunk-group-tests-l2leaf1a.yml | 236 +- .../trunk-group-tests-l2leaf1b.yml | 262 +- .../trunk-group-tests-l2leaf3.yml | 64 +- .../trunk-group-tests-l2leaf4.yml | 64 +- .../trunk-group-tests-l3leaf1a.yml | 742 +- .../trunk-group-tests-l3leaf1b.yml | 718 +- .../trunk-group-tests-l3leaf2a.yml | 400 +- .../trunk-group-tests-l3leaf2b.yml | 400 +- .../underlay_filter_peer_as_evpn_1.yml | 178 +- .../underlay_filter_peer_as_evpn_2.yml | 150 +- .../underlay_filter_peer_as_evpn_3.yml | 150 +- .../uplink-native-vlan-child.yml | 60 +- .../uplink-native-vlan-grandparent.yml | 46 +- .../uplink-native-vlan-parent.yml | 70 +- .../structured_configs/uplink_lan_l2leaf.yml | 78 +- .../uplink_lan_wan_router1.yml | 496 +- .../uplink_lan_wan_router2.yml | 510 +- .../intended/structured_configs/varpv6.yml | 228 +- .../vrfs_rd_rt_override.yml | 186 +- .../custom-structured-configuration.yml | 6 + .../structured_configs/dc1-leaf1a.yml | 894 +-- .../structured_configs/dc1-leaf1b.yml | 1064 +-- .../structured_configs/dc1-leaf1c.yml | 120 +- .../structured_configs/dc1-leaf2a.yml | 834 +- .../structured_configs/dc1-leaf2b.yml | 834 +- .../structured_configs/dc1-leaf2c.yml | 120 +- .../structured_configs/dc1-spine1.yml | 290 +- .../structured_configs/dc1-spine2.yml | 284 +- .../structured_configs/dc1-svc-leaf1a.yml | 344 +- .../structured_configs/dc1-svc-leaf1b.yml | 344 +- .../intended/structured_configs/dc1-wan1.yml | 696 +- .../intended/structured_configs/dc1-wan2.yml | 698 +- .../structured_configs/dc2-leaf1a.yml | 646 +- .../structured_configs/dc2-leaf1b.yml | 646 +- .../structured_configs/dc2-leaf1c.yml | 112 +- .../structured_configs/dc2-leaf2a.yml | 726 +- .../structured_configs/dc2-leaf2b.yml | 726 +- .../structured_configs/dc2-leaf2c.yml | 112 +- .../dc2-leaf3a.arista.com.yml | 724 +- .../dc2-leaf3b.arista.com.yml | 622 +- .../structured_configs/dc2-spine1.yml | 278 +- .../structured_configs/dc2-spine2.yml | 278 +- .../intended/structured_configs/DC1-BL1A.yml | 688 +- .../intended/structured_configs/DC1-BL1B.yml | 688 +- .../structured_configs/DC1-L2LEAF1A.yml | 236 +- .../structured_configs/DC1-L2LEAF1B.yml | 236 +- .../structured_configs/DC1-L2LEAF2A.yml | 244 +- .../structured_configs/DC1-L2LEAF2B.yml | 244 +- .../structured_configs/DC1-L2LEAF3A.yml | 138 +- .../structured_configs/DC1-LEAF1A.yml | 548 +- .../structured_configs/DC1-LEAF2A.yml | 1090 +-- .../structured_configs/DC1-LEAF2B.yml | 1090 +-- .../structured_configs/DC1-SPINE1.yml | 374 +- .../structured_configs/DC1-SPINE2.yml | 374 +- .../structured_configs/DC1-SPINE3.yml | 374 +- .../structured_configs/DC1-SPINE4.yml | 374 +- .../intended/structured_configs/DC1-SVC3A.yml | 2446 +++--- .../intended/structured_configs/DC1-SVC3B.yml | 2446 +++--- .../intended/structured_configs/DC1-BL1A.yml | 398 +- .../intended/structured_configs/DC1-BL1B.yml | 386 +- .../structured_configs/DC1-L2LEAF1A.yml | 112 +- .../structured_configs/DC1-L2LEAF2A.yml | 192 +- .../structured_configs/DC1-L2LEAF2B.yml | 192 +- .../structured_configs/DC1-LEAF1A.yml | 288 +- .../structured_configs/DC1-LEAF2A.yml | 410 +- .../structured_configs/DC1-LEAF2B.yml | 410 +- .../structured_configs/DC1-SPINE1.yml | 312 +- .../structured_configs/DC1-SPINE2.yml | 180 +- .../structured_configs/DC1-SPINE3.yml | 180 +- .../structured_configs/DC1-SPINE4.yml | 312 +- .../intended/structured_configs/DC1-SVC3A.yml | 394 +- .../intended/structured_configs/DC1-SVC3B.yml | 394 +- .../intended/structured_configs/DC1-BL1A.yml | 388 +- .../intended/structured_configs/DC1-BL1B.yml | 388 +- .../structured_configs/DC1-L2LEAF1A.yml | 112 +- .../structured_configs/DC1-L2LEAF2A.yml | 198 +- .../structured_configs/DC1-L2LEAF2B.yml | 198 +- .../structured_configs/DC1-LEAF1A.yml | 292 +- .../structured_configs/DC1-LEAF2A.yml | 632 +- .../structured_configs/DC1-LEAF2B.yml | 632 +- .../structured_configs/DC1-SPINE1.yml | 326 +- .../structured_configs/DC1-SPINE2.yml | 326 +- .../structured_configs/DC1-SPINE3.yml | 326 +- .../structured_configs/DC1-SPINE4.yml | 326 +- .../intended/structured_configs/DC1-SVC3A.yml | 570 +- .../intended/structured_configs/DC1-SVC3B.yml | 570 +- .../intended/structured_configs/DC1-BL1A.yml | 662 +- .../intended/structured_configs/DC1-BL1B.yml | 650 +- .../structured_configs/DC1-L2LEAF1A.yml | 118 +- .../structured_configs/DC1-L2LEAF2A.yml | 230 +- .../structured_configs/DC1-L2LEAF2B.yml | 230 +- .../structured_configs/DC1-LEAF1A.yml | 558 +- .../structured_configs/DC1-LEAF2A.yml | 1266 +-- .../structured_configs/DC1-LEAF2B.yml | 1266 +-- .../structured_configs/DC1-LEAF3A.yml | 1058 +-- .../structured_configs/DC1-LEAF3B.yml | 1058 +-- .../structured_configs/DC1-LEAF4A.yml | 974 +-- .../structured_configs/DC1-LEAF4B.yml | 974 +-- .../structured_configs/DC1-SPINE1.yml | 414 +- .../structured_configs/DC1-SPINE2.yml | 414 +- .../structured_configs/DC1-SPINE3.yml | 414 +- .../structured_configs/DC1-SPINE4.yml | 414 +- .../structured_configs/DC1-SPINE5.yml | 328 +- .../structured_configs/DC1-SPINE6.yml | 274 +- .../intended/structured_configs/DC1-SVC3A.yml | 1916 ++--- .../intended/structured_configs/DC1-SVC3B.yml | 1828 ++--- .../action/eos_designs_structured_config.py | 50 +- .../filter_hide_passwords/tasks/main.yml | 4 +- .../targets/filter_password/tasks/main.yml | 30 +- .../targets/vars_global_vars/playbook.yml | 26 +- ...igns_structured_config_test_with_dest.json | 2 +- ...signs_structured_config_test_with_dest.yml | 24 +- development/compare.py | 31 +- pylintrc | 1 + pyproject.toml | 1 + .../structured_config/__init__.py | 56 +- .../structured_config/base/__init__.py | 12 +- .../connected_endpoints/__init__.py | 11 +- .../ethernet_interfaces.py | 6 +- .../port_channel_interfaces.py | 5 +- .../core_interfaces_and_l3_edge/__init__.py | 6 +- .../core_interfaces_and_l3_edge/utils.py | 16 +- .../__init__.py | 138 +- .../structured_config/flows/__init__.py | 34 +- .../inband_management/__init__.py | 4 +- .../structured_config/metadata/__init__.py | 4 +- .../metadata/cv_pathfinder.py | 96 +- .../structured_config/metadata/cv_tags.py | 23 +- .../structured_config/mlag/__init__.py | 42 +- .../network_services/__init__.py | 10 +- .../network_services/eos_cli.py | 4 +- .../network_services/ethernet_interfaces.py | 6 +- .../network_services/router_bgp.py | 29 +- .../network_services/struct_cfgs.py | 20 +- .../network_services/vlan_interfaces.py | 7 +- .../structured_config/overlay/__init__.py | 10 +- .../structured_config/overlay/router_bgp.py | 7 +- .../structured_config_generator.py | 72 + .../structured_config/underlay/__init__.py | 6 +- .../underlay/dhcp_servers.py | 39 +- .../underlay/ethernet_interfaces.py | 6 +- .../underlay/port_channel_interfaces.py | 6 +- .../structured_config/underlay/router_bgp.py | 6 +- .../structured_config/underlay/utils.py | 15 +- python-avd/pyavd/_schema/models/avd_base.py | 30 +- .../pyavd/_schema/models/avd_indexed_list.py | 46 +- python-avd/pyavd/_schema/models/avd_list.py | 45 +- python-avd/pyavd/_schema/models/avd_model.py | 46 +- python-avd/pyavd/_utils/get.py | 16 +- .../pyavd/get_device_structured_config.py | 4 +- .../generate_classes/class_src_gen.py | 1 - .../pyavd/schema/data_merging.schema.yml | 17 + .../pyavd/schema/data_merging_schema_class.py | 78 + .../tests/pyavd/schema/test_avdschema.py | 10 +- .../tests/pyavd/schema/test_data_merging.py | 89 + 557 files changed, 109953 insertions(+), 109741 deletions(-) create mode 100644 python-avd/pyavd/_eos_designs/structured_config/structured_config_generator.py create mode 100644 python-avd/tests/pyavd/schema/data_merging.schema.yml create mode 100644 python-avd/tests/pyavd/schema/data_merging_schema_class.py create mode 100644 python-avd/tests/pyavd/schema/test_data_merging.py diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1A.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1A.yml index 889e3869ef0..c15f90c5f3a 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1A.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1A.yml @@ -1,145 +1,37 @@ -hostname: LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.103/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 110 - name: IDF1-Data - tenant: MY_FABRIC -- id: 120 - name: IDF1-Voice - tenant: MY_FABRIC -- id: 130 - name: IDF1-Guest - tenant: MY_FABRIC -- id: 10 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.4/31 -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.6/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel53 - description: MLAG_LEAF1B_Port-Channel53 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel51 - description: L2_SPINES_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,110,120,130 - shutdown: false - mlag: 51 ethernet_interfaces: - name: Ethernet53 - peer: LEAF1B - peer_interface: Ethernet53 - peer_type: mlag_peer description: MLAG_LEAF1B_Ethernet53 shutdown: false channel_group: id: 53 mode: active -- name: Ethernet54 peer: LEAF1B - peer_interface: Ethernet54 + peer_interface: Ethernet53 peer_type: mlag_peer +- name: Ethernet54 description: MLAG_LEAF1B_Ethernet54 shutdown: false channel_group: id: 53 mode: active + peer: LEAF1B + peer_interface: Ethernet54 + peer_type: mlag_peer - name: Ethernet51 - peer: SPINE1 - peer_interface: Ethernet1 - peer_type: l3spine description: L2_SPINE1_Ethernet1 shutdown: false channel_group: id: 51 mode: active + peer: SPINE1 + peer_interface: Ethernet1 + peer_type: l3spine - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -159,6 +51,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -167,11 +63,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -191,6 +83,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -199,11 +95,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -223,6 +115,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -231,11 +127,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -255,6 +147,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -263,11 +159,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -287,6 +179,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -295,11 +191,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -319,6 +211,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -327,11 +223,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -351,6 +243,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -359,11 +255,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -383,6 +275,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -391,11 +287,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -415,6 +307,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -423,11 +319,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -447,6 +339,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -455,11 +351,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -479,6 +371,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -487,11 +383,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -511,6 +403,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -519,11 +415,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -543,6 +435,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -551,11 +447,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -575,6 +467,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -583,11 +479,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -607,6 +499,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -615,11 +511,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -639,6 +531,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -647,11 +543,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -671,6 +563,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -679,11 +575,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -703,6 +595,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -711,11 +607,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -735,6 +627,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -743,11 +639,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -767,6 +659,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -775,11 +671,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -799,6 +691,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -807,11 +703,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -831,6 +723,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -839,11 +735,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -863,6 +755,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -871,11 +767,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -895,6 +787,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -903,11 +799,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -927,6 +819,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -935,11 +831,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -959,6 +851,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -967,11 +863,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -991,6 +883,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -999,11 +895,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1023,6 +915,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1031,11 +927,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1055,6 +947,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1063,11 +959,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1087,6 +979,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1095,11 +991,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1119,6 +1011,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1127,11 +1023,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1151,6 +1043,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1159,11 +1055,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1183,6 +1075,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1191,11 +1087,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1215,6 +1107,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1223,11 +1119,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1247,6 +1139,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1255,11 +1151,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1279,6 +1171,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1287,11 +1183,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1311,6 +1203,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1319,11 +1215,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1343,6 +1235,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1351,11 +1247,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1375,6 +1267,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1383,11 +1279,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1407,6 +1299,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1415,11 +1311,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1439,6 +1331,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1447,11 +1343,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1471,6 +1363,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1479,11 +1375,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1503,6 +1395,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1511,11 +1407,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1535,6 +1427,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1543,11 +1439,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1567,6 +1459,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1575,11 +1471,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1599,6 +1491,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1607,11 +1503,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1631,6 +1523,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1639,11 +1535,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1663,6 +1555,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1671,8 +1567,34 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.103/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab mlag_configuration: domain_id: IDF1 local_interface: Vlan4094 @@ -1680,7 +1602,85 @@ mlag_configuration: peer_link: Port-Channel53 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel53 + description: MLAG_LEAF1B_Port-Channel53 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel51 + description: L2_SPINES_Port-Channel1 + shutdown: false + mlag: 51 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,110,120,130 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.0.4/31 + mtu: 1500 + no_autostate: true +- name: Vlan10 + description: Inband Management + shutdown: false + ip_address: 10.10.10.6/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 110 + name: IDF1-Data + tenant: MY_FABRIC +- id: 120 + name: IDF1-Voice + tenant: MY_FABRIC +- id: 130 + name: IDF1-Guest + tenant: MY_FABRIC +- id: 10 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1B.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1B.yml index bce856bf86e..fc856a2f77c 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1B.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF1B.yml @@ -1,145 +1,37 @@ -hostname: LEAF1B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.104/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 110 - name: IDF1-Data - tenant: MY_FABRIC -- id: 120 - name: IDF1-Voice - tenant: MY_FABRIC -- id: 130 - name: IDF1-Guest - tenant: MY_FABRIC -- id: 10 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.5/31 -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.7/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel53 - description: MLAG_LEAF1A_Port-Channel53 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel51 - description: L2_SPINES_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,110,120,130 - shutdown: false - mlag: 51 ethernet_interfaces: - name: Ethernet53 - peer: LEAF1A - peer_interface: Ethernet53 - peer_type: mlag_peer description: MLAG_LEAF1A_Ethernet53 shutdown: false channel_group: id: 53 mode: active -- name: Ethernet54 peer: LEAF1A - peer_interface: Ethernet54 + peer_interface: Ethernet53 peer_type: mlag_peer +- name: Ethernet54 description: MLAG_LEAF1A_Ethernet54 shutdown: false channel_group: id: 53 mode: active + peer: LEAF1A + peer_interface: Ethernet54 + peer_type: mlag_peer - name: Ethernet51 - peer: SPINE2 - peer_interface: Ethernet1 - peer_type: l3spine description: L2_SPINE2_Ethernet1 shutdown: false channel_group: id: 51 mode: active + peer: SPINE2 + peer_interface: Ethernet1 + peer_type: l3spine - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -159,6 +51,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -167,11 +63,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -191,6 +83,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -199,11 +95,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -223,6 +115,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -231,11 +127,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -255,6 +147,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -263,11 +159,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -287,6 +179,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -295,11 +191,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -319,6 +211,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -327,11 +223,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -351,6 +243,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -359,11 +255,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -383,6 +275,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -391,11 +287,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -415,6 +307,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -423,11 +319,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -447,6 +339,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -455,11 +351,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -479,6 +371,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -487,11 +383,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -511,6 +403,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -519,11 +415,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -543,6 +435,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -551,11 +447,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -575,6 +467,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -583,11 +479,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -607,6 +499,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -615,11 +511,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -639,6 +531,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -647,11 +543,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -671,6 +563,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -679,11 +575,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -703,6 +595,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -711,11 +607,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -735,6 +627,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -743,11 +639,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -767,6 +659,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -775,11 +671,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -799,6 +691,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -807,11 +703,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -831,6 +723,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -839,11 +735,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -863,6 +755,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -871,11 +767,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -895,6 +787,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -903,11 +799,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -927,6 +819,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -935,11 +831,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -959,6 +851,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -967,11 +863,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -991,6 +883,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -999,11 +895,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1023,6 +915,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1031,11 +927,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1055,6 +947,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1063,11 +959,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1087,6 +979,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1095,11 +991,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1119,6 +1011,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1127,11 +1023,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1151,6 +1043,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1159,11 +1055,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1183,6 +1075,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1191,11 +1087,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1215,6 +1107,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1223,11 +1119,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1247,6 +1139,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1255,11 +1151,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1279,6 +1171,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1287,11 +1183,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1311,6 +1203,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1319,11 +1215,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1343,6 +1235,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1351,11 +1247,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1375,6 +1267,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1383,11 +1279,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1407,6 +1299,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1415,11 +1311,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1439,6 +1331,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1447,11 +1343,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1471,6 +1363,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1479,11 +1375,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1503,6 +1395,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1511,11 +1407,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1535,6 +1427,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1543,11 +1439,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1567,6 +1459,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1575,11 +1471,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1599,6 +1491,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1607,11 +1503,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1631,6 +1523,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1639,11 +1535,7 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF1 Standard Port shutdown: false dot1x: @@ -1663,6 +1555,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1671,8 +1567,34 @@ ethernet_interfaces: phone: vlan: 120 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.104/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab mlag_configuration: domain_id: IDF1 local_interface: Vlan4094 @@ -1680,7 +1602,85 @@ mlag_configuration: peer_link: Port-Channel53 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel53 + description: MLAG_LEAF1A_Port-Channel53 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel51 + description: L2_SPINES_Port-Channel1 + shutdown: false + mlag: 51 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,110,120,130 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.0.5/31 + mtu: 1500 + no_autostate: true +- name: Vlan10 + description: Inband Management + shutdown: false + ip_address: 10.10.10.7/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 110 + name: IDF1-Data + tenant: MY_FABRIC +- id: 120 + name: IDF1-Voice + tenant: MY_FABRIC +- id: 130 + name: IDF1-Guest + tenant: MY_FABRIC +- id: 10 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF2A.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF2A.yml index 7e39c4ddb0a..5c68e924ffb 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF2A.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF2A.yml @@ -1,87 +1,40 @@ -hostname: LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.105/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT ethernet_interfaces: - name: Ethernet1/1 - peer: SPINE1 - peer_interface: Ethernet49/1 - peer_type: l3spine description: L2_SPINE1_Ethernet49/1 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet1/3 - peer: SPINE2 + peer: SPINE1 peer_interface: Ethernet49/1 peer_type: l3spine +- name: Ethernet1/3 description: L2_SPINE2_Ethernet49/1 shutdown: false channel_group: id: 11 mode: active + peer: SPINE2 + peer_interface: Ethernet49/1 + peer_type: l3spine - name: Ethernet3/1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -99,16 +52,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -117,13 +64,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -141,16 +94,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -159,13 +106,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -183,16 +136,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -201,13 +148,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -225,16 +178,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -243,13 +190,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -267,16 +220,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -285,13 +232,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -309,16 +262,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -327,13 +274,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -351,17 +304,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -369,13 +316,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -393,16 +346,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -411,13 +358,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -435,16 +388,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -453,13 +400,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -477,16 +430,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -495,13 +442,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -519,16 +472,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -537,13 +484,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -561,16 +514,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -579,13 +526,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -603,16 +556,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -621,13 +568,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -645,16 +598,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -663,13 +610,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -687,16 +640,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -705,13 +652,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -729,31 +682,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -771,16 +724,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -789,13 +736,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -813,16 +766,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -831,13 +778,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -855,16 +808,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -873,13 +820,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -897,16 +850,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -915,13 +862,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -939,16 +892,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -957,13 +904,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -981,16 +934,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -999,13 +946,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1023,16 +976,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1041,13 +988,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1065,16 +1018,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1083,13 +1030,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1107,17 +1060,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -1125,13 +1072,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1149,16 +1102,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1167,13 +1114,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1191,16 +1144,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1209,13 +1156,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1233,16 +1186,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1251,13 +1198,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1275,16 +1228,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1293,13 +1240,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1317,16 +1270,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1335,13 +1282,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1359,16 +1312,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1377,13 +1324,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1401,16 +1354,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1419,13 +1366,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1443,16 +1396,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1461,13 +1408,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1485,31 +1438,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1527,16 +1480,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1545,13 +1492,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1569,16 +1522,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1587,13 +1534,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1611,16 +1564,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1629,13 +1576,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1653,16 +1606,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1671,13 +1618,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1695,16 +1648,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1713,13 +1660,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1737,16 +1690,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1755,13 +1702,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1779,16 +1732,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1797,13 +1744,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1821,16 +1774,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1839,13 +1786,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1863,17 +1816,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -1881,13 +1828,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1905,16 +1858,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1923,13 +1870,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1947,16 +1900,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1965,13 +1912,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -1989,16 +1942,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2007,13 +1954,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2031,16 +1984,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2049,13 +1996,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3/48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2073,16 +2026,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2091,13 +2038,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2115,16 +2068,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2133,13 +2080,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2157,16 +2110,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2175,13 +2122,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2199,16 +2152,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2217,13 +2164,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2241,31 +2194,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2283,16 +2236,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2301,13 +2248,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2325,16 +2278,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2343,13 +2290,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2367,16 +2320,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2385,13 +2332,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2409,16 +2362,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2427,13 +2374,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2451,16 +2404,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2469,13 +2416,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2493,16 +2446,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2511,13 +2458,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2535,16 +2488,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2553,13 +2500,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2577,16 +2530,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2595,13 +2542,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2619,17 +2572,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -2637,13 +2584,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2661,16 +2614,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2679,13 +2626,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2703,16 +2656,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2721,13 +2668,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2745,16 +2698,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2763,13 +2710,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2787,16 +2740,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2805,13 +2752,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2829,16 +2782,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2847,13 +2794,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2871,16 +2824,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2889,13 +2836,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2913,16 +2866,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2931,13 +2878,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2955,16 +2908,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2973,13 +2920,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -2997,31 +2950,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3039,16 +2992,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3057,13 +3004,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3081,16 +3034,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3099,13 +3046,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3123,16 +3076,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3141,13 +3088,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3165,16 +3118,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3183,13 +3130,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3207,16 +3160,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3225,13 +3172,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3249,16 +3202,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3267,13 +3214,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3291,16 +3244,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3309,13 +3256,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3333,16 +3286,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3351,13 +3298,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3375,17 +3328,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -3393,13 +3340,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3417,16 +3370,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3435,13 +3382,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3459,16 +3412,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3477,13 +3424,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3501,16 +3454,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3519,13 +3466,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3543,16 +3496,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3561,13 +3508,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3585,16 +3538,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3603,13 +3550,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3627,16 +3580,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3645,13 +3592,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3669,16 +3622,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3687,13 +3634,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3711,16 +3664,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3729,13 +3676,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3753,31 +3706,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3795,16 +3748,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3813,13 +3760,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3837,16 +3790,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3855,13 +3802,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3879,16 +3832,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3897,13 +3844,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3921,16 +3874,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3939,13 +3886,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -3963,16 +3916,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3981,13 +3928,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4005,16 +3958,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4023,13 +3970,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4047,16 +4000,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4065,13 +4012,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4/48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4089,16 +4042,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4107,13 +4054,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4131,17 +4084,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -4149,13 +4096,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4173,16 +4126,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4191,13 +4138,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4215,16 +4168,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4233,13 +4180,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4257,16 +4210,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4275,13 +4222,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4299,16 +4252,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4317,13 +4264,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4341,16 +4294,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4359,13 +4306,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4383,16 +4336,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4401,13 +4348,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4425,16 +4378,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4443,13 +4390,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4467,16 +4420,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4485,13 +4432,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4509,31 +4462,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4551,16 +4504,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4569,13 +4516,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4593,16 +4546,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4611,13 +4558,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4635,16 +4588,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4653,13 +4600,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4677,16 +4630,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4695,13 +4642,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4719,16 +4672,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4737,13 +4684,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4761,16 +4714,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4779,13 +4726,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4803,16 +4756,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4821,13 +4768,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4845,16 +4798,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4863,13 +4810,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4887,17 +4840,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -4905,13 +4852,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4929,16 +4882,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4947,13 +4894,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -4971,16 +4924,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -4989,13 +4936,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5013,16 +4966,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5031,13 +4978,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5055,16 +5008,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5073,13 +5020,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5097,16 +5050,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5115,13 +5062,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5139,16 +5092,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5157,13 +5104,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5181,16 +5134,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5199,13 +5146,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5223,16 +5176,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5241,13 +5188,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5265,31 +5218,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5307,16 +5260,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5325,13 +5272,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5349,16 +5302,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5367,13 +5314,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5391,16 +5344,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5409,13 +5356,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5433,16 +5386,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5451,13 +5398,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5475,16 +5428,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5493,13 +5440,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5517,16 +5470,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5535,13 +5482,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5559,16 +5512,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5577,13 +5524,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5601,16 +5554,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5619,13 +5566,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5643,17 +5596,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -5661,13 +5608,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5685,16 +5638,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5703,13 +5650,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5727,16 +5680,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5745,13 +5692,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5769,16 +5722,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5787,13 +5734,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5811,16 +5764,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5829,13 +5776,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5853,16 +5806,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5871,13 +5818,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5895,16 +5848,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5913,13 +5860,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5937,16 +5890,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5955,13 +5902,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -5979,16 +5932,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -5997,13 +5944,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6021,31 +5974,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6063,16 +6016,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6081,13 +6028,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5/48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6105,16 +6058,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6123,13 +6070,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6147,16 +6100,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6165,13 +6112,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6189,16 +6142,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6207,13 +6154,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6231,16 +6184,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6249,13 +6196,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6273,16 +6226,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6291,13 +6238,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6315,16 +6268,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6333,13 +6280,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6357,16 +6310,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6375,13 +6322,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6399,17 +6352,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -6417,13 +6364,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6441,16 +6394,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6459,13 +6406,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6483,16 +6436,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6501,13 +6448,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6525,16 +6478,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6543,13 +6490,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6567,16 +6520,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6585,13 +6532,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6609,16 +6562,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6627,13 +6574,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6651,16 +6604,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6669,13 +6616,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6693,16 +6646,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6711,13 +6658,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6735,16 +6688,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6753,13 +6700,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6777,31 +6730,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6819,16 +6772,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6837,13 +6784,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6861,16 +6814,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6879,13 +6826,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6903,16 +6856,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6921,13 +6868,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6945,16 +6898,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -6963,13 +6910,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -6987,16 +6940,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7005,13 +6952,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7029,16 +6982,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7047,13 +6994,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7071,16 +7024,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7089,13 +7036,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7113,16 +7066,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7131,13 +7078,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7155,17 +7108,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -7173,13 +7120,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7197,16 +7150,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7215,13 +7162,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7239,16 +7192,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7257,13 +7204,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7281,16 +7234,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7299,13 +7246,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7323,16 +7276,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7341,13 +7288,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7365,16 +7318,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7383,13 +7330,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7407,16 +7360,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7425,13 +7372,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7449,16 +7402,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7467,13 +7414,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7491,16 +7444,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7509,13 +7456,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7533,31 +7486,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7575,16 +7528,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7593,13 +7540,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7617,16 +7570,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7635,13 +7582,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7659,16 +7612,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7677,13 +7624,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7701,16 +7654,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7719,13 +7666,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7743,16 +7696,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7761,13 +7708,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7785,16 +7738,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7803,13 +7750,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7827,16 +7780,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7845,13 +7792,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7869,16 +7822,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7887,13 +7834,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7911,17 +7864,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -7929,13 +7876,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7953,16 +7906,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -7971,13 +7918,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -7995,16 +7948,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8013,13 +7960,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8037,16 +7990,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8055,13 +8002,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8079,16 +8032,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8097,13 +8044,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6/48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8121,16 +8074,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8139,13 +8086,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8163,16 +8116,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8181,13 +8128,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8205,16 +8158,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8223,13 +8170,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8247,16 +8200,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8265,13 +8212,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8289,31 +8242,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8331,16 +8284,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8349,13 +8296,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8373,16 +8326,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8391,13 +8338,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8415,16 +8368,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8433,13 +8380,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8457,16 +8410,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8475,13 +8422,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8499,16 +8452,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8517,13 +8464,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8541,16 +8494,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8559,13 +8506,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8583,16 +8536,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8601,13 +8548,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8625,16 +8578,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8643,13 +8590,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8667,17 +8620,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -8685,13 +8632,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8709,16 +8662,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8727,13 +8674,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8751,16 +8704,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8769,13 +8716,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8793,16 +8746,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8811,13 +8758,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8835,16 +8788,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8853,13 +8800,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8877,16 +8830,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8895,13 +8842,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8919,16 +8872,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8937,13 +8884,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -8961,16 +8914,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -8979,13 +8926,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9003,16 +8956,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9021,13 +8968,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9045,31 +8998,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9087,16 +9040,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9105,13 +9052,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9129,16 +9082,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9147,13 +9094,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9171,16 +9124,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9189,13 +9136,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9213,16 +9166,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9231,13 +9178,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9255,16 +9208,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9273,13 +9220,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9297,16 +9250,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9315,13 +9262,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9339,16 +9292,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9357,13 +9304,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9381,16 +9334,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9399,13 +9346,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9423,17 +9376,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: enabled: true mode: trunk phone trunk: @@ -9441,13 +9388,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9465,16 +9418,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9483,13 +9430,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9507,16 +9460,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9525,13 +9472,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9549,16 +9502,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9567,13 +9514,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9591,16 +9544,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9609,13 +9556,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9633,16 +9586,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9651,13 +9598,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9675,16 +9628,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9693,13 +9640,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9717,16 +9670,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9735,13 +9682,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9759,16 +9712,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9777,13 +9724,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9801,31 +9754,31 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 - switchport: - enabled: true - mode: trunk phone + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X + switchport: + enabled: true + mode: trunk phone trunk: native_vlan: 210 phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9843,16 +9796,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9861,13 +9808,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9885,16 +9838,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9903,13 +9850,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9927,16 +9880,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9945,13 +9892,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -9969,16 +9922,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -9987,13 +9934,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -10011,16 +9964,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -10029,13 +9976,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -10053,16 +10006,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -10071,13 +10018,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -10095,16 +10048,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -10113,13 +10060,19 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7/48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF2 Standard Port shutdown: false + poe: + priority: critical + reboot: + action: maintain + link_down: + action: maintain + shutdown: + action: power-off + limit: + class: 4 dot1x: port_control: auto reauthentication: true @@ -10137,16 +10090,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 - poe: - priority: critical - reboot: - action: maintain - link_down: - action: maintain - shutdown: - action: power-off - limit: - class: 4 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -10155,17 +10102,78 @@ ethernet_interfaces: phone: vlan: 220 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF2A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.105/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: 720XP +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT port_channel_interfaces: - name: Port-Channel11 description: L2_SPINES_Port-Channel491 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,210,220,230 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan10 + description: Inband Management shutdown: false + ip_address: 10.10.10.8/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 210 name: IDF2-Data @@ -10177,16 +10185,8 @@ vlans: name: IDF2-Guest tenant: MY_FABRIC - id: 10 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.8/24 - type: inband_mgmt -metadata: - platform: 720XP + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3A.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3A.yml index 6f2c70c56db..45dd44b5352 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3A.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3A.yml @@ -1,208 +1,73 @@ -hostname: LEAF3A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.106/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 310 - name: IDF3-Data - tenant: MY_FABRIC -- id: 320 - name: IDF3-Voice - tenant: MY_FABRIC -- id: 330 - name: IDF3-Guest - tenant: MY_FABRIC -- id: 10 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.10/31 -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.9/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel983 - description: MLAG_LEAF3B_Port-Channel983 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel971 - description: L2_SPINES_Port-Channel501 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 971 -- name: Port-Channel973 - description: L2_LEAF3C_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 973 -- name: Port-Channel974 - description: L2_LEAF3D_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 974 -- name: Port-Channel981 - description: L2_LEAF3E_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 981 ethernet_interfaces: - name: Ethernet98/3 - peer: LEAF3B - peer_interface: Ethernet98/3 - peer_type: mlag_peer description: MLAG_LEAF3B_Ethernet98/3 shutdown: false channel_group: id: 983 mode: active -- name: Ethernet98/4 peer: LEAF3B - peer_interface: Ethernet98/4 + peer_interface: Ethernet98/3 peer_type: mlag_peer +- name: Ethernet98/4 description: MLAG_LEAF3B_Ethernet98/4 shutdown: false channel_group: id: 983 mode: active + peer: LEAF3B + peer_interface: Ethernet98/4 + peer_type: mlag_peer - name: Ethernet97/1 - peer: SPINE1 - peer_interface: Ethernet50/1 - peer_type: l3spine description: L2_SPINE1_Ethernet50/1 shutdown: false channel_group: id: 971 mode: active -- name: Ethernet97/2 - peer: SPINE2 + peer: SPINE1 peer_interface: Ethernet50/1 peer_type: l3spine +- name: Ethernet97/2 description: L2_SPINE2_Ethernet50/1 shutdown: false channel_group: id: 971 mode: active + peer: SPINE2 + peer_interface: Ethernet50/1 + peer_type: l3spine - name: Ethernet97/3 - peer: LEAF3C - peer_interface: Ethernet97/1 - peer_type: l2leaf description: L2_LEAF3C_Ethernet97/1 shutdown: false channel_group: id: 973 mode: active -- name: Ethernet97/4 - peer: LEAF3D + peer: LEAF3C peer_interface: Ethernet97/1 peer_type: l2leaf +- name: Ethernet97/4 description: L2_LEAF3D_Ethernet97/1 shutdown: false channel_group: id: 974 mode: active -- name: Ethernet98/1 - peer: LEAF3E + peer: LEAF3D peer_interface: Ethernet97/1 peer_type: l2leaf +- name: Ethernet98/1 description: L2_LEAF3E_Ethernet97/1 shutdown: false channel_group: id: 981 mode: active + peer: LEAF3E + peer_interface: Ethernet97/1 + peer_type: l2leaf - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -222,6 +87,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -230,11 +99,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -254,6 +119,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -262,11 +131,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -286,6 +151,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -294,11 +163,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -318,6 +183,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -326,11 +195,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -350,6 +215,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -358,11 +227,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -382,6 +247,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -390,11 +259,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -414,6 +279,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -422,11 +291,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -446,6 +311,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -454,11 +323,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -478,6 +343,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -486,11 +355,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -510,6 +375,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -518,11 +387,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -542,6 +407,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -550,11 +419,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -574,6 +439,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -582,11 +451,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -606,6 +471,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -614,11 +483,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -638,6 +503,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -646,11 +515,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -670,6 +535,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -678,11 +547,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -702,6 +567,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -710,11 +579,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -734,6 +599,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -742,11 +611,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -766,6 +631,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -774,11 +643,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -798,6 +663,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -806,11 +675,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -830,6 +695,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -838,11 +707,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -862,6 +727,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -870,11 +739,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -894,6 +759,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -902,11 +771,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -926,6 +791,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -934,11 +803,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -958,6 +823,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -966,11 +835,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -990,6 +855,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -998,11 +867,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1022,6 +887,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1030,11 +899,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1054,6 +919,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1062,11 +931,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1086,6 +951,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1094,11 +963,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1118,6 +983,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1126,11 +995,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1150,6 +1015,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1158,11 +1027,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1182,6 +1047,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1190,11 +1059,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1214,6 +1079,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1222,11 +1091,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1246,6 +1111,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1254,11 +1123,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1278,6 +1143,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1286,11 +1155,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1310,6 +1175,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1318,11 +1187,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1342,6 +1207,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1350,11 +1219,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1374,6 +1239,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1382,11 +1251,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1406,6 +1271,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1414,11 +1283,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1438,6 +1303,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1446,11 +1315,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1470,6 +1335,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1478,11 +1347,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1502,6 +1367,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1510,11 +1379,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1534,6 +1399,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1542,11 +1411,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1566,6 +1431,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1574,11 +1443,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1598,6 +1463,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1606,11 +1475,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1630,6 +1495,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1638,11 +1507,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1662,6 +1527,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1670,11 +1539,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1694,6 +1559,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1702,11 +1571,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1726,6 +1591,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1734,11 +1603,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet49 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1758,6 +1623,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1766,11 +1635,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet50 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1790,6 +1655,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1798,11 +1667,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet51 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1822,6 +1687,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1830,11 +1699,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet52 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1854,6 +1719,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1862,11 +1731,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet53 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1886,6 +1751,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1894,11 +1763,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet54 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1918,6 +1783,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1926,11 +1795,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet55 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1950,6 +1815,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1958,11 +1827,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet56 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1982,6 +1847,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1990,11 +1859,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet57 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2014,6 +1879,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2022,11 +1891,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet58 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2046,6 +1911,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2054,11 +1923,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet59 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2078,6 +1943,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2086,11 +1955,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet60 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2110,6 +1975,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2118,11 +1987,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet61 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2142,6 +2007,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2150,11 +2019,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet62 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2174,6 +2039,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2182,11 +2051,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet63 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2206,6 +2071,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2214,11 +2083,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet64 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2238,6 +2103,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2246,11 +2115,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet65 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2270,6 +2135,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2278,11 +2147,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet66 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2302,6 +2167,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2310,11 +2179,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet67 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2334,6 +2199,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2342,11 +2211,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet68 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2366,6 +2231,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2374,11 +2243,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet69 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2398,6 +2263,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2406,11 +2275,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet70 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2430,6 +2295,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2438,11 +2307,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet71 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2462,6 +2327,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2470,11 +2339,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet72 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2494,6 +2359,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2502,11 +2371,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet73 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2526,6 +2391,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2534,11 +2403,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet74 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2558,6 +2423,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2566,11 +2435,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet75 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2590,6 +2455,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2598,11 +2467,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet76 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2622,6 +2487,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2630,11 +2499,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet77 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2654,6 +2519,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2662,11 +2531,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet78 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2686,6 +2551,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2694,11 +2563,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet79 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2718,6 +2583,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2726,11 +2595,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet80 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2750,6 +2615,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2758,11 +2627,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet81 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2782,6 +2647,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2790,11 +2659,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet82 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2814,6 +2679,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2822,11 +2691,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet83 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2846,6 +2711,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2854,11 +2723,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet84 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2878,6 +2743,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2886,11 +2755,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet85 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2910,6 +2775,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2918,11 +2787,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet86 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2942,6 +2807,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2950,11 +2819,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet87 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2974,6 +2839,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2982,11 +2851,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet88 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3006,6 +2871,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3014,11 +2883,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet89 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3038,6 +2903,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3046,11 +2915,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet90 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3070,6 +2935,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3078,11 +2947,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet91 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3102,6 +2967,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3110,11 +2979,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet92 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3134,6 +2999,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3142,11 +3011,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet93 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3166,6 +3031,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3174,11 +3043,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet94 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3198,6 +3063,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3206,11 +3075,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet95 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3230,6 +3095,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3238,11 +3107,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet96 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3262,6 +3127,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3270,8 +3139,34 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF3A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.106/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab mlag_configuration: domain_id: IDF3_AGG local_interface: Vlan4094 @@ -3279,7 +3174,112 @@ mlag_configuration: peer_link: Port-Channel983 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel983 + description: MLAG_LEAF3B_Port-Channel983 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel971 + description: L2_SPINES_Port-Channel501 + shutdown: false + mlag: 971 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +- name: Port-Channel973 + description: L2_LEAF3C_Port-Channel971 + shutdown: false + mlag: 973 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +- name: Port-Channel974 + description: L2_LEAF3D_Port-Channel971 + shutdown: false + mlag: 974 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +- name: Port-Channel981 + description: L2_LEAF3E_Port-Channel971 + shutdown: false + mlag: 981 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.0.10/31 + mtu: 1500 + no_autostate: true +- name: Vlan10 + description: Inband Management + shutdown: false + ip_address: 10.10.10.9/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 310 + name: IDF3-Data + tenant: MY_FABRIC +- id: 320 + name: IDF3-Voice + tenant: MY_FABRIC +- id: 330 + name: IDF3-Guest + tenant: MY_FABRIC +- id: 10 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3B.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3B.yml index f58464881c4..12afcbb8da6 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3B.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3B.yml @@ -1,208 +1,73 @@ -hostname: LEAF3B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.107/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 310 - name: IDF3-Data - tenant: MY_FABRIC -- id: 320 - name: IDF3-Voice - tenant: MY_FABRIC -- id: 330 - name: IDF3-Guest - tenant: MY_FABRIC -- id: 10 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.11/31 -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.10/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel983 - description: MLAG_LEAF3A_Port-Channel983 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel971 - description: L2_SPINES_Port-Channel501 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 971 -- name: Port-Channel973 - description: L2_LEAF3C_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 973 -- name: Port-Channel974 - description: L2_LEAF3D_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 974 -- name: Port-Channel981 - description: L2_LEAF3E_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 981 ethernet_interfaces: - name: Ethernet98/3 - peer: LEAF3A - peer_interface: Ethernet98/3 - peer_type: mlag_peer description: MLAG_LEAF3A_Ethernet98/3 shutdown: false channel_group: id: 983 mode: active -- name: Ethernet98/4 peer: LEAF3A - peer_interface: Ethernet98/4 + peer_interface: Ethernet98/3 peer_type: mlag_peer +- name: Ethernet98/4 description: MLAG_LEAF3A_Ethernet98/4 shutdown: false channel_group: id: 983 mode: active + peer: LEAF3A + peer_interface: Ethernet98/4 + peer_type: mlag_peer - name: Ethernet97/1 - peer: SPINE1 - peer_interface: Ethernet51/1 - peer_type: l3spine description: L2_SPINE1_Ethernet51/1 shutdown: false channel_group: id: 971 mode: active -- name: Ethernet97/2 - peer: SPINE2 + peer: SPINE1 peer_interface: Ethernet51/1 peer_type: l3spine +- name: Ethernet97/2 description: L2_SPINE2_Ethernet51/1 shutdown: false channel_group: id: 971 mode: active + peer: SPINE2 + peer_interface: Ethernet51/1 + peer_type: l3spine - name: Ethernet97/3 - peer: LEAF3C - peer_interface: Ethernet97/2 - peer_type: l2leaf description: L2_LEAF3C_Ethernet97/2 shutdown: false channel_group: id: 973 mode: active -- name: Ethernet97/4 - peer: LEAF3D + peer: LEAF3C peer_interface: Ethernet97/2 peer_type: l2leaf +- name: Ethernet97/4 description: L2_LEAF3D_Ethernet97/2 shutdown: false channel_group: id: 974 mode: active -- name: Ethernet98/1 - peer: LEAF3E + peer: LEAF3D peer_interface: Ethernet97/2 peer_type: l2leaf +- name: Ethernet98/1 description: L2_LEAF3E_Ethernet97/2 shutdown: false channel_group: id: 981 mode: active + peer: LEAF3E + peer_interface: Ethernet97/2 + peer_type: l2leaf - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -222,6 +87,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -230,11 +99,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -254,6 +119,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -262,11 +131,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -286,6 +151,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -294,11 +163,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -318,6 +183,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -326,11 +195,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -350,6 +215,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -358,11 +227,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -382,6 +247,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -390,11 +259,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -414,6 +279,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -422,11 +291,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -446,6 +311,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -454,11 +323,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -478,6 +343,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -486,11 +355,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -510,6 +375,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -518,11 +387,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -542,6 +407,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -550,11 +419,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -574,6 +439,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -582,11 +451,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -606,6 +471,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -614,11 +483,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -638,6 +503,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -646,11 +515,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -670,6 +535,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -678,11 +547,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -702,6 +567,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -710,11 +579,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -734,6 +599,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -742,11 +611,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -766,6 +631,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -774,11 +643,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -798,6 +663,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -806,11 +675,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -830,6 +695,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -838,11 +707,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -862,6 +727,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -870,11 +739,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -894,6 +759,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -902,11 +771,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -926,6 +791,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -934,11 +803,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -958,6 +823,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -966,11 +835,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -990,6 +855,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -998,11 +867,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1022,6 +887,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1030,11 +899,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1054,6 +919,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1062,11 +931,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1086,6 +951,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1094,11 +963,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1118,6 +983,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1126,11 +995,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1150,6 +1015,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1158,11 +1027,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1182,6 +1047,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1190,11 +1059,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1214,6 +1079,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1222,11 +1091,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1246,6 +1111,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1254,11 +1123,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1278,6 +1143,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1286,11 +1155,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1310,6 +1175,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1318,11 +1187,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1342,6 +1207,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1350,11 +1219,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1374,6 +1239,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1382,11 +1251,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1406,6 +1271,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1414,11 +1283,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1438,6 +1303,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1446,11 +1315,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1470,6 +1335,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1478,11 +1347,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1502,6 +1367,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1510,11 +1379,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1534,6 +1399,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1542,11 +1411,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1566,6 +1431,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1574,11 +1443,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1598,6 +1463,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1606,11 +1475,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1630,6 +1495,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1638,11 +1507,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1662,6 +1527,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1670,11 +1539,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1694,6 +1559,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1702,11 +1571,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1726,6 +1591,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1734,11 +1603,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet49 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1758,6 +1623,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1766,11 +1635,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet50 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1790,6 +1655,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1798,11 +1667,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet51 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1822,6 +1687,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1830,11 +1699,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet52 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1854,6 +1719,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1862,11 +1731,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet53 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1886,6 +1751,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1894,11 +1763,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet54 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1918,6 +1783,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1926,11 +1795,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet55 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1950,6 +1815,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1958,11 +1827,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet56 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1982,6 +1847,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1990,11 +1859,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet57 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2014,6 +1879,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2022,11 +1891,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet58 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2046,6 +1911,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2054,11 +1923,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet59 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2078,6 +1943,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2086,11 +1955,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet60 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2110,6 +1975,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2118,11 +1987,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet61 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2142,6 +2007,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2150,11 +2019,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet62 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2174,6 +2039,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2182,11 +2051,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet63 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2206,6 +2071,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2214,11 +2083,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet64 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2238,6 +2103,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2246,11 +2115,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet65 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2270,6 +2135,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2278,11 +2147,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet66 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2302,6 +2167,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2310,11 +2179,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet67 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2334,6 +2199,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2342,11 +2211,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet68 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2366,6 +2231,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2374,11 +2243,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet69 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2398,6 +2263,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2406,11 +2275,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet70 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2430,6 +2295,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2438,11 +2307,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet71 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2462,6 +2327,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2470,11 +2339,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet72 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2494,6 +2359,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2502,11 +2371,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet73 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2526,6 +2391,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2534,11 +2403,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet74 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2558,6 +2423,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2566,11 +2435,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet75 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2590,6 +2455,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2598,11 +2467,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet76 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2622,6 +2487,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2630,11 +2499,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet77 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2654,6 +2519,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2662,11 +2531,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet78 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2686,6 +2551,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2694,11 +2563,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet79 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2718,6 +2583,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2726,11 +2595,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet80 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2750,6 +2615,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2758,11 +2627,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet81 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2782,6 +2647,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2790,11 +2659,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet82 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2814,6 +2679,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2822,11 +2691,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet83 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2846,6 +2711,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2854,11 +2723,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet84 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2878,6 +2743,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2886,11 +2755,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet85 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2910,6 +2775,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2918,11 +2787,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet86 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2942,6 +2807,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2950,11 +2819,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet87 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2974,6 +2839,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2982,11 +2851,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet88 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3006,6 +2871,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3014,11 +2883,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet89 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3038,6 +2903,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3046,11 +2915,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet90 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3070,6 +2935,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3078,11 +2947,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet91 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3102,6 +2967,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3110,11 +2979,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet92 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3134,6 +2999,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3142,11 +3011,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet93 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3166,6 +3031,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3174,11 +3043,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet94 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3198,6 +3063,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3206,11 +3075,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet95 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3230,6 +3095,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3238,11 +3107,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet96 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3262,6 +3127,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3270,8 +3139,34 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF3B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.107/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab mlag_configuration: domain_id: IDF3_AGG local_interface: Vlan4094 @@ -3279,7 +3174,112 @@ mlag_configuration: peer_link: Port-Channel983 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel983 + description: MLAG_LEAF3A_Port-Channel983 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel971 + description: L2_SPINES_Port-Channel501 + shutdown: false + mlag: 971 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +- name: Port-Channel973 + description: L2_LEAF3C_Port-Channel971 + shutdown: false + mlag: 973 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +- name: Port-Channel974 + description: L2_LEAF3D_Port-Channel971 + shutdown: false + mlag: 974 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +- name: Port-Channel981 + description: L2_LEAF3E_Port-Channel971 + shutdown: false + mlag: 981 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.0.11/31 + mtu: 1500 + no_autostate: true +- name: Vlan10 + description: Inband Management + shutdown: false + ip_address: 10.10.10.10/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 310 + name: IDF3-Data + tenant: MY_FABRIC +- id: 320 + name: IDF3-Voice + tenant: MY_FABRIC +- id: 330 + name: IDF3-Guest + tenant: MY_FABRIC +- id: 10 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3C.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3C.yml index 442e0091b9a..15f8e012d38 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3C.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3C.yml @@ -1,85 +1,28 @@ -hostname: LEAF3C -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.108/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT ethernet_interfaces: - name: Ethernet97/1 - peer: LEAF3A - peer_interface: Ethernet97/3 - peer_type: l2leaf description: L2_LEAF3A_Ethernet97/3 shutdown: false channel_group: id: 971 mode: active -- name: Ethernet97/2 - peer: LEAF3B + peer: LEAF3A peer_interface: Ethernet97/3 peer_type: l2leaf +- name: Ethernet97/2 description: L2_LEAF3B_Ethernet97/3 shutdown: false channel_group: id: 971 mode: active + peer: LEAF3B + peer_interface: Ethernet97/3 + peer_type: l2leaf - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -99,6 +42,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -107,11 +54,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -131,6 +74,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -139,11 +86,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -163,6 +106,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -171,11 +118,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -195,6 +138,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -203,11 +150,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -227,6 +170,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -235,11 +182,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -259,6 +202,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -267,11 +214,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -291,6 +234,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -299,11 +246,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -323,6 +266,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -331,11 +278,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -355,6 +298,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -363,11 +310,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -387,6 +330,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -395,11 +342,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -419,6 +362,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -427,11 +374,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -451,6 +394,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -459,11 +406,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -483,6 +426,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -491,11 +438,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -515,6 +458,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -523,11 +470,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -547,6 +490,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -555,11 +502,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -579,6 +522,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -587,11 +534,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -611,6 +554,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -619,11 +566,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -643,6 +586,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -651,11 +598,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -675,6 +618,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -683,11 +630,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -707,6 +650,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -715,11 +662,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -739,6 +682,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -747,11 +694,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -771,6 +714,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -779,11 +726,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -803,6 +746,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -811,11 +758,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -835,6 +778,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -843,11 +790,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -867,6 +810,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -875,11 +822,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -899,6 +842,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -907,11 +854,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -931,6 +874,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -939,11 +886,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -963,6 +906,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -971,11 +918,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -995,6 +938,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1003,11 +950,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1027,6 +970,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1035,11 +982,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1059,6 +1002,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1067,11 +1014,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1091,6 +1034,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1099,11 +1046,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1123,6 +1066,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1131,11 +1078,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1155,6 +1098,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1163,11 +1110,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1187,6 +1130,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1195,11 +1142,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1219,6 +1162,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1227,11 +1174,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1251,6 +1194,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1259,11 +1206,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1283,6 +1226,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1291,11 +1238,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1315,6 +1258,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1323,11 +1270,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1347,6 +1290,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1355,11 +1302,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1379,6 +1322,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1387,11 +1334,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1411,6 +1354,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1419,11 +1366,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1443,6 +1386,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1451,11 +1398,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1475,6 +1418,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1483,11 +1430,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1507,6 +1450,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1515,11 +1462,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1539,6 +1482,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1547,11 +1494,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1571,6 +1514,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1579,11 +1526,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1603,6 +1546,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1611,11 +1558,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet49 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1635,6 +1578,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1643,11 +1590,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet50 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1667,6 +1610,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1675,11 +1622,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet51 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1699,6 +1642,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1707,11 +1654,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet52 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1731,6 +1674,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1739,11 +1686,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet53 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1763,6 +1706,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1771,11 +1718,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet54 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1795,6 +1738,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1803,11 +1750,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet55 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1827,6 +1770,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1835,11 +1782,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet56 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1859,6 +1802,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1867,11 +1814,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet57 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1891,6 +1834,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1899,11 +1846,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet58 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1923,6 +1866,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1931,11 +1878,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet59 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1955,6 +1898,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1963,11 +1910,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet60 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1987,6 +1930,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1995,11 +1942,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet61 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2019,6 +1962,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2027,11 +1974,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet62 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2051,6 +1994,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2059,11 +2006,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet63 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2083,6 +2026,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2091,11 +2038,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet64 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2115,6 +2058,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2123,11 +2070,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet65 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2147,6 +2090,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2155,11 +2102,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet66 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2179,6 +2122,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2187,11 +2134,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet67 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2211,6 +2154,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2219,11 +2166,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet68 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2243,6 +2186,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2251,11 +2198,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet69 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2275,6 +2218,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2283,11 +2230,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet70 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2307,6 +2250,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2315,11 +2262,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet71 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2339,6 +2282,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2347,11 +2294,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet72 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2371,6 +2314,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2379,11 +2326,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet73 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2403,6 +2346,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2411,11 +2358,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet74 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2435,6 +2378,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2443,11 +2390,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet75 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2467,6 +2410,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2475,11 +2422,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet76 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2499,6 +2442,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2507,11 +2454,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet77 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2531,6 +2474,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2539,11 +2486,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet78 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2563,6 +2506,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2571,11 +2518,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet79 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2595,6 +2538,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2603,11 +2550,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet80 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2627,6 +2570,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2635,11 +2582,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet81 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2659,6 +2602,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2667,11 +2614,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet82 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2691,6 +2634,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2699,11 +2646,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet83 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2723,6 +2666,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2731,11 +2678,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet84 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2755,6 +2698,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2763,11 +2710,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet85 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2787,6 +2730,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2795,11 +2742,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet86 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2819,6 +2762,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2827,11 +2774,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet87 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2851,6 +2794,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2859,11 +2806,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet88 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2883,6 +2826,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2891,11 +2838,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet89 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2915,6 +2858,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2923,11 +2870,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet90 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2947,6 +2890,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2955,11 +2902,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet91 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2979,6 +2922,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2987,11 +2934,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet92 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3011,6 +2954,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3019,11 +2966,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet93 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3043,6 +2986,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3051,11 +2998,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet94 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3075,6 +3018,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3083,11 +3030,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet95 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3107,6 +3050,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3115,11 +3062,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet96 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3139,6 +3082,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3147,17 +3094,78 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF3C +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.108/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT port_channel_interfaces: - name: Port-Channel971 description: L2_IDF3_AGG_Port-Channel973 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,310,320,330 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan10 + description: Inband Management shutdown: false + ip_address: 10.10.10.11/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 310 name: IDF3-Data @@ -3169,16 +3177,8 @@ vlans: name: IDF3-Guest tenant: MY_FABRIC - id: 10 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.11/24 - type: inband_mgmt -metadata: - platform: cEOSLab + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3D.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3D.yml index b059f249a41..0b038152013 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3D.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3D.yml @@ -1,85 +1,28 @@ -hostname: LEAF3D -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.109/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT ethernet_interfaces: - name: Ethernet97/1 - peer: LEAF3A - peer_interface: Ethernet97/4 - peer_type: l2leaf description: L2_LEAF3A_Ethernet97/4 shutdown: false channel_group: id: 971 mode: active -- name: Ethernet97/2 - peer: LEAF3B + peer: LEAF3A peer_interface: Ethernet97/4 peer_type: l2leaf +- name: Ethernet97/2 description: L2_LEAF3B_Ethernet97/4 shutdown: false channel_group: id: 971 mode: active + peer: LEAF3B + peer_interface: Ethernet97/4 + peer_type: l2leaf - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -99,6 +42,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -107,11 +54,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -131,6 +74,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -139,11 +86,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -163,6 +106,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -171,11 +118,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -195,6 +138,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -203,11 +150,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -227,6 +170,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -235,11 +182,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -259,6 +202,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -267,11 +214,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -291,6 +234,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -299,11 +246,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -323,6 +266,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -331,11 +278,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -355,6 +298,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -363,11 +310,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -387,6 +330,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -395,11 +342,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -419,6 +362,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -427,11 +374,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -451,6 +394,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -459,11 +406,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -483,6 +426,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -491,11 +438,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -515,6 +458,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -523,11 +470,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -547,6 +490,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -555,11 +502,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -579,6 +522,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -587,11 +534,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -611,6 +554,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -619,11 +566,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -643,6 +586,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -651,11 +598,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -675,6 +618,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -683,11 +630,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -707,6 +650,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -715,11 +662,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -739,6 +682,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -747,11 +694,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -771,6 +714,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -779,11 +726,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -803,6 +746,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -811,11 +758,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -835,6 +778,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -843,11 +790,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -867,6 +810,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -875,11 +822,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -899,6 +842,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -907,11 +854,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -931,6 +874,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -939,11 +886,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -963,6 +906,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -971,11 +918,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -995,6 +938,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1003,11 +950,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1027,6 +970,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1035,11 +982,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1059,6 +1002,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1067,11 +1014,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1091,6 +1034,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1099,11 +1046,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1123,6 +1066,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1131,11 +1078,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1155,6 +1098,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1163,11 +1110,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1187,6 +1130,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1195,11 +1142,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1219,6 +1162,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1227,11 +1174,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1251,6 +1194,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1259,11 +1206,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1283,6 +1226,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1291,11 +1238,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1315,6 +1258,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1323,11 +1270,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1347,6 +1290,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1355,11 +1302,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1379,6 +1322,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1387,11 +1334,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1411,6 +1354,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1419,11 +1366,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1443,6 +1386,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1451,11 +1398,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1475,6 +1418,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1483,11 +1430,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1507,6 +1450,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1515,11 +1462,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1539,6 +1482,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1547,11 +1494,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1571,6 +1514,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1579,11 +1526,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1603,6 +1546,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1611,11 +1558,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet49 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1635,6 +1578,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1643,11 +1590,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet50 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1667,6 +1610,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1675,11 +1622,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet51 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1699,6 +1642,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1707,11 +1654,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet52 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1731,6 +1674,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1739,11 +1686,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet53 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1763,6 +1706,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1771,11 +1718,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet54 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1795,6 +1738,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1803,11 +1750,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet55 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1827,6 +1770,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1835,11 +1782,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet56 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1859,6 +1802,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1867,11 +1814,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet57 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1891,6 +1834,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1899,11 +1846,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet58 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1923,6 +1866,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1931,11 +1878,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet59 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1955,6 +1898,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1963,11 +1910,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet60 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1987,6 +1930,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1995,11 +1942,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet61 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2019,6 +1962,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2027,11 +1974,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet62 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2051,6 +1994,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2059,11 +2006,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet63 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2083,6 +2026,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2091,11 +2038,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet64 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2115,6 +2058,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2123,11 +2070,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet65 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2147,6 +2090,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2155,11 +2102,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet66 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2179,6 +2122,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2187,11 +2134,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet67 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2211,6 +2154,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2219,11 +2166,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet68 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2243,6 +2186,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2251,11 +2198,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet69 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2275,6 +2218,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2283,11 +2230,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet70 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2307,6 +2250,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2315,11 +2262,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet71 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2339,6 +2282,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2347,11 +2294,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet72 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2371,6 +2314,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2379,11 +2326,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet73 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2403,6 +2346,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2411,11 +2358,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet74 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2435,6 +2378,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2443,11 +2390,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet75 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2467,6 +2410,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2475,11 +2422,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet76 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2499,6 +2442,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2507,11 +2454,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet77 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2531,6 +2474,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2539,11 +2486,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet78 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2563,6 +2506,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2571,11 +2518,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet79 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2595,6 +2538,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2603,11 +2550,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet80 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2627,6 +2570,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2635,11 +2582,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet81 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2659,6 +2602,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2667,11 +2614,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet82 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2691,6 +2634,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2699,11 +2646,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet83 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2723,6 +2666,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2731,11 +2678,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet84 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2755,6 +2698,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2763,11 +2710,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet85 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2787,6 +2730,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2795,11 +2742,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet86 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2819,6 +2762,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2827,11 +2774,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet87 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2851,6 +2794,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2859,11 +2806,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet88 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2883,6 +2826,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2891,11 +2838,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet89 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2915,6 +2858,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2923,11 +2870,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet90 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2947,6 +2890,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2955,11 +2902,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet91 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2979,6 +2922,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2987,11 +2934,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet92 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3011,6 +2954,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3019,11 +2966,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet93 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3043,6 +2986,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3051,11 +2998,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet94 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3075,6 +3018,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3083,11 +3030,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet95 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3107,6 +3050,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3115,11 +3062,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet96 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3139,6 +3082,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3147,17 +3094,78 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF3D +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.109/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT port_channel_interfaces: - name: Port-Channel971 description: L2_IDF3_AGG_Port-Channel974 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,310,320,330 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan10 + description: Inband Management shutdown: false + ip_address: 10.10.10.12/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 310 name: IDF3-Data @@ -3169,16 +3177,8 @@ vlans: name: IDF3-Guest tenant: MY_FABRIC - id: 10 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.12/24 - type: inband_mgmt -metadata: - platform: cEOSLab + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3E.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3E.yml index 0a49d505ff7..5302a96d599 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3E.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/LEAF3E.yml @@ -1,85 +1,28 @@ -hostname: LEAF3E -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 8.8.4.4 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.100.110/24 - gateway: 172.16.100.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: time.google.com - vrf: MGMT - preferred: true - - name: pool.ntp.org - vrf: MGMT ethernet_interfaces: - name: Ethernet97/1 - peer: LEAF3A - peer_interface: Ethernet98/1 - peer_type: l2leaf description: L2_LEAF3A_Ethernet98/1 shutdown: false channel_group: id: 971 mode: active -- name: Ethernet97/2 - peer: LEAF3B + peer: LEAF3A peer_interface: Ethernet98/1 peer_type: l2leaf +- name: Ethernet97/2 description: L2_LEAF3B_Ethernet98/1 shutdown: false channel_group: id: 971 mode: active + peer: LEAF3B + peer_interface: Ethernet98/1 + peer_type: l2leaf - name: Ethernet1 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -99,6 +42,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -107,11 +54,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet2 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -131,6 +74,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -139,11 +86,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet3 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -163,6 +106,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -171,11 +118,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet4 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -195,6 +138,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -203,11 +150,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet5 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -227,6 +170,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -235,11 +182,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet6 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -259,6 +202,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -267,11 +214,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet7 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -291,6 +234,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -299,11 +246,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet8 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -323,6 +266,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -331,11 +278,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet9 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -355,6 +298,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -363,11 +310,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet10 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -387,6 +330,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -395,11 +342,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet11 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -419,6 +362,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -427,11 +374,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet12 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -451,6 +394,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -459,11 +406,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet13 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -483,6 +426,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -491,11 +438,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet14 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -515,6 +458,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -523,11 +470,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet15 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -547,6 +490,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -555,11 +502,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet16 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -579,6 +522,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -587,11 +534,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet17 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -611,6 +554,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -619,11 +566,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet18 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -643,6 +586,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -651,11 +598,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet19 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -675,6 +618,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -683,11 +630,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet20 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -707,6 +650,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -715,11 +662,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet21 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -739,6 +682,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -747,11 +694,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet22 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -771,6 +714,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -779,11 +726,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet23 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -803,6 +746,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -811,11 +758,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet24 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -835,6 +778,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -843,11 +790,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet25 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -867,6 +810,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -875,11 +822,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet26 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -899,6 +842,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -907,11 +854,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet27 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -931,6 +874,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -939,11 +886,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet28 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -963,6 +906,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -971,11 +918,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet29 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -995,6 +938,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1003,11 +950,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet30 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1027,6 +970,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1035,11 +982,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet31 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1059,6 +1002,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1067,11 +1014,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet32 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1091,6 +1034,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1099,11 +1046,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet33 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1123,6 +1066,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1131,11 +1078,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet34 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1155,6 +1098,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1163,11 +1110,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet35 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1187,6 +1130,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1195,11 +1142,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet36 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1219,6 +1162,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1227,11 +1174,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet37 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1251,6 +1194,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1259,11 +1206,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet38 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1283,6 +1226,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1291,11 +1238,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet39 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1315,6 +1258,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1323,11 +1270,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet40 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1347,6 +1290,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1355,11 +1302,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet41 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1379,6 +1322,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1387,11 +1334,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet42 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1411,6 +1354,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1419,11 +1366,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet43 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1443,6 +1386,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1451,11 +1398,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet44 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1475,6 +1418,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1483,11 +1430,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet45 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1507,6 +1450,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1515,11 +1462,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet46 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1539,6 +1482,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1547,11 +1494,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet47 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1571,6 +1514,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1579,11 +1526,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet48 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1603,6 +1546,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1611,11 +1558,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet49 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1635,6 +1578,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1643,11 +1590,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet50 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1667,6 +1610,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1675,11 +1622,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet51 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1699,6 +1642,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1707,11 +1654,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet52 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1731,6 +1674,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1739,11 +1686,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet53 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1763,6 +1706,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1771,11 +1718,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet54 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1795,6 +1738,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1803,11 +1750,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet55 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1827,6 +1770,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1835,11 +1782,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet56 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1859,6 +1802,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1867,11 +1814,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet57 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1891,6 +1834,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1899,11 +1846,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet58 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1923,6 +1866,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1931,11 +1878,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet59 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1955,6 +1898,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1963,11 +1910,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet60 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -1987,6 +1930,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -1995,11 +1942,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet61 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2019,6 +1962,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2027,11 +1974,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet62 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2051,6 +1994,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2059,11 +2006,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet63 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2083,6 +2026,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2091,11 +2038,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet64 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2115,6 +2058,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2123,11 +2070,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet65 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2147,6 +2090,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2155,11 +2102,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet66 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2179,6 +2122,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2187,11 +2134,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet67 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2211,6 +2154,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2219,11 +2166,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet68 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2243,6 +2186,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2251,11 +2198,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet69 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2275,6 +2218,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2283,11 +2230,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet70 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2307,6 +2250,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2315,11 +2262,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet71 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2339,6 +2282,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2347,11 +2294,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet72 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2371,6 +2314,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2379,11 +2326,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet73 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2403,6 +2346,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2411,11 +2358,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet74 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2435,6 +2378,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2443,11 +2390,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet75 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2467,6 +2410,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2475,11 +2422,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet76 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2499,6 +2442,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2507,11 +2454,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet77 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2531,6 +2474,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2539,11 +2486,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet78 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2563,6 +2506,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2571,11 +2518,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet79 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2595,6 +2538,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2603,11 +2550,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet80 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2627,6 +2570,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2635,11 +2582,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet81 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2659,6 +2602,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2667,11 +2614,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet82 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2691,6 +2634,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2699,11 +2646,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet83 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2723,6 +2666,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2731,11 +2678,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet84 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2755,6 +2698,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2763,11 +2710,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet85 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2787,6 +2730,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2795,11 +2742,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet86 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2819,6 +2762,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2827,11 +2774,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet87 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2851,6 +2794,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2859,11 +2806,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet88 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2883,6 +2826,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2891,11 +2838,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet89 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2915,6 +2858,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2923,11 +2870,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet90 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2947,6 +2890,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2955,11 +2902,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet91 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -2979,6 +2922,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -2987,11 +2934,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet92 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3011,6 +2954,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3019,11 +2966,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet93 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3043,6 +2986,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3051,11 +2998,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet94 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3075,6 +3018,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3083,11 +3030,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet95 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3107,6 +3050,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3115,11 +3062,7 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled - name: Ethernet96 - peer_type: network_port - port_profile: PP-DOT1X description: IDF3 Standard Port shutdown: false dot1x: @@ -3139,6 +3082,10 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge + peer_type: network_port + port_profile: PP-DOT1X switchport: enabled: true mode: trunk phone @@ -3147,17 +3094,78 @@ ethernet_interfaces: phone: vlan: 320 trunk: untagged - spanning_tree_portfast: edge - spanning_tree_bpduguard: enabled +hostname: LEAF3E +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 8.8.4.4 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.100.110/24 + type: oob + gateway: 172.16.100.1 +metadata: + platform: cEOSLab +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: time.google.com + preferred: true + vrf: MGMT + - name: pool.ntp.org + vrf: MGMT port_channel_interfaces: - name: Port-Channel971 description: L2_IDF3_AGG_Port-Channel981 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,310,320,330 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan10 + description: Inband Management shutdown: false + ip_address: 10.10.10.13/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 310 name: IDF3-Data @@ -3169,16 +3177,8 @@ vlans: name: IDF3-Guest tenant: MY_FABRIC - id: 10 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan10 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.10.10.13/24 - type: inband_mgmt -metadata: - platform: cEOSLab + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE1.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE1.yml index ad93d9f733d..29fcec79dc4 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE1.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE1.yml @@ -1,341 +1,341 @@ -hostname: SPINE1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet55/1 + description: MLAG_SPINE2_Ethernet55/1 + shutdown: false + channel_group: + id: 551 + mode: active + peer: SPINE2 + peer_interface: Ethernet55/1 + peer_type: mlag_peer +- name: Ethernet56/1 + description: MLAG_SPINE2_Ethernet56/1 + shutdown: false + channel_group: + id: 551 + mode: active + peer: SPINE2 + peer_interface: Ethernet56/1 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_LEAF1A_Ethernet51 + shutdown: false + channel_group: + id: 1 + mode: active + peer: LEAF1A + peer_interface: Ethernet51 + peer_type: l2leaf +- name: Ethernet49/1 + description: L2_LEAF2A_Ethernet1/1 + shutdown: false + channel_group: + id: 491 + mode: active + peer: LEAF2A + peer_interface: Ethernet1/1 + peer_type: l2leaf +- name: Ethernet50/1 + description: L2_LEAF3A_Ethernet97/1 + shutdown: false + channel_group: + id: 501 + mode: active + peer: LEAF3A + peer_interface: Ethernet97/1 + peer_type: l2leaf +- name: Ethernet51/1 + description: L2_LEAF3B_Ethernet97/1 + shutdown: false + channel_group: + id: 501 + mode: active + peer: LEAF3B + peer_interface: Ethernet97/1 + peer_type: l2leaf +- name: Ethernet52/1 + description: P2P_WAN_Ethernet1/1 + shutdown: false + mtu: 1500 + ip_address: 10.0.0.3/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + peer: WAN + peer_interface: Ethernet1/1 + peer_type: other + switchport: + enabled: false +hostname: SPINE1 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.1.1/32 + ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.101/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOSLab +mlag_configuration: + domain_id: SPINES + local_interface: Vlan4094 + peer_address: 192.168.0.1 + peer_link: Port-Channel551 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 110 - name: IDF1-Data - tenant: MY_FABRIC -- id: 120 - name: IDF1-Voice - tenant: MY_FABRIC -- id: 130 - name: IDF1-Guest - tenant: MY_FABRIC -- id: 210 - name: IDF2-Data - tenant: MY_FABRIC -- id: 220 - name: IDF2-Voice - tenant: MY_FABRIC -- id: 230 - name: IDF2-Guest - tenant: MY_FABRIC -- id: 310 - name: IDF3-Data - tenant: MY_FABRIC -- id: 320 - name: IDF3-Voice - tenant: MY_FABRIC -- id: 330 - name: IDF3-Guest - tenant: MY_FABRIC -- id: 10 - tenant: system - name: INBAND_MGMT +port_channel_interfaces: +- name: Port-Channel551 + description: MLAG_SPINE2_Port-Channel551 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_IDF1_Port-Channel51 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,110,120,130 +- name: Port-Channel491 + description: L2_LEAF2A_Port-Channel11 + shutdown: false + mlag: 491 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,210,220,230 +- name: Port-Channel501 + description: L2_IDF3_AGG_Port-Channel971 + shutdown: false + mlag: 501 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +router_ospf: + process_ids: + - id: 100 + passive_interface_default: true + router_id: 172.16.1.1 + bfd_enable: false + no_passive_interfaces: + - Vlan4093 + - Ethernet52/1 + max_lsa: 12000 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.1.1.0/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 192.168.0.0/31 + mtu: 1500 + no_autostate: true - name: Vlan110 - tenant: MY_FABRIC - tags: - - '110' description: IDF1-Data shutdown: false ip_address: 10.1.10.2/23 ip_virtual_router_addresses: - 10.1.10.1 -- name: Vlan120 tenant: MY_FABRIC tags: - - '120' + - '110' +- name: Vlan120 description: IDF1-Voice shutdown: false ip_address: 10.1.20.2/23 ip_virtual_router_addresses: - 10.1.20.1 -- name: Vlan130 tenant: MY_FABRIC tags: - - '130' + - '120' +- name: Vlan130 description: IDF1-Guest shutdown: false ip_address: 10.1.30.2/23 ip_virtual_router_addresses: - 10.1.30.1 -- name: Vlan210 tenant: MY_FABRIC tags: - - '210' + - '130' +- name: Vlan210 description: IDF2-Data shutdown: false ip_address: 10.2.10.2/23 ip_virtual_router_addresses: - 10.2.10.1 -- name: Vlan220 tenant: MY_FABRIC tags: - - '220' + - '210' +- name: Vlan220 description: IDF2-Voice shutdown: false ip_address: 10.2.20.2/23 ip_virtual_router_addresses: - 10.2.20.1 -- name: Vlan230 tenant: MY_FABRIC tags: - - '230' + - '220' +- name: Vlan230 description: IDF2-Guest shutdown: false ip_address: 10.2.30.2/23 ip_virtual_router_addresses: - 10.2.30.1 -- name: Vlan310 tenant: MY_FABRIC tags: - - '310' + - '230' +- name: Vlan310 description: IDF3-Data shutdown: false ip_address: 10.3.10.2/23 ip_virtual_router_addresses: - 10.3.10.1 -- name: Vlan320 tenant: MY_FABRIC tags: - - '320' + - '310' +- name: Vlan320 description: IDF3-Voice shutdown: false ip_address: 10.3.20.2/23 ip_virtual_router_addresses: - 10.3.20.1 -- name: Vlan330 tenant: MY_FABRIC tags: - - '330' + - '320' +- name: Vlan330 description: IDF3-Guest shutdown: false ip_address: 10.3.30.2/23 ip_virtual_router_addresses: - 10.3.30.1 + tenant: MY_FABRIC + tags: + - '330' - name: Vlan10 description: Inband Management shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 10.10.10.2/24 ip_virtual_router_addresses: - 10.10.10.1 -port_channel_interfaces: -- name: Port-Channel551 - description: MLAG_SPINE2_Port-Channel551 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_IDF1_Port-Channel51 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,110,120,130 - shutdown: false - mlag: 1 -- name: Port-Channel491 - description: L2_LEAF2A_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,210,220,230 - shutdown: false - mlag: 491 -- name: Port-Channel501 - description: L2_IDF3_AGG_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 501 -ethernet_interfaces: -- name: Ethernet55/1 - peer: SPINE2 - peer_interface: Ethernet55/1 - peer_type: mlag_peer - description: MLAG_SPINE2_Ethernet55/1 - shutdown: false - channel_group: - id: 551 - mode: active -- name: Ethernet56/1 - peer: SPINE2 - peer_interface: Ethernet56/1 - peer_type: mlag_peer - description: MLAG_SPINE2_Ethernet56/1 - shutdown: false - channel_group: - id: 551 - mode: active -- name: Ethernet1 - peer: LEAF1A - peer_interface: Ethernet51 - peer_type: l2leaf - description: L2_LEAF1A_Ethernet51 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet49/1 - peer: LEAF2A - peer_interface: Ethernet1/1 - peer_type: l2leaf - description: L2_LEAF2A_Ethernet1/1 - shutdown: false - channel_group: - id: 491 - mode: active -- name: Ethernet50/1 - peer: LEAF3A - peer_interface: Ethernet97/1 - peer_type: l2leaf - description: L2_LEAF3A_Ethernet97/1 - shutdown: false - channel_group: - id: 501 - mode: active -- name: Ethernet51/1 - peer: LEAF3B - peer_interface: Ethernet97/1 - peer_type: l2leaf - description: L2_LEAF3B_Ethernet97/1 - shutdown: false - channel_group: - id: 501 - mode: active -- name: Ethernet52/1 - peer: WAN - peer_interface: Ethernet1/1 - peer_type: other - switchport: - enabled: false - shutdown: false mtu: 1500 - ip_address: 10.0.0.3/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - description: P2P_WAN_Ethernet1/1 -mlag_configuration: - domain_id: SPINES - local_interface: Vlan4094 - peer_address: 192.168.0.1 - peer_link: Port-Channel551 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.1.1/32 - ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 100 - passive_interface_default: true - router_id: 172.16.1.1 - max_lsa: 12000 - no_passive_interfaces: - - Vlan4093 - - Ethernet52/1 - bfd_enable: false - redistribute: - connected: - enabled: true -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 -metadata: - platform: cEOSLab + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 110 + name: IDF1-Data + tenant: MY_FABRIC +- id: 120 + name: IDF1-Voice + tenant: MY_FABRIC +- id: 130 + name: IDF1-Guest + tenant: MY_FABRIC +- id: 210 + name: IDF2-Data + tenant: MY_FABRIC +- id: 220 + name: IDF2-Voice + tenant: MY_FABRIC +- id: 230 + name: IDF2-Guest + tenant: MY_FABRIC +- id: 310 + name: IDF3-Data + tenant: MY_FABRIC +- id: 320 + name: IDF3-Voice + tenant: MY_FABRIC +- id: 330 + name: IDF3-Guest + tenant: MY_FABRIC +- id: 10 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE2.yml b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE2.yml index b150bd3ae29..477f13a53b8 100644 --- a/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE2.yml +++ b/ansible_collections/arista/avd/examples/campus-fabric/intended/structured_configs/SPINE2.yml @@ -1,341 +1,341 @@ -hostname: SPINE2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet55/1 + description: MLAG_SPINE1_Ethernet55/1 + shutdown: false + channel_group: + id: 551 + mode: active + peer: SPINE1 + peer_interface: Ethernet55/1 + peer_type: mlag_peer +- name: Ethernet56/1 + description: MLAG_SPINE1_Ethernet56/1 + shutdown: false + channel_group: + id: 551 + mode: active + peer: SPINE1 + peer_interface: Ethernet56/1 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_LEAF1B_Ethernet51 + shutdown: false + channel_group: + id: 1 + mode: active + peer: LEAF1B + peer_interface: Ethernet51 + peer_type: l2leaf +- name: Ethernet49/1 + description: L2_LEAF2A_Ethernet1/3 + shutdown: false + channel_group: + id: 491 + mode: active + peer: LEAF2A + peer_interface: Ethernet1/3 + peer_type: l2leaf +- name: Ethernet50/1 + description: L2_LEAF3A_Ethernet97/2 + shutdown: false + channel_group: + id: 501 + mode: active + peer: LEAF3A + peer_interface: Ethernet97/2 + peer_type: l2leaf +- name: Ethernet51/1 + description: L2_LEAF3B_Ethernet97/2 + shutdown: false + channel_group: + id: 501 + mode: active + peer: LEAF3B + peer_interface: Ethernet97/2 + peer_type: l2leaf +- name: Ethernet52/1 + description: P2P_WAN_Ethernet1/1 + shutdown: false + mtu: 1500 + ip_address: 10.0.0.5/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + peer: WAN + peer_interface: Ethernet1/1 + peer_type: other + switchport: + enabled: false +hostname: SPINE2 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eucN5ngreuExDgwS$xnD7T8jO..GBDX0DUlp.hn.W7yW94xTjSanqgaQGBzPIhDAsyAl9N4oScHvOMvf07uVBFI4mKMxwdVEUVKgY/. -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.1.2/32 + ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.102/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOSLab +mlag_configuration: + domain_id: SPINES + local_interface: Vlan4094 + peer_address: 192.168.0.0 + peer_link: Port-Channel551 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 110 - name: IDF1-Data - tenant: MY_FABRIC -- id: 120 - name: IDF1-Voice - tenant: MY_FABRIC -- id: 130 - name: IDF1-Guest - tenant: MY_FABRIC -- id: 210 - name: IDF2-Data - tenant: MY_FABRIC -- id: 220 - name: IDF2-Voice - tenant: MY_FABRIC -- id: 230 - name: IDF2-Guest - tenant: MY_FABRIC -- id: 310 - name: IDF3-Data - tenant: MY_FABRIC -- id: 320 - name: IDF3-Voice - tenant: MY_FABRIC -- id: 330 - name: IDF3-Guest - tenant: MY_FABRIC -- id: 10 - tenant: system - name: INBAND_MGMT +port_channel_interfaces: +- name: Port-Channel551 + description: MLAG_SPINE1_Port-Channel551 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_IDF1_Port-Channel51 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,110,120,130 +- name: Port-Channel491 + description: L2_LEAF2A_Port-Channel11 + shutdown: false + mlag: 491 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,210,220,230 +- name: Port-Channel501 + description: L2_IDF3_AGG_Port-Channel971 + shutdown: false + mlag: 501 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 10,310,320,330 +router_ospf: + process_ids: + - id: 100 + passive_interface_default: true + router_id: 172.16.1.2 + bfd_enable: false + no_passive_interfaces: + - Vlan4093 + - Ethernet52/1 + max_lsa: 12000 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.1.1.1/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 192.168.0.1/31 + mtu: 1500 + no_autostate: true - name: Vlan110 - tenant: MY_FABRIC - tags: - - '110' description: IDF1-Data shutdown: false ip_address: 10.1.10.3/23 ip_virtual_router_addresses: - 10.1.10.1 -- name: Vlan120 tenant: MY_FABRIC tags: - - '120' + - '110' +- name: Vlan120 description: IDF1-Voice shutdown: false ip_address: 10.1.20.3/23 ip_virtual_router_addresses: - 10.1.20.1 -- name: Vlan130 tenant: MY_FABRIC tags: - - '130' + - '120' +- name: Vlan130 description: IDF1-Guest shutdown: false ip_address: 10.1.30.3/23 ip_virtual_router_addresses: - 10.1.30.1 -- name: Vlan210 tenant: MY_FABRIC tags: - - '210' + - '130' +- name: Vlan210 description: IDF2-Data shutdown: false ip_address: 10.2.10.3/23 ip_virtual_router_addresses: - 10.2.10.1 -- name: Vlan220 tenant: MY_FABRIC tags: - - '220' + - '210' +- name: Vlan220 description: IDF2-Voice shutdown: false ip_address: 10.2.20.3/23 ip_virtual_router_addresses: - 10.2.20.1 -- name: Vlan230 tenant: MY_FABRIC tags: - - '230' + - '220' +- name: Vlan230 description: IDF2-Guest shutdown: false ip_address: 10.2.30.3/23 ip_virtual_router_addresses: - 10.2.30.1 -- name: Vlan310 tenant: MY_FABRIC tags: - - '310' + - '230' +- name: Vlan310 description: IDF3-Data shutdown: false ip_address: 10.3.10.3/23 ip_virtual_router_addresses: - 10.3.10.1 -- name: Vlan320 tenant: MY_FABRIC tags: - - '320' + - '310' +- name: Vlan320 description: IDF3-Voice shutdown: false ip_address: 10.3.20.3/23 ip_virtual_router_addresses: - 10.3.20.1 -- name: Vlan330 tenant: MY_FABRIC tags: - - '330' + - '320' +- name: Vlan330 description: IDF3-Guest shutdown: false ip_address: 10.3.30.3/23 ip_virtual_router_addresses: - 10.3.30.1 + tenant: MY_FABRIC + tags: + - '330' - name: Vlan10 description: Inband Management shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 10.10.10.3/24 ip_virtual_router_addresses: - 10.10.10.1 -port_channel_interfaces: -- name: Port-Channel551 - description: MLAG_SPINE1_Port-Channel551 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_IDF1_Port-Channel51 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,110,120,130 - shutdown: false - mlag: 1 -- name: Port-Channel491 - description: L2_LEAF2A_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,210,220,230 - shutdown: false - mlag: 491 -- name: Port-Channel501 - description: L2_IDF3_AGG_Port-Channel971 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 10,310,320,330 - shutdown: false - mlag: 501 -ethernet_interfaces: -- name: Ethernet55/1 - peer: SPINE1 - peer_interface: Ethernet55/1 - peer_type: mlag_peer - description: MLAG_SPINE1_Ethernet55/1 - shutdown: false - channel_group: - id: 551 - mode: active -- name: Ethernet56/1 - peer: SPINE1 - peer_interface: Ethernet56/1 - peer_type: mlag_peer - description: MLAG_SPINE1_Ethernet56/1 - shutdown: false - channel_group: - id: 551 - mode: active -- name: Ethernet1 - peer: LEAF1B - peer_interface: Ethernet51 - peer_type: l2leaf - description: L2_LEAF1B_Ethernet51 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet49/1 - peer: LEAF2A - peer_interface: Ethernet1/3 - peer_type: l2leaf - description: L2_LEAF2A_Ethernet1/3 - shutdown: false - channel_group: - id: 491 - mode: active -- name: Ethernet50/1 - peer: LEAF3A - peer_interface: Ethernet97/2 - peer_type: l2leaf - description: L2_LEAF3A_Ethernet97/2 - shutdown: false - channel_group: - id: 501 - mode: active -- name: Ethernet51/1 - peer: LEAF3B - peer_interface: Ethernet97/2 - peer_type: l2leaf - description: L2_LEAF3B_Ethernet97/2 - shutdown: false - channel_group: - id: 501 - mode: active -- name: Ethernet52/1 - peer: WAN - peer_interface: Ethernet1/1 - peer_type: other - switchport: - enabled: false - shutdown: false mtu: 1500 - ip_address: 10.0.0.5/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - description: P2P_WAN_Ethernet1/1 -mlag_configuration: - domain_id: SPINES - local_interface: Vlan4094 - peer_address: 192.168.0.0 - peer_link: Port-Channel551 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.1.2/32 - ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 100 - passive_interface_default: true - router_id: 172.16.1.2 - max_lsa: 12000 - no_passive_interfaces: - - Vlan4093 - - Ethernet52/1 - bfd_enable: false - redistribute: - connected: - enabled: true -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 -metadata: - platform: cEOSLab + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 110 + name: IDF1-Data + tenant: MY_FABRIC +- id: 120 + name: IDF1-Voice + tenant: MY_FABRIC +- id: 130 + name: IDF1-Guest + tenant: MY_FABRIC +- id: 210 + name: IDF2-Data + tenant: MY_FABRIC +- id: 220 + name: IDF2-Voice + tenant: MY_FABRIC +- id: 230 + name: IDF2-Guest + tenant: MY_FABRIC +- id: 310 + name: IDF3-Data + tenant: MY_FABRIC +- id: 320 + name: IDF3-Voice + tenant: MY_FABRIC +- id: 330 + name: IDF3-Guest + tenant: MY_FABRIC +- id: 10 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml index ff44c321f9d..ef72b5fb736 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml @@ -1,39 +1,9 @@ -hostname: inet-cloud -is_deployed: true -router_bgp: - as: '65666' - router_id: 172.31.255.23 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 100.64.21.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - default_originate: - enabled: true - always: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -41,25 +11,64 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: pf1-Ethernet2 + shutdown: false + ip_address: 100.64.100.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet2 + description: pf2-Ethernet2 + shutdown: false + ip_address: 100.64.200.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet5 + description: site1-wan1-Ethernet4 + shutdown: false + ip_address: 100.64.10.1/24 + dhcp_server_ipv4: true + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet6 + description: site1-wan2-Ethernet4 + shutdown: false + ip_address: 100.64.11.1/24 + dhcp_server_ipv4: true + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet7 + description: site2-wan2-Ethernet4 + shutdown: false + ip_address: 100.64.21.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet8 + description: site3-wan1-Ethernet4 + shutdown: false + ip_address: 100.64.30.1/24 + dhcp_server_ipv4: true + peer_type: l3_interface + switchport: + enabled: false +hostname: inet-cloud ip_name_servers: - ip_address: 192.168.17.1 vrf: MGMT -spanning_tree: - mode: none +ip_routing: true +is_deployed: true local_users: - name: ansible privilege: 15 @@ -73,84 +82,75 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.31.255.23/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.17.31/24 - gateway: 192.168.17.1 type: oob + gateway: 192.168.17.1 lldp: transmit: false receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 0.pool.ntp.org - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: 100.64.100.1/24 - shutdown: false - switchport: - enabled: false - description: pf1-Ethernet2 -- name: Ethernet2 - peer_type: l3_interface - ip_address: 100.64.200.1/24 - shutdown: false - switchport: - enabled: false - description: pf2-Ethernet2 -- name: Ethernet5 - peer_type: l3_interface - ip_address: 100.64.10.1/24 - shutdown: false - switchport: - enabled: false - description: site1-wan1-Ethernet4 - dhcp_server_ipv4: true -- name: Ethernet6 - peer_type: l3_interface - ip_address: 100.64.11.1/24 - shutdown: false - switchport: - enabled: false - description: site1-wan2-Ethernet4 - dhcp_server_ipv4: true -- name: Ethernet7 - peer_type: l3_interface - ip_address: 100.64.21.1/24 - shutdown: false - switchport: - enabled: false - description: site2-wan2-Ethernet4 -- name: Ethernet8 - peer_type: l3_interface - ip_address: 100.64.30.1/24 - shutdown: false - switchport: - enabled: false - description: site3-wan1-Ethernet4 - dhcp_server_ipv4: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.31.255.23/32 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local + vrf: MGMT +router_bgp: + as: '65666' + router_id: 172.31.255.23 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 100.64.21.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + default_originate: + enabled: true + always: true + redistribute: + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/mpls-cloud.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/mpls-cloud.yml index 7147acff2fb..42aeba6d6ca 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/mpls-cloud.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/mpls-cloud.yml @@ -1,47 +1,9 @@ -hostname: mpls-cloud -is_deployed: true -router_bgp: - as: '65042' - router_id: 172.31.255.22 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -49,25 +11,54 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: pf1-Ethernet1 + shutdown: false + ip_address: 172.18.100.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet2 + description: pf2-Ethernet1 + shutdown: false + ip_address: 172.18.200.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet5 + description: site1-wan1-Ethernet3 + shutdown: false + ip_address: 172.18.10.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet6 + description: site1-wan2-Ethernet3 + shutdown: false + ip_address: 172.18.11.1/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet7 + description: site2-wan1-Ethernet3 + shutdown: false + ip_address: 172.18.20.1/24 + peer_type: l3_interface + switchport: + enabled: false +hostname: mpls-cloud ip_name_servers: - ip_address: 192.168.17.1 vrf: MGMT -spanning_tree: - mode: none +ip_routing: true +is_deployed: true local_users: - name: ansible privilege: 15 @@ -81,73 +72,34 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.31.255.22/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.17.30/24 - gateway: 192.168.17.1 type: oob + gateway: 192.168.17.1 lldp: transmit: false receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 0.pool.ntp.org - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: 172.18.100.1/24 - shutdown: false - switchport: - enabled: false - description: pf1-Ethernet1 -- name: Ethernet2 - peer_type: l3_interface - ip_address: 172.18.200.1/24 - shutdown: false - switchport: - enabled: false - description: pf2-Ethernet1 -- name: Ethernet5 - peer_type: l3_interface - ip_address: 172.18.10.1/24 - shutdown: false - switchport: - enabled: false - description: site1-wan1-Ethernet3 -- name: Ethernet6 - peer_type: l3_interface - ip_address: 172.18.11.1/24 - shutdown: false - switchport: - enabled: false - description: site1-wan2-Ethernet3 -- name: Ethernet7 - peer_type: l3_interface - ip_address: 172.18.20.1/24 - shutdown: false - switchport: - enabled: false - description: site2-wan1-Ethernet3 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.31.255.22/32 + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -165,7 +117,55 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local +router_bgp: + as: '65042' + router_id: 172.31.255.22 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf1.yml index 67f896e0e9b..aeb87082cdf 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf1.yml @@ -1,123 +1,69 @@ -hostname: pf1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - bgp_cluster_id: 192.168.255.1 - listen_ranges: - - prefix: 192.168.42.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - route_reflector_client: true - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - - name: WAN-RR-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: UYrhGgLBS9m5z2rcHbqzBg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - route_reflector_client: true - address_family_evpn: - peer_groups: - - name: WAN-RR-OVERLAY-PEERS - activate: true - encapsulation: path-selection - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - next_hop: - resolution_disabled: true - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - - name: WAN-RR-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - missing_policy: - direction_out_action: deny - - name: WAN-RR-OVERLAY-PEERS - activate: true - path_selection: - roles: - consumer: true - propagator: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.42.2 - peer_group: WAN-RR-OVERLAY-PEERS - peer: pf2 - description: pf2_Dps1 - vrfs: - - name: default - rd: 192.168.255.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.100.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 100.64.100.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.42.1/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: CRITICAL-SECRET-DATA-APP + dscp_ranges: + - '46' + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -125,148 +71,93 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.10/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -platform: - sfe: - data_plane_cpu_allocation_max: 1 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface + description: ACME-MPLS-INC_mpls-pf1_mpls-cloud_Ethernet1 + shutdown: false + ip_address: 172.18.100.2/24 peer: mpls-cloud peer_interface: Ethernet1 - ip_address: 172.18.100.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ACME-MPLS-INC_mpls-pf1_mpls-cloud_Ethernet1 - name: Ethernet2 - peer_type: l3_interface + description: GLOBAL-INTERNET-LIMITED_inet-pf1_inet-cloud_Ethernet1 + shutdown: false + ip_address: 100.64.100.2/24 + access_group_in: ACL-PF-INTERNET-IN_Ethernet2 peer: inet-cloud peer_interface: Ethernet1 - ip_address: 100.64.100.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: GLOBAL-INTERNET-LIMITED_inet-pf1_inet-cloud_Ethernet1 - access_group_in: ACL-PF-INTERNET-IN_Ethernet2 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.255.1:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: pf1 ip_access_lists: - name: ACL-PF-INTERNET-IN_Ethernet2 entries: - sequence: 1 remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' - - source: any - destination: 100.64.100.2 - sequence: 10 + - sequence: 10 action: permit protocol: udp + source: any + destination: 100.64.100.2 destination_ports_match: eq destination_ports: - isakmp - non500-isakmp - - source: any - destination: 100.64.100.2 - sequence: 20 + - sequence: 20 action: permit protocol: udp + source: any + destination: 100.64.100.2 destination_ports_match: eq destination_ports: - '3478' - - source: any - destination: 100.64.100.2 - sequence: 30 + - sequence: 30 action: permit protocol: icmp - - source: any - destination: any - action: deny + source: any + destination: 100.64.100.2 + - action: deny protocol: ip + source: any + destination: any ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.255.1:0 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -287,286 +178,92 @@ ip_security: time: 50 action: clear mode: transport +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.10/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false management_security: ssl_profiles: - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: pathfinder - profiles: - - name: BLUE-POLICY-VIDEO - load_balance_policy: LB-BLUE-POLICY-VIDEO - - name: BLUE-POLICY-VOICE - load_balance_policy: LB-BLUE-POLICY-VOICE - - name: BLUE-POLICY-DEFAULT - load_balance_policy: LB-BLUE-POLICY-DEFAULT - - name: RED-POLICY-CRITICAL-SECRET-DATA - load_balance_policy: LB-RED-POLICY-CRITICAL-SECRET-DATA - - name: RED-POLICY-NORMAL-DATA - load_balance_policy: LB-RED-POLICY-NORMAL-DATA - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - load_balance_policy: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-CONTROL-PLANE - load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: BLUE - policy: BLUE-POLICY - profiles: - - name: BLUE-POLICY-VIDEO - id: 2 - - name: BLUE-POLICY-VOICE - id: 3 - - name: BLUE-POLICY-DEFAULT - id: 1 - - name: RED - policy: RED-POLICY - profiles: - - name: RED-POLICY-CRITICAL-SECRET-DATA - id: 2 - - name: RED-POLICY-NORMAL-DATA - id: 3 - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - id: 4 - - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: CRITICAL-SECRET-DATA - avt_profile: RED-POLICY-CRITICAL-SECRET-DATA - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 101 - local_interfaces: + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: pathfinder + - name: PathfinderSet + value: PATHFINDERS + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ACME-MPLS-INC + - name: Circuit + value: mpls-pf1 + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: GLOBAL-INTERNET-LIMITED + - name: Circuit + value: inet-pf1 + cv_pathfinder: + role: pathfinder + site: PF1-GLOBAL + vtep_ip: 192.168.42.1 + ssl_profile: STUN-DTLS + address: Santa Clara, CA, USA + interfaces: - name: Ethernet1 - static_peers: - - router_ip: 192.168.42.2 - name: pf2 - ipv4_addresses: - - 172.18.200.2 - ipsec_profile: CP-PROFILE - - name: INTERNET - id: 102 - local_interfaces: + carrier: ACME-MPLS-INC + circuit_id: mpls-pf1 + pathgroup: MPLS + public_ip: 172.18.100.2 - name: Ethernet2 - static_peers: - - router_ip: 192.168.42.2 - name: pf2 - ipv4_addresses: - - 100.64.200.2 - ipsec_profile: CP-PROFILE - - name: LAN_HA - id: 65535 - flow_assignment: lan - peer_dynamic_source: stun - load_balance_policies: - - name: LB-BLUE-POLICY-VIDEO - path_groups: - - name: INTERNET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-BLUE-POLICY-VOICE - path_groups: - - name: MPLS - - name: INTERNET - priority: 2 - - name: LAN_HA - jitter: 30 - latency: 150 - loss_rate: '1' - lowest_hop_count: true - - name: LB-BLUE-POLICY-DEFAULT - path_groups: - - name: INTERNET - - name: MPLS - - name: LAN_HA - - name: LB-RED-POLICY-CRITICAL-SECRET-DATA - path_groups: - - name: MPLS - - name: LAN_HA - - name: LB-RED-POLICY-NORMAL-DATA - path_groups: - - name: INTERNET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA - path_groups: - - name: INTERNET - - name: LAN_HA - - name: LB-DEFAULT-POLICY-CONTROL-PLANE - path_groups: - - name: INTERNET - - name: MPLS - - name: LAN_HA - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: INTERNET - - name: MPLS - - name: LAN_HA -router_traffic_engineering: - enabled: true -stun: - server: - local_interfaces: - - Ethernet1 - - Ethernet2 - ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: CRITICAL-SECRET-DATA-APP - dscp_ranges: - - '46' - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.42.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.1/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: pf1_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: BLUE - vni: 100 - - name: RED - vni: 101 -metadata: - cv_pathfinder: - applications: - profiles: - - name: VIDEO - user_defined_applications: - - name: VIDEO-APP - - name: VOICE - user_defined_applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - user_defined_applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - user_defined_applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - user_defined_applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - user_defined_applications: - - name: APP-CONTROL-PLANE - role: pathfinder - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.1 - site: PF1-GLOBAL - address: Santa Clara, CA, USA - interfaces: - - name: Ethernet1 - carrier: ACME-MPLS-INC - circuit_id: mpls-pf1 - pathgroup: MPLS - public_ip: 172.18.100.2 - - name: Ethernet2 - carrier: GLOBAL-INTERNET-LIMITED - circuit_id: inet-pf1 - pathgroup: INTERNET - public_ip: 100.64.100.2 - pathgroups: + carrier: GLOBAL-INTERNET-LIMITED + circuit_id: inet-pf1 + pathgroup: INTERNET + public_ip: 100.64.100.2 + pathgroups: - name: MPLS carriers: - name: ACME-MPLS-INC @@ -576,28 +273,28 @@ metadata: - name: REGION1-INTERNET-CORP - name: REGION2-INTERNET-CORP regions: - - name: REGION1 - id: 1 + - id: 1 + name: REGION1 zones: - - name: REGION1-ZONE - id: 1 + - id: 1 + name: REGION1-ZONE sites: - - name: SITE1 - id: 101 + - id: 101 + name: SITE1 location: address: Copenhagen, Denmark - - name: REGION2 - id: 2 + - id: 2 + name: REGION2 zones: - - name: REGION2-ZONE - id: 1 + - id: 1 + name: REGION2-ZONE sites: - - name: SITE2 - id: 202 + - id: 202 + name: SITE2 location: address: Ottawa, Canada - - name: SITE3 - id: 203 + - id: 203 + name: SITE3 location: address: Milan, Italy vrfs: @@ -618,7 +315,7 @@ metadata: - constraints: jitter: 30 latency: 150 - lossrate: 1.0 + lossrate: '1.0' hop_count: lowest id: 3 name: BLUE-POLICY-VOICE @@ -695,43 +392,346 @@ metadata: preference: preferred - name: LAN_HA preference: preferred - cv_tags: - device_tags: - - name: Role - value: pathfinder - - name: PathfinderSet - value: PATHFINDERS - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ACME-MPLS-INC - - name: Circuit - value: mpls-pf1 - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: GLOBAL-INTERNET-LIMITED - - name: Circuit - value: inet-pf1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local + applications: + profiles: + - name: VIDEO + user_defined_applications: + - name: VIDEO-APP + - name: VOICE + user_defined_applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + user_defined_applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + user_defined_applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + user_defined_applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + user_defined_applications: + - name: APP-CONTROL-PLANE +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +platform: + sfe: + data_plane_cpu_allocation_max: 1 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.255.1:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: pathfinder + profiles: + - name: BLUE-POLICY-VIDEO + load_balance_policy: LB-BLUE-POLICY-VIDEO + - name: BLUE-POLICY-VOICE + load_balance_policy: LB-BLUE-POLICY-VOICE + - name: BLUE-POLICY-DEFAULT + load_balance_policy: LB-BLUE-POLICY-DEFAULT + - name: RED-POLICY-CRITICAL-SECRET-DATA + load_balance_policy: LB-RED-POLICY-CRITICAL-SECRET-DATA + - name: RED-POLICY-NORMAL-DATA + load_balance_policy: LB-RED-POLICY-NORMAL-DATA + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + load_balance_policy: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: CRITICAL-SECRET-DATA + avt_profile: RED-POLICY-CRITICAL-SECRET-DATA + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: BLUE + policy: BLUE-POLICY + profiles: + - name: BLUE-POLICY-VIDEO + id: 2 + - name: BLUE-POLICY-VOICE + id: 3 + - name: BLUE-POLICY-DEFAULT + id: 1 + - name: RED + policy: RED-POLICY + profiles: + - name: RED-POLICY-CRITICAL-SECRET-DATA + id: 2 + - name: RED-POLICY-NORMAL-DATA + id: 3 + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + id: 4 + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.1 + maximum_paths: + paths: 16 + bgp_cluster_id: 192.168.255.1 + bgp: + default: + ipv4_unicast: false + listen_ranges: + - prefix: 192.168.42.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + - name: WAN-RR-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: UYrhGgLBS9m5z2rcHbqzBg== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.42.2 + peer_group: WAN-RR-OVERLAY-PEERS + peer: pf2 + description: pf2_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-RR-OVERLAY-PEERS + activate: true + encapsulation: path-selection + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + next_hop: + resolution_disabled: true + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + - name: WAN-RR-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + missing_policy: + direction_out_action: deny + - name: WAN-RR-OVERLAY-PEERS + activate: true + path_selection: + roles: + consumer: true + propagator: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.255.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_path_selection: + peer_dynamic_source: stun + path_groups: + - name: MPLS + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1 + static_peers: + - router_ip: 192.168.42.2 + name: pf2 + ipv4_addresses: + - 172.18.200.2 + - name: INTERNET + id: 102 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet2 + static_peers: + - router_ip: 192.168.42.2 + name: pf2 + ipv4_addresses: + - 100.64.200.2 + - name: LAN_HA + id: 65535 + flow_assignment: lan + load_balance_policies: + - name: LB-BLUE-POLICY-VIDEO + path_groups: + - name: INTERNET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-BLUE-POLICY-VOICE + lowest_hop_count: true + jitter: 30 + latency: 150 + loss_rate: '1' + path_groups: + - name: MPLS + - name: INTERNET + priority: 2 + - name: LAN_HA + - name: LB-BLUE-POLICY-DEFAULT + path_groups: + - name: INTERNET + - name: MPLS + - name: LAN_HA + - name: LB-RED-POLICY-CRITICAL-SECRET-DATA + path_groups: + - name: MPLS + - name: LAN_HA + - name: LB-RED-POLICY-NORMAL-DATA + path_groups: + - name: INTERNET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA + path_groups: + - name: INTERNET + - name: LAN_HA + - name: LB-DEFAULT-POLICY-CONTROL-PLANE + path_groups: + - name: INTERNET + - name: MPLS + - name: LAN_HA + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: INTERNET + - name: MPLS + - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.100.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 100.64.100.1 +stun: + server: + local_interfaces: + - Ethernet1 + - Ethernet2 + ssl_profile: STUN-DTLS +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: pf1_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: BLUE + vni: 100 + - name: RED + vni: 101 diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf2.yml index 63fa40ce06f..26ab41c6b35 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/pf2.yml @@ -1,123 +1,69 @@ -hostname: pf2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - bgp_cluster_id: 192.168.255.2 - listen_ranges: - - prefix: 192.168.42.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - route_reflector_client: true - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - - name: WAN-RR-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: UYrhGgLBS9m5z2rcHbqzBg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - route_reflector_client: true - address_family_evpn: - peer_groups: - - name: WAN-RR-OVERLAY-PEERS - activate: true - encapsulation: path-selection - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - next_hop: - resolution_disabled: true - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - - name: WAN-RR-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - missing_policy: - direction_out_action: deny - - name: WAN-RR-OVERLAY-PEERS - activate: true - path_selection: - roles: - consumer: true - propagator: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.42.1 - peer_group: WAN-RR-OVERLAY-PEERS - peer: pf1 - description: pf1_Dps1 - vrfs: - - name: default - rd: 192.168.255.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.200.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 100.64.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.42.2/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: CRITICAL-SECRET-DATA-APP + dscp_ranges: + - '46' + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -125,148 +71,93 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.11/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -platform: - sfe: - data_plane_cpu_allocation_max: 1 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface + description: ACME-MPLS-INC_mpls-pf2_mpls-cloud_Ethernet2 + shutdown: false + ip_address: 172.18.200.2/24 peer: mpls-cloud peer_interface: Ethernet2 - ip_address: 172.18.200.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ACME-MPLS-INC_mpls-pf2_mpls-cloud_Ethernet2 - name: Ethernet2 - peer_type: l3_interface + description: GLOBAL-INTERNET-LIMITED_inet-pf2_inet-cloud_Ethernet2 + shutdown: false + ip_address: 100.64.200.2/24 + access_group_in: ACL-PF-INTERNET-IN_Ethernet2 peer: inet-cloud peer_interface: Ethernet2 - ip_address: 100.64.200.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: GLOBAL-INTERNET-LIMITED_inet-pf2_inet-cloud_Ethernet2 - access_group_in: ACL-PF-INTERNET-IN_Ethernet2 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.255.2:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: pf2 ip_access_lists: - name: ACL-PF-INTERNET-IN_Ethernet2 entries: - sequence: 1 remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' - - source: any - destination: 100.64.200.2 - sequence: 10 + - sequence: 10 action: permit protocol: udp + source: any + destination: 100.64.200.2 destination_ports_match: eq destination_ports: - isakmp - non500-isakmp - - source: any - destination: 100.64.200.2 - sequence: 20 + - sequence: 20 action: permit protocol: udp + source: any + destination: 100.64.200.2 destination_ports_match: eq destination_ports: - '3478' - - source: any - destination: 100.64.200.2 - sequence: 30 + - sequence: 30 action: permit protocol: icmp - - source: any - destination: any - action: deny + source: any + destination: 100.64.200.2 + - action: deny protocol: ip + source: any + destination: any ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.255.2:0 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -287,286 +178,92 @@ ip_security: time: 50 action: clear mode: transport +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.11/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false management_security: ssl_profiles: - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: pathfinder - profiles: - - name: BLUE-POLICY-VIDEO - load_balance_policy: LB-BLUE-POLICY-VIDEO - - name: BLUE-POLICY-VOICE - load_balance_policy: LB-BLUE-POLICY-VOICE - - name: BLUE-POLICY-DEFAULT - load_balance_policy: LB-BLUE-POLICY-DEFAULT - - name: RED-POLICY-CRITICAL-SECRET-DATA - load_balance_policy: LB-RED-POLICY-CRITICAL-SECRET-DATA - - name: RED-POLICY-NORMAL-DATA - load_balance_policy: LB-RED-POLICY-NORMAL-DATA - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - load_balance_policy: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-CONTROL-PLANE - load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: BLUE - policy: BLUE-POLICY - profiles: - - name: BLUE-POLICY-VIDEO - id: 2 - - name: BLUE-POLICY-VOICE - id: 3 - - name: BLUE-POLICY-DEFAULT - id: 1 - - name: RED - policy: RED-POLICY - profiles: - - name: RED-POLICY-CRITICAL-SECRET-DATA - id: 2 - - name: RED-POLICY-NORMAL-DATA - id: 3 - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - id: 4 - - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: CRITICAL-SECRET-DATA - avt_profile: RED-POLICY-CRITICAL-SECRET-DATA - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 101 - local_interfaces: + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: pathfinder + - name: PathfinderSet + value: PATHFINDERS + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ACME-MPLS-INC + - name: Circuit + value: mpls-pf2 + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: GLOBAL-INTERNET-LIMITED + - name: Circuit + value: inet-pf2 + cv_pathfinder: + role: pathfinder + site: PF2-GLOBAL + vtep_ip: 192.168.42.2 + ssl_profile: STUN-DTLS + address: Coulomiers, France + interfaces: - name: Ethernet1 - static_peers: - - router_ip: 192.168.42.1 - name: pf1 - ipv4_addresses: - - 172.18.100.2 - ipsec_profile: CP-PROFILE - - name: INTERNET - id: 102 - local_interfaces: + carrier: ACME-MPLS-INC + circuit_id: mpls-pf2 + pathgroup: MPLS + public_ip: 172.18.200.2 - name: Ethernet2 - static_peers: - - router_ip: 192.168.42.1 - name: pf1 - ipv4_addresses: - - 100.64.100.2 - ipsec_profile: CP-PROFILE - - name: LAN_HA - id: 65535 - flow_assignment: lan - peer_dynamic_source: stun - load_balance_policies: - - name: LB-BLUE-POLICY-VIDEO - path_groups: - - name: INTERNET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-BLUE-POLICY-VOICE - path_groups: - - name: MPLS - - name: INTERNET - priority: 2 - - name: LAN_HA - jitter: 30 - latency: 150 - loss_rate: '1' - lowest_hop_count: true - - name: LB-BLUE-POLICY-DEFAULT - path_groups: - - name: INTERNET - - name: MPLS - - name: LAN_HA - - name: LB-RED-POLICY-CRITICAL-SECRET-DATA - path_groups: - - name: MPLS - - name: LAN_HA - - name: LB-RED-POLICY-NORMAL-DATA - path_groups: - - name: INTERNET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA - path_groups: - - name: INTERNET - - name: LAN_HA - - name: LB-DEFAULT-POLICY-CONTROL-PLANE - path_groups: - - name: INTERNET - - name: MPLS - - name: LAN_HA - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: INTERNET - - name: MPLS - - name: LAN_HA -router_traffic_engineering: - enabled: true -stun: - server: - local_interfaces: - - Ethernet1 - - Ethernet2 - ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: CRITICAL-SECRET-DATA-APP - dscp_ranges: - - '46' - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.42.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.2/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: pf2_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: BLUE - vni: 100 - - name: RED - vni: 101 -metadata: - cv_pathfinder: - applications: - profiles: - - name: VIDEO - user_defined_applications: - - name: VIDEO-APP - - name: VOICE - user_defined_applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - user_defined_applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - user_defined_applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - user_defined_applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - user_defined_applications: - - name: APP-CONTROL-PLANE - role: pathfinder - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.2 - site: PF2-GLOBAL - address: Coulomiers, France - interfaces: - - name: Ethernet1 - carrier: ACME-MPLS-INC - circuit_id: mpls-pf2 - pathgroup: MPLS - public_ip: 172.18.200.2 - - name: Ethernet2 - carrier: GLOBAL-INTERNET-LIMITED - circuit_id: inet-pf2 - pathgroup: INTERNET - public_ip: 100.64.200.2 - pathgroups: + carrier: GLOBAL-INTERNET-LIMITED + circuit_id: inet-pf2 + pathgroup: INTERNET + public_ip: 100.64.200.2 + pathgroups: - name: MPLS carriers: - name: ACME-MPLS-INC @@ -576,28 +273,28 @@ metadata: - name: REGION1-INTERNET-CORP - name: REGION2-INTERNET-CORP regions: - - name: REGION1 - id: 1 + - id: 1 + name: REGION1 zones: - - name: REGION1-ZONE - id: 1 + - id: 1 + name: REGION1-ZONE sites: - - name: SITE1 - id: 101 + - id: 101 + name: SITE1 location: address: Copenhagen, Denmark - - name: REGION2 - id: 2 + - id: 2 + name: REGION2 zones: - - name: REGION2-ZONE - id: 1 + - id: 1 + name: REGION2-ZONE sites: - - name: SITE2 - id: 202 + - id: 202 + name: SITE2 location: address: Ottawa, Canada - - name: SITE3 - id: 203 + - id: 203 + name: SITE3 location: address: Milan, Italy vrfs: @@ -618,7 +315,7 @@ metadata: - constraints: jitter: 30 latency: 150 - lossrate: 1.0 + lossrate: '1.0' hop_count: lowest id: 3 name: BLUE-POLICY-VOICE @@ -695,43 +392,346 @@ metadata: preference: preferred - name: LAN_HA preference: preferred - cv_tags: - device_tags: - - name: Role - value: pathfinder - - name: PathfinderSet - value: PATHFINDERS - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ACME-MPLS-INC - - name: Circuit - value: mpls-pf2 - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: GLOBAL-INTERNET-LIMITED - - name: Circuit - value: inet-pf2 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local + applications: + profiles: + - name: VIDEO + user_defined_applications: + - name: VIDEO-APP + - name: VOICE + user_defined_applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + user_defined_applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + user_defined_applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + user_defined_applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + user_defined_applications: + - name: APP-CONTROL-PLANE +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +platform: + sfe: + data_plane_cpu_allocation_max: 1 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.255.2:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: pathfinder + profiles: + - name: BLUE-POLICY-VIDEO + load_balance_policy: LB-BLUE-POLICY-VIDEO + - name: BLUE-POLICY-VOICE + load_balance_policy: LB-BLUE-POLICY-VOICE + - name: BLUE-POLICY-DEFAULT + load_balance_policy: LB-BLUE-POLICY-DEFAULT + - name: RED-POLICY-CRITICAL-SECRET-DATA + load_balance_policy: LB-RED-POLICY-CRITICAL-SECRET-DATA + - name: RED-POLICY-NORMAL-DATA + load_balance_policy: LB-RED-POLICY-NORMAL-DATA + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + load_balance_policy: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: CRITICAL-SECRET-DATA + avt_profile: RED-POLICY-CRITICAL-SECRET-DATA + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: BLUE + policy: BLUE-POLICY + profiles: + - name: BLUE-POLICY-VIDEO + id: 2 + - name: BLUE-POLICY-VOICE + id: 3 + - name: BLUE-POLICY-DEFAULT + id: 1 + - name: RED + policy: RED-POLICY + profiles: + - name: RED-POLICY-CRITICAL-SECRET-DATA + id: 2 + - name: RED-POLICY-NORMAL-DATA + id: 3 + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + id: 4 + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.2 + maximum_paths: + paths: 16 + bgp_cluster_id: 192.168.255.2 + bgp: + default: + ipv4_unicast: false + listen_ranges: + - prefix: 192.168.42.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + - name: WAN-RR-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: UYrhGgLBS9m5z2rcHbqzBg== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.42.1 + peer_group: WAN-RR-OVERLAY-PEERS + peer: pf1 + description: pf1_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-RR-OVERLAY-PEERS + activate: true + encapsulation: path-selection + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + next_hop: + resolution_disabled: true + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + - name: WAN-RR-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + missing_policy: + direction_out_action: deny + - name: WAN-RR-OVERLAY-PEERS + activate: true + path_selection: + roles: + consumer: true + propagator: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.255.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_path_selection: + peer_dynamic_source: stun + path_groups: + - name: MPLS + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1 + static_peers: + - router_ip: 192.168.42.1 + name: pf1 + ipv4_addresses: + - 172.18.100.2 + - name: INTERNET + id: 102 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet2 + static_peers: + - router_ip: 192.168.42.1 + name: pf1 + ipv4_addresses: + - 100.64.100.2 + - name: LAN_HA + id: 65535 + flow_assignment: lan + load_balance_policies: + - name: LB-BLUE-POLICY-VIDEO + path_groups: + - name: INTERNET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-BLUE-POLICY-VOICE + lowest_hop_count: true + jitter: 30 + latency: 150 + loss_rate: '1' + path_groups: + - name: MPLS + - name: INTERNET + priority: 2 + - name: LAN_HA + - name: LB-BLUE-POLICY-DEFAULT + path_groups: + - name: INTERNET + - name: MPLS + - name: LAN_HA + - name: LB-RED-POLICY-CRITICAL-SECRET-DATA + path_groups: + - name: MPLS + - name: LAN_HA + - name: LB-RED-POLICY-NORMAL-DATA + path_groups: + - name: INTERNET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-RED-POLICY-NOT-SO-IMPORTANT-DATA + path_groups: + - name: INTERNET + - name: LAN_HA + - name: LB-DEFAULT-POLICY-CONTROL-PLANE + path_groups: + - name: INTERNET + - name: MPLS + - name: LAN_HA + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: INTERNET + - name: MPLS + - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.200.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 100.64.200.1 +stun: + server: + local_interfaces: + - Ethernet1 + - Ethernet2 + ssl_profile: STUN-DTLS +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: pf2_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: BLUE + vni: 100 + - name: RED + vni: 101 diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border1.yml index 1993b75497d..481920086a6 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border1.yml @@ -1,46 +1,268 @@ +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - www.cv-staging.corp.arista.io:443 + cvauth: + method: token-secure + token_file: /tmp/cv-onboarding-token + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_site1-border2_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site1-border2 + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_site1-border2_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site1-border2 + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet3 + description: P2P_site1-wan1_Ethernet1 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER + ip_address: 10.0.1.8/31 + peer: site1-wan1 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet3.100 + description: P2P_site1-wan1_Ethernet1.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 + ip_address: 10.0.1.8/31 + peer: site1-wan1 + peer_interface: Ethernet1.100 + peer_type: wan_router +- name: Ethernet3.101 + description: P2P_site1-wan1_Ethernet1.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 101 + ip_address: 10.0.1.8/31 + peer: site1-wan1 + peer_interface: Ethernet1.101 + peer_type: wan_router +- name: Ethernet4 + description: P2P_site1-wan2_Ethernet1 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER + ip_address: 10.0.1.12/31 + peer: site1-wan2 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet4.100 + description: P2P_site1-wan2_Ethernet1.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 + ip_address: 10.0.1.12/31 + peer: site1-wan2 + peer_interface: Ethernet1.100 + peer_type: wan_router +- name: Ethernet4.101 + description: P2P_site1-wan2_Ethernet1.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 101 + ip_address: 10.0.1.12/31 + peer: site1-wan2 + peer_interface: Ethernet1.101 + peer_type: wan_router +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false hostname: site1-border1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.42.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.14/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +mlag_configuration: + domain_id: SITE1 + local_interface: Vlan4094 + peer_address: 10.255.252.9 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_site1-border2_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.42.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.8/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: site1-border2 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.9 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -56,8 +278,51 @@ router_bgp: remote_as: '65000' peer: site1-wan2 description: site1-wan2_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 666 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.5:10666 + route_targets: + both: + - 10666:10666 + redistribute_routes: + - learned + - id: 42 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.5:10042 + route_targets: + both: + - 10042:10042 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: BLUE + rd: 192.168.255.5:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 router_id: 192.168.255.5 neighbors: - ip_address: 10.0.1.9 @@ -71,21 +336,21 @@ router_bgp: - ip_address: 10.255.251.9 peer_group: MLAG-IPv4-UNDERLAY-PEER description: site1-border2_Vlan3099 - rd: 192.168.255.5:100 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: RED + rd: 192.168.255.5:101 route_targets: import: - address_family: evpn route_targets: - - 100:100 + - 101:101 export: - address_family: evpn route_targets: - - 100:100 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - - name: RED + - 101:101 router_id: 192.168.255.5 neighbors: - ip_address: 10.0.1.9 @@ -99,129 +364,74 @@ router_bgp: - ip_address: 10.255.251.9 peer_group: MLAG-IPv4-UNDERLAY-PEER description: site1-border2_Vlan3100 - rd: 192.168.255.5:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 666 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.5:10666 - route_targets: - both: - - 10666:10666 - redistribute_routes: - - learned - - id: 42 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.5:10042 - route_targets: - both: - - 10042:10042 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - www.cv-staging.corp.arista.io:443 - cvauth: - method: token-secure - token_file: /tmp/cv-onboarding-token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false - vrf: MGMT - ip_address: 192.168.17.14/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 + ip_address: 10.255.251.8/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.8/31 + mtu: 9214 + no_autostate: true +- name: Vlan666 + description: BLUE-TEST + shutdown: false + vrf: BLUE + ip_address: 10.66.1.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3099 + description: MLAG_L3_VRF_BLUE + shutdown: false + vrf: BLUE + ip_address: 10.255.251.8/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering +- name: Vlan42 + description: RED-TEST + shutdown: false + vrf: RED + ip_address: 10.42.1.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3100 + description: MLAG_L3_VRF_RED + shutdown: false + vrf: RED + ip_address: 10.255.251.8/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 666 name: BLUE-TEST tenant: WAN-EXAMPLE-TENANT @@ -238,213 +448,21 @@ vlans: trunk_groups: - MLAG tenant: WAN-EXAMPLE-TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.8/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.8/31 -- name: Vlan666 - tenant: WAN-EXAMPLE-TENANT - description: BLUE-TEST - shutdown: false - ip_address: 10.66.1.1/24 - vrf: BLUE -- name: Vlan3099 - tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_BLUE - vrf: BLUE - mtu: 9214 - ip_address: 10.255.251.8/31 -- name: Vlan42 +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true tenant: WAN-EXAMPLE-TENANT - description: RED-TEST - shutdown: false - ip_address: 10.42.1.1/24 - vrf: RED -- name: Vlan3100 +- name: RED + ip_routing: true tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_RED - vrf: RED - mtu: 9214 - ip_address: 10.255.251.8/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_site1-border2_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: site1-border2 - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_site1-border2_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: site1-border2 - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_site1-border2_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet3 - peer: site1-wan1 - peer_interface: Ethernet1 - peer_type: wan_router - description: P2P_site1-wan1_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - flow_tracker: - sampled: FLOW-TRACKER - ip_address: 10.0.1.8/31 -- name: Ethernet3.100 - peer: site1-wan1 - peer_interface: Ethernet1.100 - peer_type: wan_router - vrf: BLUE - description: P2P_site1-wan1_Ethernet1.100_VRF_BLUE - shutdown: false - encapsulation_dot1q: - vlan: 100 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.8/31 -- name: Ethernet3.101 - peer: site1-wan1 - peer_interface: Ethernet1.101 - peer_type: wan_router - vrf: RED - description: P2P_site1-wan1_Ethernet1.101_VRF_RED - shutdown: false - encapsulation_dot1q: - vlan: 101 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.8/31 -- name: Ethernet4 - peer: site1-wan2 - peer_interface: Ethernet1 - peer_type: wan_router - description: P2P_site1-wan2_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - flow_tracker: - sampled: FLOW-TRACKER - ip_address: 10.0.1.12/31 -- name: Ethernet4.100 - peer: site1-wan2 - peer_interface: Ethernet1.100 - peer_type: wan_router - vrf: BLUE - description: P2P_site1-wan2_Ethernet1.100_VRF_BLUE - shutdown: false - encapsulation_dot1q: - vlan: 100 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.12/31 -- name: Ethernet4.101 - peer: site1-wan2 - peer_interface: Ethernet1.101 - peer_type: wan_router - vrf: RED - description: P2P_site1-wan2_Ethernet1.101_VRF_RED - shutdown: false - encapsulation_dot1q: - vlan: 101 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.12/31 -mlag_configuration: - domain_id: SITE1 - local_interface: Vlan4094 - peer_address: 10.255.252.9 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.42.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.42.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.8/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: site1-border1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 666 @@ -456,21 +474,3 @@ vxlan_interface: vni: 100 - name: RED vni: 101 -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border2.yml index 5dd47a45628..b5b2ed37d6d 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-border2.yml @@ -1,46 +1,268 @@ +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - www.cv-staging.corp.arista.io:443 + cvauth: + method: token-secure + token_file: /tmp/cv-onboarding-token + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_site1-border1_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site1-border1 + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_site1-border1_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site1-border1 + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet3 + description: P2P_site1-wan1_Ethernet2 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER + ip_address: 10.0.1.10/31 + peer: site1-wan1 + peer_interface: Ethernet2 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet3.100 + description: P2P_site1-wan1_Ethernet2.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 + ip_address: 10.0.1.10/31 + peer: site1-wan1 + peer_interface: Ethernet2.100 + peer_type: wan_router +- name: Ethernet3.101 + description: P2P_site1-wan1_Ethernet2.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 101 + ip_address: 10.0.1.10/31 + peer: site1-wan1 + peer_interface: Ethernet2.101 + peer_type: wan_router +- name: Ethernet4 + description: P2P_site1-wan2_Ethernet2 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER + ip_address: 10.0.1.14/31 + peer: site1-wan2 + peer_interface: Ethernet2 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet4.100 + description: P2P_site1-wan2_Ethernet2.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 + ip_address: 10.0.1.14/31 + peer: site1-wan2 + peer_interface: Ethernet2.100 + peer_type: wan_router +- name: Ethernet4.101 + description: P2P_site1-wan2_Ethernet2.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 101 + ip_address: 10.0.1.14/31 + peer: site1-wan2 + peer_interface: Ethernet2.101 + peer_type: wan_router +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false hostname: site1-border2 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.42.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.15/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +mlag_configuration: + domain_id: SITE1 + local_interface: Vlan4094 + peer_address: 10.255.252.8 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_site1-border1_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.42.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.8/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: site1-border1 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.8 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -56,8 +278,51 @@ router_bgp: remote_as: '65000' peer: site1-wan2 description: site1-wan2_Ethernet2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 666 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.6:10666 + route_targets: + both: + - 10666:10666 + redistribute_routes: + - learned + - id: 42 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.6:10042 + route_targets: + both: + - 10042:10042 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: BLUE + rd: 192.168.255.6:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 router_id: 192.168.255.6 neighbors: - ip_address: 10.0.1.11 @@ -71,21 +336,21 @@ router_bgp: - ip_address: 10.255.251.8 peer_group: MLAG-IPv4-UNDERLAY-PEER description: site1-border1_Vlan3099 - rd: 192.168.255.6:100 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: RED + rd: 192.168.255.6:101 route_targets: import: - address_family: evpn route_targets: - - 100:100 + - 101:101 export: - address_family: evpn route_targets: - - 100:100 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - - name: RED + - 101:101 router_id: 192.168.255.6 neighbors: - ip_address: 10.0.1.11 @@ -99,129 +364,74 @@ router_bgp: - ip_address: 10.255.251.8 peer_group: MLAG-IPv4-UNDERLAY-PEER description: site1-border1_Vlan3100 - rd: 192.168.255.6:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 666 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.6:10666 - route_targets: - both: - - 10666:10666 - redistribute_routes: - - learned - - id: 42 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.6:10042 - route_targets: - both: - - 10042:10042 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - www.cv-staging.corp.arista.io:443 - cvauth: - method: token-secure - token_file: /tmp/cv-onboarding-token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false - vrf: MGMT - ip_address: 192.168.17.15/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 + ip_address: 10.255.251.9/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.9/31 + mtu: 9214 + no_autostate: true +- name: Vlan666 + description: BLUE-TEST + shutdown: false + vrf: BLUE + ip_address: 10.66.11.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3099 + description: MLAG_L3_VRF_BLUE + shutdown: false + vrf: BLUE + ip_address: 10.255.251.9/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering +- name: Vlan42 + description: RED-TEST + shutdown: false + vrf: RED + ip_address: 10.42.11.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3100 + description: MLAG_L3_VRF_RED + shutdown: false + vrf: RED + ip_address: 10.255.251.9/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 666 name: BLUE-TEST tenant: WAN-EXAMPLE-TENANT @@ -238,213 +448,21 @@ vlans: trunk_groups: - MLAG tenant: WAN-EXAMPLE-TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.9/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.9/31 -- name: Vlan666 - tenant: WAN-EXAMPLE-TENANT - description: BLUE-TEST - shutdown: false - ip_address: 10.66.11.1/24 - vrf: BLUE -- name: Vlan3099 - tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_BLUE - vrf: BLUE - mtu: 9214 - ip_address: 10.255.251.9/31 -- name: Vlan42 +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true tenant: WAN-EXAMPLE-TENANT - description: RED-TEST - shutdown: false - ip_address: 10.42.11.1/24 - vrf: RED -- name: Vlan3100 +- name: RED + ip_routing: true tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_RED - vrf: RED - mtu: 9214 - ip_address: 10.255.251.9/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_site1-border1_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: site1-border1 - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_site1-border1_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: site1-border1 - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_site1-border1_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet3 - peer: site1-wan1 - peer_interface: Ethernet2 - peer_type: wan_router - description: P2P_site1-wan1_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - flow_tracker: - sampled: FLOW-TRACKER - ip_address: 10.0.1.10/31 -- name: Ethernet3.100 - peer: site1-wan1 - peer_interface: Ethernet2.100 - peer_type: wan_router - vrf: BLUE - description: P2P_site1-wan1_Ethernet2.100_VRF_BLUE - shutdown: false - encapsulation_dot1q: - vlan: 100 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.10/31 -- name: Ethernet3.101 - peer: site1-wan1 - peer_interface: Ethernet2.101 - peer_type: wan_router - vrf: RED - description: P2P_site1-wan1_Ethernet2.101_VRF_RED - shutdown: false - encapsulation_dot1q: - vlan: 101 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.10/31 -- name: Ethernet4 - peer: site1-wan2 - peer_interface: Ethernet2 - peer_type: wan_router - description: P2P_site1-wan2_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - flow_tracker: - sampled: FLOW-TRACKER - ip_address: 10.0.1.14/31 -- name: Ethernet4.100 - peer: site1-wan2 - peer_interface: Ethernet2.100 - peer_type: wan_router - vrf: BLUE - description: P2P_site1-wan2_Ethernet2.100_VRF_BLUE - shutdown: false - encapsulation_dot1q: - vlan: 100 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.14/31 -- name: Ethernet4.101 - peer: site1-wan2 - peer_interface: Ethernet2.101 - peer_type: wan_router - vrf: RED - description: P2P_site1-wan2_Ethernet2.101_VRF_RED - shutdown: false - encapsulation_dot1q: - vlan: 101 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.14/31 -mlag_configuration: - domain_id: SITE1 - local_interface: Vlan4094 - peer_address: 10.255.252.8 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.42.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.42.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.8/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: site1-border2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 666 @@ -456,21 +474,3 @@ vxlan_interface: vni: 100 - name: RED vni: 101 -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml index 26ebe38fe11..53900150fe4 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml @@ -1,176 +1,76 @@ -hostname: site1-wan1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.0.1.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: site1-border1 - description: site1-border1_Ethernet3 - - ip_address: 10.0.1.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: site1-border2 - description: site1-border2_Ethernet3 - - ip_address: 192.168.42.1 - peer_group: WAN-OVERLAY-PEERS - peer: pf1 - description: pf1_Dps1 - - ip_address: 192.168.42.2 - peer_group: WAN-OVERLAY-PEERS - peer: pf2 - description: pf2_Dps1 - - ip_address: 192.168.42.4 - peer: site1-wan2 - description: site1-wan2 - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: BLUE - router_id: 192.168.255.3 - neighbors: - - ip_address: 10.0.1.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border1_Ethernet3.100_vrf_BLUE - - ip_address: 10.0.1.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border2_Ethernet3.100_vrf_BLUE - rd: 192.168.255.3:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute: - connected: - enabled: true - - name: RED - router_id: 192.168.255.3 - neighbors: - - ip_address: 10.0.1.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border1_Ethernet3.101_vrf_RED - - ip_address: 10.0.1.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border2_Ethernet3.101_vrf_RED - rd: 192.168.255.3:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.255.3:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.42.4 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.10.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.42.1/32 + - 192.168.42.2/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: CRITICAL-SECRET-DATA-APP + dscp_ranges: + - '46' + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -178,176 +78,326 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.3/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.12/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: site1-border1 - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_site1-border1_Ethernet3 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.0.1.9/31 -- name: Ethernet1.100 peer: site1-border1 - peer_interface: Ethernet3.100 + peer_interface: Ethernet3 peer_type: l3leaf - vrf: BLUE + switchport: + enabled: false +- name: Ethernet1.100 description: P2P_site1-border1_Ethernet3.100_VRF_BLUE shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + hardware: FLOW-TRACKER encapsulation_dot1q: vlan: 100 + ip_address: 10.0.1.9/31 + peer: site1-border1 + peer_interface: Ethernet3.100 + peer_type: l3leaf +- name: Ethernet1.101 + description: P2P_site1-border1_Ethernet3.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 101 ip_address: 10.0.1.9/31 -- name: Ethernet1.101 peer: site1-border1 peer_interface: Ethernet3.101 peer_type: l3leaf - vrf: RED - description: P2P_site1-border1_Ethernet3.101_VRF_RED +- name: Ethernet2 + description: P2P_site1-border2_Ethernet3 shutdown: false - encapsulation_dot1q: - vlan: 101 + mtu: 9214 flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.9/31 -- name: Ethernet2 + ip_address: 10.0.1.11/31 peer: site1-border2 peer_interface: Ethernet3 peer_type: l3leaf - description: P2P_site1-border2_Ethernet3 - shutdown: false - mtu: 9214 switchport: enabled: false +- name: Ethernet2.100 + description: P2P_site1-border2_Ethernet3.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE flow_tracker: hardware: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 ip_address: 10.0.1.11/31 -- name: Ethernet2.100 peer: site1-border2 peer_interface: Ethernet3.100 peer_type: l3leaf - vrf: BLUE - description: P2P_site1-border2_Ethernet3.100_VRF_BLUE +- name: Ethernet2.101 + description: P2P_site1-border2_Ethernet3.101_VRF_RED shutdown: false - encapsulation_dot1q: - vlan: 100 + mtu: 9214 + vrf: RED flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 101 ip_address: 10.0.1.11/31 -- name: Ethernet2.101 peer: site1-border2 peer_interface: Ethernet3.101 peer_type: l3leaf - vrf: RED - description: P2P_site1-border2_Ethernet3.101_VRF_RED +- name: Ethernet3 + description: ACME-MPLS-INC_mpls-site1-wan1_mpls-cloud_Ethernet5 shutdown: false - encapsulation_dot1q: - vlan: 101 flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.11/31 -- name: Ethernet3 - peer_type: l3_interface + ip_address: 172.18.10.2/24 peer: mpls-cloud peer_interface: Ethernet5 - ip_address: 172.18.10.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ACME-MPLS-INC_mpls-site1-wan1_mpls-cloud_Ethernet5 +- name: Ethernet4 + description: REGION1-INTERNET-CORP_inet-site1-wan1_inet-cloud_Ethernet5 + shutdown: false flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet4 - peer_type: l3_interface + ip_address: 100.64.10.2/24 + access_group_in: ACL-INTERNET-IN_Ethernet4 peer: inet-cloud peer_interface: Ethernet5 - ip_address: 100.64.10.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: REGION1-INTERNET-CORP_inet-site1-wan1_inet-cloud_Ethernet5 - access_group_in: ACL-INTERNET-IN_Ethernet4 - flow_tracker: - hardware: FLOW-TRACKER +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: site1-wan1 +ip_access_lists: +- name: ACL-INTERNET-IN_Ethernet4 + entries: + - sequence: 1 + remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' + - sequence: 10 + action: permit + protocol: udp + source: any + destination: 100.64.10.2 + destination_ports_match: eq + destination_ports: + - isakmp + - non500-isakmp + - sequence: 30 + action: permit + protocol: icmp + source: any + destination: 100.64.10.2 + - action: deny + protocol: ip + source: any + destination: any +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.255.3:101 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.3 + - name: CP-IKE-POLICY + local_id: 192.168.42.3 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: 141600021F102B + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: 045A190F1C354D + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.3/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.12/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: REGION1 + - name: Zone + value: REGION1-ZONE + - name: Site + value: SITE1 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet1.100 + tags: + - name: Type + value: lan + - interface: Ethernet1.101 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + - interface: Ethernet2.100 + tags: + - name: Type + value: lan + - interface: Ethernet2.101 + tags: + - name: Type + value: lan + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: ACME-MPLS-INC + - name: Circuit + value: mpls-site1-wan1 + - interface: Ethernet4 + tags: + - name: Type + value: wan + - name: Carrier + value: REGION1-INTERNET-CORP + - name: Circuit + value: inet-site1-wan1 + cv_pathfinder: + role: transit region + region: REGION1 + zone: REGION1-ZONE + site: SITE1 + vtep_ip: 192.168.42.3 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.42.1 + - vtep_ip: 192.168.42.2 + interfaces: + - name: Ethernet3 + carrier: ACME-MPLS-INC + circuit_id: mpls-site1-wan1 + pathgroup: MPLS + - name: Ethernet4 + carrier: REGION1-INTERNET-CORP + circuit_id: inet-site1-wan1 + pathgroup: INTERNET +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -448,87 +498,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_access_lists: -- name: ACL-INTERNET-IN_Ethernet4 - entries: - - sequence: 1 - remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' - - source: any - destination: 100.64.10.2 - sequence: 10 - action: permit - protocol: udp - destination_ports_match: eq - destination_ports: - - isakmp - - non500-isakmp - - source: any - destination: 100.64.10.2 - sequence: 30 - action: permit - protocol: icmp - - source: any - destination: any - action: deny - protocol: ip -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.255.3:101 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.42.3 - - name: CP-IKE-POLICY - local_id: 192.168.42.3 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: 141600021F102B - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: 045A190F1C354D - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: transit region region: @@ -557,6 +526,30 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: CRITICAL-SECRET-DATA + avt_profile: RED-POLICY-CRITICAL-SECRET-DATA + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: BLUE policy: BLUE-POLICY @@ -577,47 +570,185 @@ router_adaptive_virtual_topology: - name: RED-POLICY-NOT-SO-IMPORTANT-DATA id: 4 - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: CRITICAL-SECRET-DATA - avt_profile: RED-POLICY-CRITICAL-SECRET-DATA - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.3 + maximum_paths: + paths: 16 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 10.0.1.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: site1-border1 + description: site1-border1_Ethernet3 + - ip_address: 10.0.1.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: site1-border2 + description: site1-border2_Ethernet3 + - ip_address: 192.168.42.1 + peer_group: WAN-OVERLAY-PEERS + peer: pf1 + description: pf1_Dps1 + - ip_address: 192.168.42.2 + peer_group: WAN-OVERLAY-PEERS + peer: pf2 + description: pf2_Dps1 + - ip_address: 192.168.42.4 + remote_as: '65000' + peer: site1-wan2 + description: site1-wan2 + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.42.4 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: BLUE + rd: 192.168.255.3:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.255.3 + neighbors: + - ip_address: 10.0.1.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border1_Ethernet3.100_vrf_BLUE + - ip_address: 10.0.1.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border2_Ethernet3.100_vrf_BLUE + redistribute: + connected: + enabled: true + - name: RED + rd: 192.168.255.3:101 + route_targets: + import: + - address_family: evpn + route_targets: + - 101:101 + export: + - address_family: evpn + route_targets: + - 101:101 + router_id: 192.168.255.3 + neighbors: + - ip_address: 10.0.1.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border1_Ethernet3.101_vrf_RED + - ip_address: 10.0.1.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border2_Ethernet3.101_vrf_RED + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.255.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: MPLS id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 stun: @@ -635,9 +766,9 @@ router_path_selection: name: pf2 ipv4_addresses: - 172.18.200.2 - ipsec_profile: CP-PROFILE - name: INTERNET id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet4 stun: @@ -655,9 +786,9 @@ router_path_selection: name: pf2 ipv4_addresses: - 100.64.200.2 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet1 @@ -668,7 +799,6 @@ router_path_selection: ipv4_addresses: - 10.0.1.13 - 10.0.1.15 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-BLUE-POLICY-VIDEO path_groups: @@ -677,15 +807,15 @@ router_path_selection: priority: 2 - name: LAN_HA - name: LB-BLUE-POLICY-VOICE + lowest_hop_count: true + jitter: 30 + latency: 150 + loss_rate: '1' path_groups: - name: MPLS - name: INTERNET priority: 2 - name: LAN_HA - jitter: 30 - latency: 150 - loss_rate: '1' - lowest_hop_count: true - name: LB-BLUE-POLICY-DEFAULT path_groups: - name: INTERNET @@ -715,8 +845,19 @@ router_path_selection: - name: INTERNET - name: MPLS - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.10.1 stun: client: server_profiles: @@ -732,75 +873,22 @@ stun: - name: INTERNET-pf2-Ethernet2 ip_address: 100.64.200.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: CRITICAL-SECRET-DATA-APP - dscp_ranges: - - '46' - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.42.1/32 - - 192.168.42.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.3/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true + tenant: WAN-EXAMPLE-TENANT +- name: RED + ip_routing: true + tenant: WAN-EXAMPLE-TENANT vxlan_interface: vxlan1: description: site1-wan1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: BLUE vni: 100 @@ -808,91 +896,3 @@ vxlan_interface: vni: 101 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: REGION1 - - name: Zone - value: REGION1-ZONE - - name: Site - value: SITE1 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet1.100 - tags: - - name: Type - value: lan - - interface: Ethernet1.101 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: lan - - interface: Ethernet2.100 - tags: - - name: Type - value: lan - - interface: Ethernet2.101 - tags: - - name: Type - value: lan - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: ACME-MPLS-INC - - name: Circuit - value: mpls-site1-wan1 - - interface: Ethernet4 - tags: - - name: Type - value: wan - - name: Carrier - value: REGION1-INTERNET-CORP - - name: Circuit - value: inet-site1-wan1 - cv_pathfinder: - role: transit region - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.3 - region: REGION1 - zone: REGION1-ZONE - site: SITE1 - interfaces: - - name: Ethernet3 - carrier: ACME-MPLS-INC - circuit_id: mpls-site1-wan1 - pathgroup: MPLS - - name: Ethernet4 - carrier: REGION1-INTERNET-CORP - circuit_id: inet-site1-wan1 - pathgroup: INTERNET - pathfinders: - - vtep_ip: 192.168.42.1 - - vtep_ip: 192.168.42.2 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml index 6cd61b9e2be..e67e3a99c94 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml @@ -1,176 +1,76 @@ -hostname: site1-wan2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.0.1.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: site1-border1 - description: site1-border1_Ethernet4 - - ip_address: 10.0.1.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: site1-border2 - description: site1-border2_Ethernet4 - - ip_address: 192.168.42.1 - peer_group: WAN-OVERLAY-PEERS - peer: pf1 - description: pf1_Dps1 - - ip_address: 192.168.42.2 - peer_group: WAN-OVERLAY-PEERS - peer: pf2 - description: pf2_Dps1 - - ip_address: 192.168.42.3 - peer: site1-wan1 - description: site1-wan1 - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: BLUE - router_id: 192.168.255.4 - neighbors: - - ip_address: 10.0.1.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border1_Ethernet4.100_vrf_BLUE - - ip_address: 10.0.1.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border2_Ethernet4.100_vrf_BLUE - rd: 192.168.255.4:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute: - connected: - enabled: true - - name: RED - router_id: 192.168.255.4 - neighbors: - - ip_address: 10.0.1.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border1_Ethernet4.101_vrf_RED - - ip_address: 10.0.1.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: site1-border2_Ethernet4.101_vrf_RED - rd: 192.168.255.4:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.255.4:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.42.3 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.11.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.42.1/32 + - 192.168.42.2/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: CRITICAL-SECRET-DATA-APP + dscp_ranges: + - '46' + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -178,177 +78,327 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.4/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.13/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: site1-border1 - peer_interface: Ethernet4 - peer_type: l3leaf description: P2P_site1-border1_Ethernet4 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.0.1.13/31 -- name: Ethernet1.100 peer: site1-border1 - peer_interface: Ethernet4.100 + peer_interface: Ethernet4 peer_type: l3leaf - vrf: BLUE + switchport: + enabled: false +- name: Ethernet1.100 description: P2P_site1-border1_Ethernet4.100_VRF_BLUE shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + hardware: FLOW-TRACKER encapsulation_dot1q: vlan: 100 + ip_address: 10.0.1.13/31 + peer: site1-border1 + peer_interface: Ethernet4.100 + peer_type: l3leaf +- name: Ethernet1.101 + description: P2P_site1-border1_Ethernet4.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 101 ip_address: 10.0.1.13/31 -- name: Ethernet1.101 peer: site1-border1 peer_interface: Ethernet4.101 peer_type: l3leaf - vrf: RED - description: P2P_site1-border1_Ethernet4.101_VRF_RED +- name: Ethernet2 + description: P2P_site1-border2_Ethernet4 shutdown: false - encapsulation_dot1q: - vlan: 101 + mtu: 9214 flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.13/31 -- name: Ethernet2 + ip_address: 10.0.1.15/31 peer: site1-border2 peer_interface: Ethernet4 peer_type: l3leaf - description: P2P_site1-border2_Ethernet4 - shutdown: false - mtu: 9214 switchport: enabled: false +- name: Ethernet2.100 + description: P2P_site1-border2_Ethernet4.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE flow_tracker: hardware: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 ip_address: 10.0.1.15/31 -- name: Ethernet2.100 peer: site1-border2 peer_interface: Ethernet4.100 peer_type: l3leaf - vrf: BLUE - description: P2P_site1-border2_Ethernet4.100_VRF_BLUE +- name: Ethernet2.101 + description: P2P_site1-border2_Ethernet4.101_VRF_RED shutdown: false - encapsulation_dot1q: - vlan: 100 + mtu: 9214 + vrf: RED flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 101 ip_address: 10.0.1.15/31 -- name: Ethernet2.101 peer: site1-border2 peer_interface: Ethernet4.101 peer_type: l3leaf - vrf: RED - description: P2P_site1-border2_Ethernet4.101_VRF_RED +- name: Ethernet3 + description: ACME-MPLS-INC_mpls-site1-wan2_mpls-cloud_Ethernet6 shutdown: false - encapsulation_dot1q: - vlan: 101 flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.1.15/31 -- name: Ethernet3 - peer_type: l3_interface + ip_address: 172.18.11.2/24 peer: mpls-cloud peer_interface: Ethernet6 - ip_address: 172.18.11.2/24 - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ACME-MPLS-INC_mpls-site1-wan2_mpls-cloud_Ethernet6 +- name: Ethernet4 + description: REGION1-INTERNET-CORP_inet-site1-wan2_inet-cloud_Ethernet6 + shutdown: false flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet4 - peer_type: l3_interface + ip_address: dhcp + dhcp_client_accept_default_route: true + access_group_in: ACL-INTERNET-IN_Ethernet4 peer: inet-cloud peer_interface: Ethernet6 - ip_address: dhcp - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: REGION1-INTERNET-CORP_inet-site1-wan2_inet-cloud_Ethernet6 - access_group_in: ACL-INTERNET-IN_Ethernet4 - flow_tracker: - hardware: FLOW-TRACKER - dhcp_client_accept_default_route: true +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: site1-wan2 +ip_access_lists: +- name: ACL-INTERNET-IN_Ethernet4 + entries: + - sequence: 1 + remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' + - sequence: 10 + action: permit + protocol: udp + source: any + destination: 100.64.11.2 + destination_ports_match: eq + destination_ports: + - isakmp + - non500-isakmp + - sequence: 30 + action: permit + protocol: icmp + source: any + destination: 100.64.11.2 + - action: deny + protocol: ip + source: any + destination: any +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.255.3:101 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.4 + - name: CP-IKE-POLICY + local_id: 192.168.42.4 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: 141600021F102B + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: 045A190F1C354D + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.4/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.13/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: REGION1 + - name: Zone + value: REGION1-ZONE + - name: Site + value: SITE1 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet1.100 + tags: + - name: Type + value: lan + - interface: Ethernet1.101 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + - interface: Ethernet2.100 + tags: + - name: Type + value: lan + - interface: Ethernet2.101 + tags: + - name: Type + value: lan + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: ACME-MPLS-INC + - name: Circuit + value: mpls-site1-wan2 + - interface: Ethernet4 + tags: + - name: Type + value: wan + - name: Carrier + value: REGION1-INTERNET-CORP + - name: Circuit + value: inet-site1-wan2 + cv_pathfinder: + role: transit region + region: REGION1 + zone: REGION1-ZONE + site: SITE1 + vtep_ip: 192.168.42.4 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.42.1 + - vtep_ip: 192.168.42.2 + interfaces: + - name: Ethernet3 + carrier: ACME-MPLS-INC + circuit_id: mpls-site1-wan2 + pathgroup: MPLS + - name: Ethernet4 + carrier: REGION1-INTERNET-CORP + circuit_id: inet-site1-wan2 + pathgroup: INTERNET +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -449,87 +499,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_access_lists: -- name: ACL-INTERNET-IN_Ethernet4 - entries: - - sequence: 1 - remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' - - source: any - destination: 100.64.11.2 - sequence: 10 - action: permit - protocol: udp - destination_ports_match: eq - destination_ports: - - isakmp - - non500-isakmp - - source: any - destination: 100.64.11.2 - sequence: 30 - action: permit - protocol: icmp - - source: any - destination: any - action: deny - protocol: ip -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.255.3:101 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.42.4 - - name: CP-IKE-POLICY - local_id: 192.168.42.4 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: 141600021F102B - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: 045A190F1C354D - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: transit region region: @@ -558,6 +527,30 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: CRITICAL-SECRET-DATA + avt_profile: RED-POLICY-CRITICAL-SECRET-DATA + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: BLUE policy: BLUE-POLICY @@ -578,47 +571,185 @@ router_adaptive_virtual_topology: - name: RED-POLICY-NOT-SO-IMPORTANT-DATA id: 4 - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: CRITICAL-SECRET-DATA - avt_profile: RED-POLICY-CRITICAL-SECRET-DATA - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.4 + maximum_paths: + paths: 16 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 10.0.1.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: site1-border1 + description: site1-border1_Ethernet4 + - ip_address: 10.0.1.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: site1-border2 + description: site1-border2_Ethernet4 + - ip_address: 192.168.42.1 + peer_group: WAN-OVERLAY-PEERS + peer: pf1 + description: pf1_Dps1 + - ip_address: 192.168.42.2 + peer_group: WAN-OVERLAY-PEERS + peer: pf2 + description: pf2_Dps1 + - ip_address: 192.168.42.3 + remote_as: '65000' + peer: site1-wan1 + description: site1-wan1 + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.42.3 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: BLUE + rd: 192.168.255.4:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.255.4 + neighbors: + - ip_address: 10.0.1.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border1_Ethernet4.100_vrf_BLUE + - ip_address: 10.0.1.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border2_Ethernet4.100_vrf_BLUE + redistribute: + connected: + enabled: true + - name: RED + rd: 192.168.255.4:101 + route_targets: + import: + - address_family: evpn + route_targets: + - 101:101 + export: + - address_family: evpn + route_targets: + - 101:101 + router_id: 192.168.255.4 + neighbors: + - ip_address: 10.0.1.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border1_Ethernet4.101_vrf_RED + - ip_address: 10.0.1.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: site1-border2_Ethernet4.101_vrf_RED + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.255.4:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: MPLS id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 stun: @@ -636,9 +767,9 @@ router_path_selection: name: pf2 ipv4_addresses: - 172.18.200.2 - ipsec_profile: CP-PROFILE - name: INTERNET id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet4 stun: @@ -656,9 +787,9 @@ router_path_selection: name: pf2 ipv4_addresses: - 100.64.200.2 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet1 @@ -669,7 +800,6 @@ router_path_selection: ipv4_addresses: - 10.0.1.9 - 10.0.1.11 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-BLUE-POLICY-VIDEO path_groups: @@ -678,15 +808,15 @@ router_path_selection: priority: 2 - name: LAN_HA - name: LB-BLUE-POLICY-VOICE + lowest_hop_count: true + jitter: 30 + latency: 150 + loss_rate: '1' path_groups: - name: MPLS - name: INTERNET priority: 2 - name: LAN_HA - jitter: 30 - latency: 150 - loss_rate: '1' - lowest_hop_count: true - name: LB-BLUE-POLICY-DEFAULT path_groups: - name: INTERNET @@ -716,8 +846,19 @@ router_path_selection: - name: INTERNET - name: MPLS - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.11.1 stun: client: server_profiles: @@ -733,75 +874,22 @@ stun: - name: INTERNET-pf2-Ethernet2 ip_address: 100.64.200.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: CRITICAL-SECRET-DATA-APP - dscp_ranges: - - '46' - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.42.1/32 - - 192.168.42.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.4/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true + tenant: WAN-EXAMPLE-TENANT +- name: RED + ip_routing: true + tenant: WAN-EXAMPLE-TENANT vxlan_interface: vxlan1: description: site1-wan2_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: BLUE vni: 100 @@ -809,91 +897,3 @@ vxlan_interface: vni: 101 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: REGION1 - - name: Zone - value: REGION1-ZONE - - name: Site - value: SITE1 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet1.100 - tags: - - name: Type - value: lan - - interface: Ethernet1.101 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: lan - - interface: Ethernet2.100 - tags: - - name: Type - value: lan - - interface: Ethernet2.101 - tags: - - name: Type - value: lan - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: ACME-MPLS-INC - - name: Circuit - value: mpls-site1-wan2 - - interface: Ethernet4 - tags: - - name: Type - value: wan - - name: Carrier - value: REGION1-INTERNET-CORP - - name: Circuit - value: inet-site1-wan2 - cv_pathfinder: - role: transit region - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.4 - region: REGION1 - zone: REGION1-ZONE - site: SITE1 - interfaces: - - name: Ethernet3 - carrier: ACME-MPLS-INC - circuit_id: mpls-site1-wan2 - pathgroup: MPLS - - name: Ethernet4 - carrier: REGION1-INTERNET-CORP - circuit_id: inet-site1-wan2 - pathgroup: INTERNET - pathfinders: - - vtep_ip: 192.168.42.1 - - vtep_ip: 192.168.42.2 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf1.yml index b469a3558c4..a54db515b5f 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf1.yml @@ -1,46 +1,230 @@ +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - www.cv-staging.corp.arista.io:443 + cvauth: + method: token-secure + token_file: /tmp/cv-onboarding-token + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_site2-leaf2_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site2-leaf2 + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_site2-leaf2_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site2-leaf2 + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet3 + description: P2P_site2-wan1_Ethernet1 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER + ip_address: 10.0.2.12/31 + peer: site2-wan1 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet3.100 + description: P2P_site2-wan1_Ethernet1.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 + ip_address: 10.0.2.12/31 + peer: site2-wan1 + peer_interface: Ethernet1.100 + peer_type: wan_router +- name: Ethernet3.101 + description: P2P_site2-wan1_Ethernet1.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 101 + ip_address: 10.0.2.12/31 + peer: site2-wan1 + peer_interface: Ethernet1.101 + peer_type: wan_router +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false hostname: site2-leaf1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.9/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.42.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.18/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +mlag_configuration: + domain_id: SITE2 + local_interface: Vlan4094 + peer_address: 10.255.252.17 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_site2-leaf2_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.42.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.16/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.9 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: site2-leaf2 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.17 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -51,17 +235,41 @@ router_bgp: remote_as: '65000' peer: site2-wan1 description: site2-wan1_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 666 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.9:10666 + route_targets: + both: + - 10666:10666 + redistribute_routes: + - learned + - id: 42 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.9:10042 + route_targets: + both: + - 10042:10042 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: BLUE - router_id: 192.168.255.9 - neighbors: - - ip_address: 10.0.2.13 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: site2-wan1_Ethernet1.100_vrf_BLUE - - ip_address: 10.255.251.17 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: site2-leaf2_Vlan3099 rd: 192.168.255.9:100 route_targets: import: @@ -72,20 +280,20 @@ router_bgp: - address_family: evpn route_targets: - 100:100 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - - name: RED router_id: 192.168.255.9 neighbors: - ip_address: 10.0.2.13 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site2-wan1_Ethernet1.101_vrf_RED + description: site2-wan1_Ethernet1.100_vrf_BLUE - ip_address: 10.255.251.17 peer_group: MLAG-IPv4-UNDERLAY-PEER - description: site2-leaf2_Vlan3100 + description: site2-leaf2_Vlan3099 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: RED rd: 192.168.255.9:101 route_targets: import: @@ -96,119 +304,83 @@ router_bgp: - address_family: evpn route_targets: - 101:101 + router_id: 192.168.255.9 + neighbors: + - ip_address: 10.0.2.13 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site2-wan1_Ethernet1.101_vrf_RED + - ip_address: 10.255.251.17 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: site2-leaf2_Vlan3100 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 666 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.9:10666 - route_targets: - both: - - 10666:10666 - redistribute_routes: - - learned - - id: 42 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.9:10042 - route_targets: - both: - - 10042:10042 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - www.cv-staging.corp.arista.io:443 - cvauth: - method: token-secure - token_file: /tmp/cv-onboarding-token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.16/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.16/31 + mtu: 9214 + no_autostate: true +- name: Vlan666 + description: BLUE-TEST + shutdown: false + vrf: BLUE + ip_address: 10.66.2.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3099 + description: MLAG_L3_VRF_BLUE + shutdown: false + vrf: BLUE + ip_address: 10.255.251.16/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering +- name: Vlan42 + description: RED-TEST + shutdown: false + vrf: RED + ip_address: 10.42.2.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3100 + description: MLAG_L3_VRF_RED + shutdown: false + vrf: RED + ip_address: 10.255.251.16/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.18/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 666 name: BLUE-TEST tenant: WAN-EXAMPLE-TENANT @@ -225,175 +397,21 @@ vlans: trunk_groups: - MLAG tenant: WAN-EXAMPLE-TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.16/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.16/31 -- name: Vlan666 - tenant: WAN-EXAMPLE-TENANT - description: BLUE-TEST - shutdown: false - ip_address: 10.66.2.1/24 - vrf: BLUE -- name: Vlan3099 - tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_BLUE - vrf: BLUE - mtu: 9214 - ip_address: 10.255.251.16/31 -- name: Vlan42 +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true tenant: WAN-EXAMPLE-TENANT - description: RED-TEST - shutdown: false - ip_address: 10.42.2.1/24 - vrf: RED -- name: Vlan3100 +- name: RED + ip_routing: true tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_RED - vrf: RED - mtu: 9214 - ip_address: 10.255.251.16/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_site2-leaf2_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: site2-leaf2 - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_site2-leaf2_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: site2-leaf2 - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_site2-leaf2_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet3 - peer: site2-wan1 - peer_interface: Ethernet1 - peer_type: wan_router - description: P2P_site2-wan1_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - flow_tracker: - sampled: FLOW-TRACKER - ip_address: 10.0.2.12/31 -- name: Ethernet3.100 - peer: site2-wan1 - peer_interface: Ethernet1.100 - peer_type: wan_router - vrf: BLUE - description: P2P_site2-wan1_Ethernet1.100_VRF_BLUE - shutdown: false - encapsulation_dot1q: - vlan: 100 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.2.12/31 -- name: Ethernet3.101 - peer: site2-wan1 - peer_interface: Ethernet1.101 - peer_type: wan_router - vrf: RED - description: P2P_site2-wan1_Ethernet1.101_VRF_RED - shutdown: false - encapsulation_dot1q: - vlan: 101 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.2.12/31 -mlag_configuration: - domain_id: SITE2 - local_interface: Vlan4094 - peer_address: 10.255.252.17 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.9/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.42.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.42.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.16/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: site2-leaf1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 666 @@ -405,21 +423,3 @@ vxlan_interface: vni: 100 - name: RED vni: 101 -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf2.yml index 7dd9852e039..276e6346203 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-leaf2.yml @@ -1,46 +1,230 @@ +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - www.cv-staging.corp.arista.io:443 + cvauth: + method: token-secure + token_file: /tmp/cv-onboarding-token + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_site2-leaf1_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site2-leaf1 + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_site2-leaf1_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: site2-leaf1 + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet3 + description: P2P_site2-wan2_Ethernet1 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER + ip_address: 10.0.2.14/31 + peer: site2-wan2 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet3.100 + description: P2P_site2-wan2_Ethernet1.100_VRF_BLUE + shutdown: false + mtu: 9214 + vrf: BLUE + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 100 + ip_address: 10.0.2.14/31 + peer: site2-wan2 + peer_interface: Ethernet1.100 + peer_type: wan_router +- name: Ethernet3.101 + description: P2P_site2-wan2_Ethernet1.101_VRF_RED + shutdown: false + mtu: 9214 + vrf: RED + flow_tracker: + sampled: FLOW-TRACKER + encapsulation_dot1q: + vlan: 101 + ip_address: 10.0.2.14/31 + peer: site2-wan2 + peer_interface: Ethernet1.101 + peer_type: wan_router +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false hostname: site2-leaf2 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.42.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.19/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +mlag_configuration: + domain_id: SITE2 + local_interface: Vlan4094 + peer_address: 10.255.252.16 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_site2-leaf1_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.42.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.16/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.10 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: site2-leaf1 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.16 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -51,17 +235,41 @@ router_bgp: remote_as: '65000' peer: site2-wan2 description: site2-wan2_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 666 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.10:10666 + route_targets: + both: + - 10666:10666 + redistribute_routes: + - learned + - id: 42 + tenant: WAN-EXAMPLE-TENANT + rd: 192.168.255.10:10042 + route_targets: + both: + - 10042:10042 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: BLUE - router_id: 192.168.255.10 - neighbors: - - ip_address: 10.0.2.15 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: site2-wan2_Ethernet1.100_vrf_BLUE - - ip_address: 10.255.251.16 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: site2-leaf1_Vlan3099 rd: 192.168.255.10:100 route_targets: import: @@ -72,20 +280,20 @@ router_bgp: - address_family: evpn route_targets: - 100:100 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - - name: RED router_id: 192.168.255.10 neighbors: - ip_address: 10.0.2.15 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: site2-wan2_Ethernet1.101_vrf_RED + description: site2-wan2_Ethernet1.100_vrf_BLUE - ip_address: 10.255.251.16 peer_group: MLAG-IPv4-UNDERLAY-PEER - description: site2-leaf1_Vlan3100 + description: site2-leaf1_Vlan3099 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: RED rd: 192.168.255.10:101 route_targets: import: @@ -96,119 +304,83 @@ router_bgp: - address_family: evpn route_targets: - 101:101 + router_id: 192.168.255.10 + neighbors: + - ip_address: 10.0.2.15 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: site2-wan2_Ethernet1.101_vrf_RED + - ip_address: 10.255.251.16 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: site2-leaf1_Vlan3100 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 666 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.10:10666 - route_targets: - both: - - 10666:10666 - redistribute_routes: - - learned - - id: 42 - tenant: WAN-EXAMPLE-TENANT - rd: 192.168.255.10:10042 - route_targets: - both: - - 10042:10042 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - www.cv-staging.corp.arista.io:443 - cvauth: - method: token-secure - token_file: /tmp/cv-onboarding-token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.17/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.17/31 + mtu: 9214 + no_autostate: true +- name: Vlan666 + description: BLUE-TEST + shutdown: false + vrf: BLUE + ip_address: 10.66.22.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3099 + description: MLAG_L3_VRF_BLUE + shutdown: false + vrf: BLUE + ip_address: 10.255.251.17/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering +- name: Vlan42 + description: RED-TEST + shutdown: false + vrf: RED + ip_address: 10.42.22.1/24 + tenant: WAN-EXAMPLE-TENANT +- name: Vlan3100 + description: MLAG_L3_VRF_RED + shutdown: false + vrf: RED + ip_address: 10.255.251.17/31 + mtu: 9214 + tenant: WAN-EXAMPLE-TENANT + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.19/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 666 name: BLUE-TEST tenant: WAN-EXAMPLE-TENANT @@ -225,175 +397,21 @@ vlans: trunk_groups: - MLAG tenant: WAN-EXAMPLE-TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.17/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.17/31 -- name: Vlan666 - tenant: WAN-EXAMPLE-TENANT - description: BLUE-TEST - shutdown: false - ip_address: 10.66.22.1/24 - vrf: BLUE -- name: Vlan3099 - tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_BLUE - vrf: BLUE - mtu: 9214 - ip_address: 10.255.251.17/31 -- name: Vlan42 +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true tenant: WAN-EXAMPLE-TENANT - description: RED-TEST - shutdown: false - ip_address: 10.42.22.1/24 - vrf: RED -- name: Vlan3100 +- name: RED + ip_routing: true tenant: WAN-EXAMPLE-TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_RED - vrf: RED - mtu: 9214 - ip_address: 10.255.251.17/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_site2-leaf1_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: site2-leaf1 - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_site2-leaf1_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: site2-leaf1 - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_site2-leaf1_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet3 - peer: site2-wan2 - peer_interface: Ethernet1 - peer_type: wan_router - description: P2P_site2-wan2_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - flow_tracker: - sampled: FLOW-TRACKER - ip_address: 10.0.2.14/31 -- name: Ethernet3.100 - peer: site2-wan2 - peer_interface: Ethernet1.100 - peer_type: wan_router - vrf: BLUE - description: P2P_site2-wan2_Ethernet1.100_VRF_BLUE - shutdown: false - encapsulation_dot1q: - vlan: 100 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.2.14/31 -- name: Ethernet3.101 - peer: site2-wan2 - peer_interface: Ethernet1.101 - peer_type: wan_router - vrf: RED - description: P2P_site2-wan2_Ethernet1.101_VRF_RED - shutdown: false - encapsulation_dot1q: - vlan: 101 - flow_tracker: - sampled: FLOW-TRACKER - mtu: 9214 - ip_address: 10.0.2.14/31 -mlag_configuration: - domain_id: SITE2 - local_interface: Vlan4094 - peer_address: 10.255.252.16 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.42.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.42.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.16/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: site2-leaf2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 666 @@ -405,21 +423,3 @@ vxlan_interface: vni: 100 - name: RED vni: 101 -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan1.yml index fecdf1bbf60..f3038bff753 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan1.yml @@ -1,160 +1,70 @@ -hostname: site2-wan1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.7 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.0.2.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: site2-leaf1 - description: site2-leaf1_Ethernet3 - - ip_address: 192.168.42.1 - peer_group: WAN-OVERLAY-PEERS - peer: pf1 - description: pf1_Dps1 - - ip_address: 192.168.42.2 - peer_group: WAN-OVERLAY-PEERS - peer: pf2 - description: pf2_Dps1 - - ip_address: 192.168.42.8 - peer: site2-wan2 - description: site2-wan2 - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: BLUE - router_id: 192.168.255.7 - neighbors: - - ip_address: 10.0.2.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - description: site2-leaf1_Ethernet3.100_vrf_BLUE - rd: 192.168.255.7:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute: - connected: - enabled: true - - name: RED - router_id: 192.168.255.7 - neighbors: - - ip_address: 10.0.2.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - description: site2-leaf1_Ethernet3.101_vrf_RED - rd: 192.168.255.7:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.255.7:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.42.8 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.20.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.42.1/32 + - 192.168.42.2/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: CRITICAL-SECRET-DATA-APP + dscp_ranges: + - '46' + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -162,130 +72,242 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.7/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.16/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: site2-leaf1 - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_site2-leaf1_Ethernet3 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.0.2.13/31 -- name: Ethernet1.100 peer: site2-leaf1 - peer_interface: Ethernet3.100 + peer_interface: Ethernet3 peer_type: l3leaf - vrf: BLUE + switchport: + enabled: false +- name: Ethernet1.100 description: P2P_site2-leaf1_Ethernet3.100_VRF_BLUE shutdown: false - encapsulation_dot1q: - vlan: 100 + mtu: 9214 + vrf: BLUE flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 100 ip_address: 10.0.2.13/31 -- name: Ethernet1.101 peer: site2-leaf1 - peer_interface: Ethernet3.101 + peer_interface: Ethernet3.100 peer_type: l3leaf - vrf: RED +- name: Ethernet1.101 description: P2P_site2-leaf1_Ethernet3.101_VRF_RED shutdown: false - encapsulation_dot1q: - vlan: 101 + mtu: 9214 + vrf: RED flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 101 ip_address: 10.0.2.13/31 + peer: site2-leaf1 + peer_interface: Ethernet3.101 + peer_type: l3leaf - name: Ethernet3 - peer_type: l3_interface - peer: mpls-cloud - peer_interface: Ethernet7 - ip_address: 172.18.20.2/24 - shutdown: false - switchport: - enabled: false description: ACME-MPLS-INC_mpls-site2-wan1_mpls-cloud_Ethernet7 + shutdown: false flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet5 + ip_address: 172.18.20.2/24 + peer: mpls-cloud + peer_interface: Ethernet7 + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - peer: site2-wan2 - shutdown: false +- name: Ethernet5 description: WAN_HA_site2-wan2_Ethernet5 - ip_address: 10.42.0.0/31 - flow_tracker: null + shutdown: false mtu: 9194 + ip_address: 10.42.0.0/31 + peer: site2-wan2 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: site2-wan1 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.255.7:202 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.42.7 + - name: CP-IKE-POLICY + local_id: 192.168.42.7 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: 141600021F102B + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: 045A190F1C354D + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.16/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: REGION2 + - name: Zone + value: REGION2-ZONE + - name: Site + value: SITE2 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet1.100 + tags: + - name: Type + value: lan + - interface: Ethernet1.101 + tags: + - name: Type + value: lan + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: ACME-MPLS-INC + - name: Circuit + value: mpls-site2-wan1 + - interface: Ethernet5 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + region: REGION2 + zone: REGION2-ZONE + site: SITE2 + vtep_ip: 192.168.42.7 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.42.1 + - vtep_ip: 192.168.42.2 + interfaces: + - name: Ethernet3 + carrier: ACME-MPLS-INC + circuit_id: mpls-site2-wan1 + pathgroup: MPLS +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -360,64 +382,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.255.7:202 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.42.7 - - name: CP-IKE-POLICY - local_id: 192.168.42.7 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: 141600021F102B - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: 045A190F1C354D - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: transit region region: @@ -446,6 +410,30 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: CRITICAL-SECRET-DATA + avt_profile: RED-POLICY-CRITICAL-SECRET-DATA + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: BLUE policy: BLUE-POLICY @@ -457,56 +445,178 @@ router_adaptive_virtual_topology: - name: BLUE-POLICY-DEFAULT id: 1 - name: RED - policy: RED-POLICY - profiles: - - name: RED-POLICY-CRITICAL-SECRET-DATA - id: 2 - - name: RED-POLICY-NORMAL-DATA - id: 3 - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - id: 4 + policy: RED-POLICY + profiles: + - name: RED-POLICY-CRITICAL-SECRET-DATA + id: 2 + - name: RED-POLICY-NORMAL-DATA + id: 3 + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + id: 4 + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.7 + maximum_paths: + paths: 16 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 10.0.2.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: site2-leaf1 + description: site2-leaf1_Ethernet3 + - ip_address: 192.168.42.1 + peer_group: WAN-OVERLAY-PEERS + peer: pf1 + description: pf1_Dps1 + - ip_address: 192.168.42.2 + peer_group: WAN-OVERLAY-PEERS + peer: pf2 + description: pf2_Dps1 + - ip_address: 192.168.42.8 + remote_as: '65000' + peer: site2-wan2 + description: site2-wan2 + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.42.8 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: BLUE + rd: 192.168.255.7:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.255.7 + neighbors: + - ip_address: 10.0.2.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + description: site2-leaf1_Ethernet3.100_vrf_BLUE + redistribute: + connected: + enabled: true + - name: RED + rd: 192.168.255.7:101 + route_targets: + import: + - address_family: evpn + route_targets: + - 101:101 + export: + - address_family: evpn + route_targets: + - 101:101 + router_id: 192.168.255.7 + neighbors: + - ip_address: 10.0.2.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + description: site2-leaf1_Ethernet3.101_vrf_RED + redistribute: + connected: + enabled: true - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: CRITICAL-SECRET-DATA - avt_profile: RED-POLICY-CRITICAL-SECRET-DATA - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.255.7:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: MPLS id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 stun: @@ -524,9 +634,9 @@ router_path_selection: name: pf2 ipv4_addresses: - 172.18.200.2 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet5 @@ -535,7 +645,6 @@ router_path_selection: name: site2-wan2 ipv4_addresses: - 10.42.0.1 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-BLUE-POLICY-VIDEO path_groups: @@ -543,13 +652,13 @@ router_path_selection: priority: 2 - name: LAN_HA - name: LB-BLUE-POLICY-VOICE - path_groups: - - name: MPLS - - name: LAN_HA + lowest_hop_count: true jitter: 30 latency: 150 loss_rate: '1' - lowest_hop_count: true + path_groups: + - name: MPLS + - name: LAN_HA - name: LB-BLUE-POLICY-DEFAULT path_groups: - name: MPLS @@ -574,8 +683,19 @@ router_path_selection: path_groups: - name: MPLS - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.20.1 stun: client: server_profiles: @@ -585,75 +705,22 @@ stun: - name: MPLS-pf2-Ethernet1 ip_address: 172.18.200.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: CRITICAL-SECRET-DATA-APP - dscp_ranges: - - '46' - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.42.1/32 - - 192.168.42.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.7/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true + tenant: WAN-EXAMPLE-TENANT +- name: RED + ip_routing: true + tenant: WAN-EXAMPLE-TENANT vxlan_interface: vxlan1: description: site2-wan1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: BLUE vni: 100 @@ -661,71 +728,3 @@ vxlan_interface: vni: 101 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: REGION2 - - name: Zone - value: REGION2-ZONE - - name: Site - value: SITE2 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet1.100 - tags: - - name: Type - value: lan - - interface: Ethernet1.101 - tags: - - name: Type - value: lan - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: ACME-MPLS-INC - - name: Circuit - value: mpls-site2-wan1 - - interface: Ethernet5 - tags: - - name: Type - value: lan - cv_pathfinder: - role: transit region - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.7 - region: REGION2 - zone: REGION2-ZONE - site: SITE2 - interfaces: - - name: Ethernet3 - carrier: ACME-MPLS-INC - circuit_id: mpls-site2-wan1 - pathgroup: MPLS - pathfinders: - - vtep_ip: 192.168.42.1 - - vtep_ip: 192.168.42.2 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml index b95710ba067..af156c7cf0e 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml @@ -1,429 +1,204 @@ -hostname: site2-wan2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.8 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - neighbors: - - ip_address: 100.64.21.1 - remote_as: '65666' - description: REGION2-INTERNET-CORP_inet-site2-wan2_inet-cloud_Ethernet7 - route_map_in: RM-BGP-100.64.21.1-IN - route_map_out: RM-BGP-100.64.21.1-OUT - - ip_address: 10.0.2.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: site2-leaf2 - description: site2-leaf2_Ethernet3 - - ip_address: 192.168.42.1 - peer_group: WAN-OVERLAY-PEERS - peer: pf1 - description: pf1_Dps1 - - ip_address: 192.168.42.2 - peer_group: WAN-OVERLAY-PEERS - peer: pf2 - description: pf2_Dps1 - - ip_address: 192.168.42.7 - peer: site2-wan1 - description: site2-wan1 - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - address_family_ipv4: - neighbors: - - ip_address: 100.64.21.1 - activate: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - vrfs: - - name: BLUE - router_id: 192.168.255.8 - neighbors: - - ip_address: 10.0.2.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - description: site2-leaf2_Ethernet3.100_vrf_BLUE - rd: 192.168.255.8:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - redistribute: - connected: - enabled: true - - name: RED - router_id: 192.168.255.8 - neighbors: - - ip_address: 10.0.2.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - description: site2-leaf2_Ethernet3.101_vrf_RED - rd: 192.168.255.8:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.255.8:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.42.7 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - www.cv-staging.corp.arista.io:443 - cvauth: - method: token-secure - token_file: /tmp/cv-onboarding-token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +aaa_authorization: + exec: + default: local aaa_root: disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.17/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -prefix_lists: -- name: ALLOW-DEFAULT - sequence_numbers: - - sequence: 10 - action: permit 0.0.0.0/0 -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-BGP-100.64.21.1-IN - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list ALLOW-DEFAULT - set: - - community no-advertise additive -- name: RM-BGP-100.64.21.1-OUT - sequence_numbers: - - sequence: 10 - type: deny -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.255.7:202 additive -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.255.7:202 additive -- name: RM-BGP-UNDERLAY-PEERS-OUT - sequence_numbers: - - sequence: 10 - type: permit - description: Make routes learned from WAN HA peer less preferred on LAN routers - match: - - tag 50 - - route-type internal - set: - - metric 50 - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.255.7:202 additive -- name: RM-WAN-HA-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - description: Set tag 50 on routes received from HA peer over EVPN - set: - - tag 50 -- name: RM-WAN-HA-PEER-OUT - sequence_numbers: - - sequence: 10 - type: permit - description: Make EVPN routes learned from WAN less preferred on HA peer - match: - - route-type internal - set: - - local-preference 50 - - sequence: 20 - type: permit - description: Make locally injected routes less preferred on HA peer - set: - - local-preference 75 -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.42.1/32 + - 192.168.42.2/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: CRITICAL-SECRET-DATA-APP + dscp_ranges: + - '46' + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: CRITICAL-SECRET-DATA + applications: + - name: CRITICAL-SECRET-DATA-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true +daemon_terminattr: + cvaddrs: + - www.cv-staging.corp.arista.io:443 + cvauth: + method: token-secure + token_file: /tmp/cv-onboarding-token + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.8/32 + flow_tracker: + hardware: FLOW-TRACKER +enable_password: + disabled: true ethernet_interfaces: - name: Ethernet1 - peer: site2-leaf2 - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_site2-leaf2_Ethernet3 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.0.2.15/31 -- name: Ethernet1.100 peer: site2-leaf2 - peer_interface: Ethernet3.100 + peer_interface: Ethernet3 peer_type: l3leaf - vrf: BLUE + switchport: + enabled: false +- name: Ethernet1.100 description: P2P_site2-leaf2_Ethernet3.100_VRF_BLUE shutdown: false - encapsulation_dot1q: - vlan: 100 + mtu: 9214 + vrf: BLUE flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 100 ip_address: 10.0.2.15/31 -- name: Ethernet1.101 peer: site2-leaf2 - peer_interface: Ethernet3.101 + peer_interface: Ethernet3.100 peer_type: l3leaf - vrf: RED +- name: Ethernet1.101 description: P2P_site2-leaf2_Ethernet3.101_VRF_RED shutdown: false - encapsulation_dot1q: - vlan: 101 + mtu: 9214 + vrf: RED flow_tracker: hardware: FLOW-TRACKER - mtu: 9214 + encapsulation_dot1q: + vlan: 101 ip_address: 10.0.2.15/31 + peer: site2-leaf2 + peer_interface: Ethernet3.101 + peer_type: l3leaf - name: Ethernet4 - peer_type: l3_interface - peer: inet-cloud - peer_interface: Ethernet7 - ip_address: 100.64.21.2/24 - shutdown: false - switchport: - enabled: false description: REGION2-INTERNET-CORP_inet-site2-wan2_inet-cloud_Ethernet7 - access_group_in: ACL-INTERNET-IN_Ethernet4 + shutdown: false flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet5 + ip_address: 100.64.21.2/24 + access_group_in: ACL-INTERNET-IN_Ethernet4 + peer: inet-cloud + peer_interface: Ethernet7 + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - peer: site2-wan1 - shutdown: false +- name: Ethernet5 description: WAN_HA_site2-wan1_Ethernet5 - ip_address: 10.42.0.1/31 - flow_tracker: null - mtu: 9194 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID shutdown: false - ip_address: 192.168.255.8/32 -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' + mtu: 9194 + ip_address: 10.42.0.1/31 + peer: site2-wan1 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: site2-wan2 ip_access_lists: - name: ACL-INTERNET-IN_Ethernet4 entries: - sequence: 1 remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' - - source: any - destination: 100.64.21.2 - sequence: 10 + - sequence: 10 action: permit protocol: udp + source: any + destination: 100.64.21.2 destination_ports_match: eq destination_ports: - isakmp - non500-isakmp - - source: any - destination: 100.64.21.2 - sequence: 20 + - sequence: 20 action: permit protocol: tcp + source: any + destination: 100.64.21.2 destination_ports_match: eq destination_ports: - bgp - - source: any - destination: 100.64.21.2 - sequence: 30 + - sequence: 30 action: permit protocol: icmp - - source: any - destination: any - action: deny + source: any + destination: 100.64.21.2 + - action: deny protocol: ip + source: any + destination: any ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.255.7:202 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true ip_security: ike_policies: - name: DP-IKE-POLICY @@ -462,16 +237,199 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.8/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.17/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false management_security: ssl_profiles: - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: REGION2 + - name: Zone + value: REGION2-ZONE + - name: Site + value: SITE2 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet1.100 + tags: + - name: Type + value: lan + - interface: Ethernet1.101 + tags: + - name: Type + value: lan + - interface: Ethernet4 + tags: + - name: Type + value: wan + - name: Carrier + value: REGION2-INTERNET-CORP + - name: Circuit + value: inet-site2-wan2 + - interface: Ethernet5 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + region: REGION2 + zone: REGION2-ZONE + site: SITE2 + vtep_ip: 192.168.42.8 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.42.1 + - vtep_ip: 192.168.42.2 + interfaces: + - name: Ethernet4 + carrier: REGION2-INTERNET-CORP + circuit_id: inet-site2-wan2 + pathgroup: INTERNET +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +prefix_lists: +- name: ALLOW-DEFAULT + sequence_numbers: + - sequence: 10 + action: permit 0.0.0.0/0 +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-BGP-100.64.21.1-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + set: + - community no-advertise additive +- name: RM-BGP-100.64.21.1-OUT + sequence_numbers: + - sequence: 10 + type: deny +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.255.7:202 additive +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.255.7:202 additive +- name: RM-BGP-UNDERLAY-PEERS-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned from WAN HA peer less preferred on LAN routers + match: + - tag 50 + - route-type internal + set: + - metric 50 + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.255.7:202 additive +- name: RM-WAN-HA-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Set tag 50 on routes received from HA peer over EVPN + set: + - tag 50 +- name: RM-WAN-HA-PEER-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Make EVPN routes learned from WAN less preferred on HA peer + match: + - route-type internal + set: + - local-preference 50 + - sequence: 20 + type: permit + description: Make locally injected routes less preferred on HA peer + set: + - local-preference 75 +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: transit region region: @@ -500,6 +458,30 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: CRITICAL-SECRET-DATA + avt_profile: RED-POLICY-CRITICAL-SECRET-DATA + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: BLUE policy: BLUE-POLICY @@ -511,56 +493,186 @@ router_adaptive_virtual_topology: - name: BLUE-POLICY-DEFAULT id: 1 - name: RED - policy: RED-POLICY - profiles: - - name: RED-POLICY-CRITICAL-SECRET-DATA - id: 2 - - name: RED-POLICY-NORMAL-DATA - id: 3 - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - id: 4 + policy: RED-POLICY + profiles: + - name: RED-POLICY-CRITICAL-SECRET-DATA + id: 2 + - name: RED-POLICY-NORMAL-DATA + id: 3 + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + id: 4 + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.8 + maximum_paths: + paths: 16 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 100.64.21.1 + remote_as: '65666' + description: REGION2-INTERNET-CORP_inet-site2-wan2_inet-cloud_Ethernet7 + route_map_in: RM-BGP-100.64.21.1-IN + route_map_out: RM-BGP-100.64.21.1-OUT + - ip_address: 10.0.2.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: site2-leaf2 + description: site2-leaf2_Ethernet3 + - ip_address: 192.168.42.1 + peer_group: WAN-OVERLAY-PEERS + peer: pf1 + description: pf1_Dps1 + - ip_address: 192.168.42.2 + peer_group: WAN-OVERLAY-PEERS + peer: pf2 + description: pf2_Dps1 + - ip_address: 192.168.42.7 + remote_as: '65000' + peer: site2-wan1 + description: site2-wan1 + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.42.7 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + neighbors: + - ip_address: 100.64.21.1 + activate: true + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: BLUE + rd: 192.168.255.8:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.255.8 + neighbors: + - ip_address: 10.0.2.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + description: site2-leaf2_Ethernet3.100_vrf_BLUE + redistribute: + connected: + enabled: true + - name: RED + rd: 192.168.255.8:101 + route_targets: + import: + - address_family: evpn + route_targets: + - 101:101 + export: + - address_family: evpn + route_targets: + - 101:101 + router_id: 192.168.255.8 + neighbors: + - ip_address: 10.0.2.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + description: site2-leaf2_Ethernet3.101_vrf_RED + redistribute: + connected: + enabled: true - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: CRITICAL-SECRET-DATA - avt_profile: RED-POLICY-CRITICAL-SECRET-DATA - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.255.8:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INTERNET id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet4 stun: @@ -578,9 +690,9 @@ router_path_selection: name: pf2 ipv4_addresses: - 100.64.200.2 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet5 @@ -589,21 +701,20 @@ router_path_selection: name: site2-wan1 ipv4_addresses: - 10.42.0.0 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-BLUE-POLICY-VIDEO path_groups: - name: INTERNET - name: LAN_HA - name: LB-BLUE-POLICY-VOICE + lowest_hop_count: true + jitter: 30 + latency: 150 + loss_rate: '1' path_groups: - name: INTERNET priority: 2 - name: LAN_HA - jitter: 30 - latency: 150 - loss_rate: '1' - lowest_hop_count: true - name: LB-BLUE-POLICY-DEFAULT path_groups: - name: INTERNET @@ -627,8 +738,17 @@ router_path_selection: path_groups: - name: INTERNET - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 stun: client: server_profiles: @@ -638,75 +758,22 @@ stun: - name: INTERNET-pf2-Ethernet2 ip_address: 100.64.200.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: CRITICAL-SECRET-DATA - applications: - - name: CRITICAL-SECRET-DATA-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: CRITICAL-SECRET-DATA-APP - dscp_ranges: - - '46' - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.42.1/32 - - 192.168.42.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.8/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true + tenant: WAN-EXAMPLE-TENANT +- name: RED + ip_routing: true + tenant: WAN-EXAMPLE-TENANT vxlan_interface: vxlan1: description: site2-wan2_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: BLUE vni: 100 @@ -714,71 +781,3 @@ vxlan_interface: vni: 101 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: REGION2 - - name: Zone - value: REGION2-ZONE - - name: Site - value: SITE2 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet1.100 - tags: - - name: Type - value: lan - - interface: Ethernet1.101 - tags: - - name: Type - value: lan - - interface: Ethernet4 - tags: - - name: Type - value: wan - - name: Carrier - value: REGION2-INTERNET-CORP - - name: Circuit - value: inet-site2-wan2 - - interface: Ethernet5 - tags: - - name: Type - value: lan - cv_pathfinder: - role: transit region - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.8 - region: REGION2 - zone: REGION2-ZONE - site: SITE2 - interfaces: - - name: Ethernet4 - carrier: REGION2-INTERNET-CORP - circuit_id: inet-site2-wan2 - pathgroup: INTERNET - pathfinders: - - vtep_ip: 192.168.42.1 - - vtep_ip: 192.168.42.2 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-leaf1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-leaf1.yml index bff6a2bd55d..9904a4460e1 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-leaf1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-leaf1.yml @@ -1,10 +1,9 @@ -hostname: site3-leaf1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -12,23 +11,48 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_site3-wan1_Ethernet1 + shutdown: false + flow_tracker: + sampled: FLOW-TRACKER + spanning_tree_portfast: edge + peer: site3-wan1 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 42,666 +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: site3-leaf1 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.17.1 vrf: MGMT +is_deployed: true local_users: - name: ansible privilege: 15 @@ -42,47 +66,40 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.17.21/24 - gateway: 192.168.17.1 type: oob + gateway: 192.168.17.1 lldp: transmit: false receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 0.pool.ntp.org - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: site3-wan1 - peer_interface: Ethernet1 - peer_type: wan_router - description: L2_site3-wan1_Ethernet1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 42,666 - spanning_tree_portfast: edge - flow_tracker: - sampled: FLOW-TRACKER + vrf: MGMT +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 666 name: BLUE-TEST @@ -90,23 +107,6 @@ vlans: - id: 42 name: RED-TEST tenant: WAN-EXAMPLE-TENANT -ip_igmp_snooping: - globally_enabled: true -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml index a5c8da00bd0..b22172faa12 100644 --- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml +++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml @@ -1,119 +1,64 @@ -hostname: site3-wan1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.11 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.42.1 - peer_group: WAN-OVERLAY-PEERS - peer: pf1 - description: pf1_Dps1 - - ip_address: 192.168.42.2 - peer_group: WAN-OVERLAY-PEERS - peer: pf2 - description: pf2_Dps1 - vrfs: - - name: BLUE - rd: 192.168.255.11:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: RED - rd: 192.168.255.11:101 - route_targets: - import: - - address_family: evpn - route_targets: - - 101:101 - export: - - address_family: evpn - route_targets: - - 101:101 - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.255.11:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.17.1 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_authorization: + exec: + default: local +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + l4_ports: + - name: VIDEO-PORTS + port_values: + - 4242-4244 + - name: VOICE-PORTS + port_values: + - 666-667 + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.42.1/32 + - 192.168.42.2/32 + applications: + ipv4_applications: + - name: VIDEO-APP + protocols: + - tcp + - udp + udp_dest_port_set_name: VIDEO-PORTS + tcp_dest_port_set_name: VIDEO-PORTS + - name: VOICE-APP + protocols: + - tcp + tcp_dest_port_set_name: VOICE-PORTS + - name: NORMAL-DATA-APP + dscp_ranges: + - af23 + - name: NOT-SO-IMPORTANT-DATA-APP + dscp_ranges: + - '0' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: VIDEO-APP + - name: VOICE + applications: + - name: VOICE-APP + - name: NORMAL-DATA + applications: + - name: NORMAL-DATA-APP + - name: NOT-SO-IMPORTANT-DATA + applications: + - name: NOT-SO-IMPORTANT-DATA-APP + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true daemon_terminattr: cvaddrs: - www.cv-staging.corp.arista.io:443 @@ -121,184 +66,112 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dns_domain: wan.example.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.42.11/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -ip_name_servers: -- ip_address: 192.168.17.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -- name: arista - privilege: 15 - role: network-admin - sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 -vrfs: -- name: MGMT - ip_routing: false -- name: BLUE - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -- name: RED - tenant: WAN-EXAMPLE-TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.17.20/24 - gateway: 192.168.17.1 - type: oob - lldp: - transmit: false - receive: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 + description: L2_site3-leaf1_Ethernet1 + shutdown: false + mtu: 9214 peer: site3-leaf1 peer_interface: Ethernet1 peer_type: l2leaf - description: L2_site3-leaf1_Ethernet1 - shutdown: false switchport: enabled: false - mtu: 9214 - name: Ethernet1.666 - peer: site3-leaf1 - peer_interface: Ethernet1 VLAN 666 - peer_type: l2leaf description: BLUE-TEST shutdown: false - encapsulation_dot1q: - vlan: 666 vrf: BLUE - ip_address: 10.66.3.1/24 flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet1.42 + encapsulation_dot1q: + vlan: 666 + ip_address: 10.66.3.1/24 peer: site3-leaf1 - peer_interface: Ethernet1 VLAN 42 + peer_interface: Ethernet1 VLAN 666 peer_type: l2leaf +- name: Ethernet1.42 description: RED-TEST shutdown: false + vrf: RED + flow_tracker: + hardware: FLOW-TRACKER encapsulation_dot1q: vlan: 42 - vrf: RED ip_address: 10.42.3.1/24 + peer: site3-leaf1 + peer_interface: Ethernet1 VLAN 42 + peer_type: l2leaf +- name: Ethernet4 + description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 + shutdown: false flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet4 - peer_type: l3_interface + ip_address: dhcp + dhcp_client_accept_default_route: true + access_group_in: ACL-INTERNET-IN_Ethernet4 peer: inet-cloud peer_interface: Ethernet8 - ip_address: dhcp - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 - access_group_in: ACL-INTERNET-IN_Ethernet4 - flow_tracker: - hardware: FLOW-TRACKER - dhcp_client_accept_default_route: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.255.11:203 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.255.11:203 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 5000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + shutdown: false +hostname: site3-wan1 ip_access_lists: - name: ACL-INTERNET-IN_Ethernet4 entries: - sequence: 1 remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface' - - source: any - destination: 100.64.30.2 - sequence: 10 + - sequence: 10 action: permit protocol: udp + source: any + destination: 100.64.30.2 destination_ports_match: eq destination_ports: - isakmp - non500-isakmp - - source: any - destination: 100.64.30.2 - sequence: 30 + - sequence: 30 action: permit protocol: icmp - - source: any - destination: any - action: deny + source: any + destination: 100.64.30.2 + - action: deny protocol: ip + source: any + destination: any ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.255.11:203 +ip_name_servers: +- ip_address: 192.168.17.1 + vrf: MGMT +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -334,16 +207,139 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +local_users: +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +- name: arista + privilege: 15 + role: network-admin + sha512_password: $6$Enl0WfE32FthwyiJ$yTyGaEJ2uPKLU.F7314YtB7J1jrzrMi7ogXIRTEHQfLdLgKWWmr1UvNlZLN6AyuxET7G5aH3AI9OYRzxVTkB1. +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$a7LdQWHxWzYHpvVt$n62q.1mbm4kzQ5oBr0lhXCE9ntnTn.SNa16DovZHahFQLH.iPcPMZa5JUSFtncrDW4EDQ3oSWgP8G0S4FtOFx1 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.17.20/24 + type: oob + gateway: 192.168.17.1 + lldp: + transmit: false + receive: false management_security: ssl_profiles: - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: REGION2 + - name: Zone + value: REGION2-ZONE + - name: Site + value: SITE3 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet1.666 + tags: + - name: Type + value: lan + - interface: Ethernet1.42 + tags: + - name: Type + value: lan + - interface: Ethernet4 + tags: + - name: Type + value: wan + - name: Carrier + value: REGION2-INTERNET-CORP + - name: Circuit + value: inet-site3-wan1 + cv_pathfinder: + role: edge + region: REGION2 + zone: REGION2-ZONE + site: SITE3 + vtep_ip: 192.168.42.11 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.42.1 + - vtep_ip: 192.168.42.2 + interfaces: + - name: Ethernet4 + carrier: REGION2-INTERNET-CORP + circuit_id: inet-site3-wan1 + pathgroup: INTERNET +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.255.11:203 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.255.11:203 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -370,63 +366,170 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: BLUE-POLICY + matches: + - application_profile: VIDEO + avt_profile: BLUE-POLICY-VIDEO + - application_profile: VOICE + avt_profile: BLUE-POLICY-VOICE + dscp: 46 + - application_profile: default + avt_profile: BLUE-POLICY-DEFAULT + - name: RED-POLICY + matches: + - application_profile: NORMAL-DATA + avt_profile: RED-POLICY-NORMAL-DATA + - application_profile: NOT-SO-IMPORTANT-DATA + avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: BLUE + policy: BLUE-POLICY + profiles: + - name: BLUE-POLICY-VIDEO + id: 2 + - name: BLUE-POLICY-VOICE + id: 3 + - name: BLUE-POLICY-DEFAULT + id: 1 + - name: RED + policy: RED-POLICY + profiles: + - name: RED-POLICY-NORMAL-DATA + id: 3 + - name: RED-POLICY-NOT-SO-IMPORTANT-DATA + id: 4 + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: DEFAULT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.11 + maximum_paths: + paths: 16 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.42.1 + peer_group: WAN-OVERLAY-PEERS + peer: pf1 + description: pf1_Dps1 + - ip_address: 192.168.42.2 + peer_group: WAN-OVERLAY-PEERS + peer: pf2 + description: pf2_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: BLUE - policy: BLUE-POLICY - profiles: - - name: BLUE-POLICY-VIDEO - id: 2 - - name: BLUE-POLICY-VOICE - id: 3 - - name: BLUE-POLICY-DEFAULT - id: 1 + rd: 192.168.255.11:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true - name: RED - policy: RED-POLICY - profiles: - - name: RED-POLICY-NORMAL-DATA - id: 3 - - name: RED-POLICY-NOT-SO-IMPORTANT-DATA - id: 4 + rd: 192.168.255.11:101 + route_targets: + import: + - address_family: evpn + route_targets: + - 101:101 + export: + - address_family: evpn + route_targets: + - 101:101 + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: DEFAULT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: BLUE-POLICY - matches: - - application_profile: VIDEO - avt_profile: BLUE-POLICY-VIDEO - - application_profile: VOICE - avt_profile: BLUE-POLICY-VOICE - dscp: 46 - - application_profile: default - avt_profile: BLUE-POLICY-DEFAULT - - name: RED-POLICY - matches: - - application_profile: NORMAL-DATA - avt_profile: RED-POLICY-NORMAL-DATA - - application_profile: NOT-SO-IMPORTANT-DATA - avt_profile: RED-POLICY-NOT-SO-IMPORTANT-DATA - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.255.11:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INTERNET id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet4 stun: @@ -444,19 +547,18 @@ router_path_selection: name: pf2 ipv4_addresses: - 100.64.200.2 - ipsec_profile: CP-PROFILE load_balance_policies: - name: LB-BLUE-POLICY-VIDEO path_groups: - name: INTERNET - name: LB-BLUE-POLICY-VOICE - path_groups: - - name: INTERNET - priority: 2 + lowest_hop_count: true jitter: 30 latency: 150 loss_rate: '1' - lowest_hop_count: true + path_groups: + - name: INTERNET + priority: 2 - name: LB-BLUE-POLICY-DEFAULT path_groups: - name: INTERNET @@ -472,8 +574,17 @@ router_path_selection: - name: LB-DEFAULT-POLICY-DEFAULT path_groups: - name: INTERNET + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.17.1 stun: client: server_profiles: @@ -483,69 +594,22 @@ stun: - name: INTERNET-pf2-Ethernet2 ip_address: 100.64.200.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: VIDEO-APP - - name: VOICE - applications: - - name: VOICE-APP - - name: NORMAL-DATA - applications: - - name: NORMAL-DATA-APP - - name: NOT-SO-IMPORTANT-DATA - applications: - - name: NOT-SO-IMPORTANT-DATA-APP - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: VIDEO-APP - protocols: - - tcp - - udp - udp_dest_port_set_name: VIDEO-PORTS - tcp_dest_port_set_name: VIDEO-PORTS - - name: VOICE-APP - protocols: - - tcp - tcp_dest_port_set_name: VOICE-PORTS - - name: NORMAL-DATA-APP - dscp_ranges: - - af23 - - name: NOT-SO-IMPORTANT-DATA-APP - dscp_ranges: - - '0' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: VIDEO-PORTS - port_values: - - 4242-4244 - - name: VOICE-PORTS - port_values: - - 666-667 - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.42.1/32 - - 192.168.42.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.42.11/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: BLUE + ip_routing: true + tenant: WAN-EXAMPLE-TENANT +- name: RED + ip_routing: true + tenant: WAN-EXAMPLE-TENANT vxlan_interface: vxlan1: description: site3-wan1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: BLUE vni: 100 @@ -553,67 +617,3 @@ vxlan_interface: vni: 101 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 5000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: REGION2 - - name: Zone - value: REGION2-ZONE - - name: Site - value: SITE3 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet1.666 - tags: - - name: Type - value: lan - - interface: Ethernet1.42 - tags: - - name: Type - value: lan - - interface: Ethernet4 - tags: - - name: Type - value: wan - - name: Carrier - value: REGION2-INTERNET-CORP - - name: Circuit - value: inet-site3-wan1 - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 192.168.42.11 - region: REGION2 - zone: REGION2-ZONE - site: SITE3 - interfaces: - - name: Ethernet4 - carrier: REGION2-INTERNET-CORP - circuit_id: inet-site3-wan1 - pathgroup: INTERNET - pathfinders: - - vtep_ip: 192.168.42.1 - - vtep_ip: 192.168.42.2 -dns_domain: wan.example.local -aaa_authorization: - exec: - default: local diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml index f177dc74987..c35f1296cc9 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml @@ -1,49 +1,220 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.1/31 + peer: dc1-spine1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.3/31 + peer: dc1-spine2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf1c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf1c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf1-server1 + peer_interface: PCI1 + peer_type: server hostname: dc1-leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.3/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.3/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.101/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.1.65 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: PortChannel dc1-leaf1-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.96/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.255.0.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: dc1-leaf1b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.97 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +232,18 @@ router_bgp: description: dc1-spine2_Ethernet1 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.3:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1b_Vlan3009 - - name: VRF11 - rd: 10.255.0.3:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,70 +293,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.3:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.3 + neighbors: + - ip_address: 10.255.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.3:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.3 + neighbors: + - ip_address: 10.255.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 + ip_address: 10.255.10.3 +- name: VRF11 + ip_address: 10.255.11.3 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.96/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.64/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.96/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 tenant: TENANT1 - ip_routing: true -- name: VRF11 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.101/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF11 + ip_address: 10.255.1.96/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -255,218 +459,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.64/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.96/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: PortChannel dc1-leaf1-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc1-spine1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.1/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc1-spine2_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.3/31 -- name: Ethernet8 - peer: dc1-leaf1c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc1-leaf1c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc1-leaf1-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.1.65 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.3/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.3/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.96/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -486,10 +493,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.3 -- name: VRF11 - ip_address: 10.255.11.3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml index 81755e2b0e0..ff3cd3ae9a2 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml @@ -1,49 +1,220 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.5/31 + peer: dc1-spine1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.7/31 + peer: dc1-spine2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf1c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf1c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf1-server1 + peer_interface: PCI2 + peer_type: server hostname: dc1-leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.3/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.4/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.102/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.1.64 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: PortChannel dc1-leaf1-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.96/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.255.0.4 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: dc1-leaf1a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.96 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +232,18 @@ router_bgp: description: dc1-spine2_Ethernet2 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.4:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1a_Vlan3009 - - name: VRF11 - rd: 10.255.0.4:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,70 +293,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.4:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.4 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.4:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.4 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 + ip_address: 10.255.10.4 +- name: VRF11 + ip_address: 10.255.11.4 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.97/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.65/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.97/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 tenant: TENANT1 - ip_routing: true -- name: VRF11 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.102/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF11 + ip_address: 10.255.1.97/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -255,218 +459,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.65/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.97/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: PortChannel dc1-leaf1-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc1-spine1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.5/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc1-spine2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.7/31 -- name: Ethernet8 - peer: dc1-leaf1c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc1-leaf1c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc1-leaf1-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.1.64 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.3/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.4/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.96/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -486,10 +493,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.4 -- name: VRF11 - ip_address: 10.255.11.4 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml index 645d77245f2..af542fa3a9b 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml @@ -1,89 +1,90 @@ -hostname: dc1-leaf1c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.151/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc1-leaf1a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc1-leaf1b + peer: dc1-leaf1a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc1-leaf1b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc1-leaf1b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc1-leaf1-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc1-leaf1-server1 peer_interface: iLO peer_type: server - description: SERVER_dc1-leaf1-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc1-leaf1c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.151/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_L3_LEAF1_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -103,7 +104,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml index a0b30e2e041..7adc42138bb 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml @@ -1,58 +1,237 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf2b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf2b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.9/31 + peer: dc1-spine1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.11/31 + peer: dc1-spine2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf2c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf2c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc2-leaf2a_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.16.100.0/31 + peer: dc2-leaf2a + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf2-server1 + peer_interface: PCI1 + peer_type: server hostname: dc1-leaf2a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.5/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.5/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.103/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.1.69 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf2b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc1-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.100/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.255.0.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: dc1-leaf2b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false neighbors: - ip_address: 10.255.1.101 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -70,80 +249,35 @@ router_bgp: description: dc1-spine2_Ethernet3 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - ip_address: 10.255.128.15 peer_group: EVPN-OVERLAY-CORE + remote_as: '65202' peer: dc2-leaf2a description: dc2-leaf2a_Loopback0 - remote_as: '65202' - ip_address: 172.16.100.1 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65202' peer: dc2-leaf2a description: dc2-leaf2a - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.5:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2b_Vlan3009 - - name: VRF11 - rd: 10.255.0.5:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2b_Vlan3010 - vlans: - - id: 11 - tenant: TENANT1 - rd: 10.255.0.5:10011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: TENANT1 + rd: 10.255.0.5:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10011 route_targets: both: - 10011:10011 @@ -152,12 +286,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10011 - id: 12 tenant: TENANT1 rd: 10.255.0.5:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10012 route_targets: both: - 10012:10012 @@ -166,12 +300,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10012 - id: 21 tenant: TENANT1 rd: 10.255.0.5:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10021 route_targets: both: - 10021:10021 @@ -180,12 +314,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10021 - id: 22 tenant: TENANT1 rd: 10.255.0.5:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10022 route_targets: both: - 10022:10022 @@ -194,12 +328,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10022 - id: 3401 tenant: TENANT1 rd: 10.255.0.5:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:13401 route_targets: both: - 13401:13401 @@ -208,12 +342,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:13401 - id: 3402 tenant: TENANT1 rd: 10.255.0.5:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:13402 route_targets: both: - 13402:13402 @@ -222,73 +356,153 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.5:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.5 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.5:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.5 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.5 - name: VRF11 + ip_address: 10.255.11.5 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.100/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.68/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.103/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.100/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.1.100/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -317,228 +531,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.68/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.100/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf2b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf2b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf2b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf2b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc1-spine1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.9/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc1-spine2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.11/31 -- name: Ethernet8 - peer: dc1-leaf2c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc1-leaf2c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc2-leaf2a - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 172.16.100.0/31 - description: P2P_dc2-leaf2a_Ethernet6 -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc1-leaf2-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.1.69 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.5/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.5/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.100/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf2a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -558,10 +565,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.5 -- name: VRF11 - ip_address: 10.255.11.5 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml index 9ea5a54c032..516e510065a 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml @@ -1,58 +1,237 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf2a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf2a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.13/31 + peer: dc1-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.15/31 + peer: dc1-spine2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf2c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf2c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc2-leaf2b_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.16.100.2/31 + peer: dc2-leaf2b + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf2-server1 + peer_interface: PCI2 + peer_type: server hostname: dc1-leaf2b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.5/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.6/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.104/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.1.68 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf2a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc1-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.100/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.255.0.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: dc1-leaf2a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false neighbors: - ip_address: 10.255.1.100 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -70,80 +249,35 @@ router_bgp: description: dc1-spine2_Ethernet4 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - ip_address: 10.255.128.16 peer_group: EVPN-OVERLAY-CORE + remote_as: '65202' peer: dc2-leaf2b description: dc2-leaf2b_Loopback0 - remote_as: '65202' - ip_address: 172.16.100.3 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65202' peer: dc2-leaf2b description: dc2-leaf2b - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.6:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2a_Vlan3009 - - name: VRF11 - rd: 10.255.0.6:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2a_Vlan3010 - vlans: - - id: 11 - tenant: TENANT1 - rd: 10.255.0.6:10011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: TENANT1 + rd: 10.255.0.6:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10011 route_targets: both: - 10011:10011 @@ -152,12 +286,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10011 - id: 12 tenant: TENANT1 rd: 10.255.0.6:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10012 route_targets: both: - 10012:10012 @@ -166,12 +300,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10012 - id: 21 tenant: TENANT1 rd: 10.255.0.6:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10021 route_targets: both: - 10021:10021 @@ -180,12 +314,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10021 - id: 22 tenant: TENANT1 rd: 10.255.0.6:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10022 route_targets: both: - 10022:10022 @@ -194,12 +328,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10022 - id: 3401 tenant: TENANT1 rd: 10.255.0.6:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:13401 route_targets: both: - 13401:13401 @@ -208,12 +342,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:13401 - id: 3402 tenant: TENANT1 rd: 10.255.0.6:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:13402 route_targets: both: - 13402:13402 @@ -222,73 +356,153 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.6:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.6 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.6:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.6 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.6 - name: VRF11 + ip_address: 10.255.11.6 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.101/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.69/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.104/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.101/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.1.101/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -317,228 +531,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.69/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.101/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf2a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf2a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf2a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf2a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc1-spine1_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.13/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc1-spine2_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.15/31 -- name: Ethernet8 - peer: dc1-leaf2c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc1-leaf2c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc2-leaf2b - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 172.16.100.2/31 - description: P2P_dc2-leaf2b_Ethernet6 -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc1-leaf2-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.1.68 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.5/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.6/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.100/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf2b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -558,10 +565,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.6 -- name: VRF11 - ip_address: 10.255.11.6 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml index 13ad596fc27..916bf83647f 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml @@ -1,89 +1,90 @@ -hostname: dc1-leaf2c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.152/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: dc1-leaf2a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc1-leaf2a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc1-leaf2b + peer: dc1-leaf2a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc1-leaf2b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc1-leaf2b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc1-leaf2-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc1-leaf2-server1 peer_interface: iLO peer_type: server - description: SERVER_dc1-leaf2-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc1-leaf2c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.152/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_L3_LEAF2_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -103,7 +104,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine1.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine1.yml index 1790f170b29..6c22a5fd00c 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine1.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine1.yml @@ -1,39 +1,121 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc1-leaf1a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.0/31 + peer: dc1-leaf1a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-leaf1b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.4/31 + peer: dc1-leaf1b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc1-leaf2a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.8/31 + peer: dc1-leaf2a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc1-leaf2b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.12/31 + peer: dc1-leaf2b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: dc1-spine1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.11/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 10.255.0.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -57,133 +139,51 @@ router_bgp: description: dc1-leaf2b_Ethernet1 - ip_address: 10.255.0.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1a description: dc1-leaf1a_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1b description: dc1-leaf1b_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.11/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf1a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.0/31 -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf1b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.4/31 -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf2a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.8/31 -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf2b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.12/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine2.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine2.yml index b35fbe38ba8..956cab20330 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine2.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc1-spine2.yml @@ -1,39 +1,121 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc1-leaf1a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.2/31 + peer: dc1-leaf1a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-leaf1b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.6/31 + peer: dc1-leaf1b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc1-leaf2a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.10/31 + peer: dc1-leaf2a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc1-leaf2b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.14/31 + peer: dc1-leaf2b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: dc1-spine2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.12/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 10.255.0.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.3 peer_group: IPv4-UNDERLAY-PEERS @@ -57,133 +139,51 @@ router_bgp: description: dc1-leaf2b_Ethernet2 - ip_address: 10.255.0.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1a description: dc1-leaf1a_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1b description: dc1-leaf1b_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.12/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf1a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.2/31 -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf1b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.6/31 -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf2a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.10/31 -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf2b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.14/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1a.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1a.yml index 766613cad4e..16b630b4408 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1a.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1a.yml @@ -1,49 +1,220 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.105/31 + peer: dc2-spine1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.107/31 + peer: dc2-spine2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf1c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf1c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc2-leaf1-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf1-server1 + peer_interface: PCI1 + peer_type: server hostname: dc2-leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.13/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.13/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.13/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.13/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.111/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.129.85 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc2-leaf1-server1_Bond1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.116/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65201' router_id: 10.255.128.13 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65201' - next_hop_self: true description: dc2-leaf1b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.129.117 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +232,18 @@ router_bgp: description: dc2-spine2_Ethernet1 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.13:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.117 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1b_Vlan3009 - - name: VRF11 - rd: 10.255.128.13:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.117 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,70 +293,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.13:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.13 + neighbors: + - ip_address: 10.255.129.117 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.13:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.13 + neighbors: + - ip_address: 10.255.129.117 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 + ip_address: 10.255.10.13 +- name: VRF11 + ip_address: 10.255.11.13 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.116/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.84/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.116/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 tenant: TENANT1 - ip_routing: true -- name: VRF11 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.111/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF11 + ip_address: 10.255.129.116/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -255,218 +459,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.116/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.84/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.116/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.116/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc2-leaf1-server1_Bond1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc2-spine1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.105/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc2-spine2_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.107/31 -- name: Ethernet8 - peer: dc2-leaf1c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc2-leaf1c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc2-leaf1-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc2-leaf1-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.129.85 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.13/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.13/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.13/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.116/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -486,10 +493,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.13 -- name: VRF11 - ip_address: 10.255.11.13 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1b.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1b.yml index 3a00b620c68..e49e5b7f10a 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1b.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1b.yml @@ -1,49 +1,220 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.109/31 + peer: dc2-spine1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.111/31 + peer: dc2-spine2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf1c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf1c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc2-leaf1-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf1-server1 + peer_interface: PCI2 + peer_type: server hostname: dc2-leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.14/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.13/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.14/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.14/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.112/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.129.84 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc2-leaf1-server1_Bond1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.116/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65201' router_id: 10.255.128.14 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65201' - next_hop_self: true description: dc2-leaf1a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.129.116 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +232,18 @@ router_bgp: description: dc2-spine2_Ethernet2 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.14:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.116 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1a_Vlan3009 - - name: VRF11 - rd: 10.255.128.14:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.116 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,70 +293,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.14:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.14 + neighbors: + - ip_address: 10.255.129.116 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.14:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.14 + neighbors: + - ip_address: 10.255.129.116 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 + ip_address: 10.255.10.14 +- name: VRF11 + ip_address: 10.255.11.14 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.117/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.85/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.117/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 tenant: TENANT1 - ip_routing: true -- name: VRF11 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.112/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF11 + ip_address: 10.255.129.117/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -255,218 +459,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.117/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.85/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.117/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.117/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc2-leaf1-server1_Bond1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc2-spine1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.109/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc2-spine2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.111/31 -- name: Ethernet8 - peer: dc2-leaf1c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc2-leaf1c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc2-leaf1-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc2-leaf1-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.129.84 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.14/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.13/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.14/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.14/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.116/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -486,10 +493,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.14 -- name: VRF11 - ip_address: 10.255.11.14 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1c.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1c.yml index 0f225e5d1bb..a04f34c40ba 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1c.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf1c.yml @@ -1,89 +1,90 @@ -hostname: dc2-leaf1c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.161/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: dc2-leaf1a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc2-leaf1a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc2-leaf1b + peer: dc2-leaf1a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc2-leaf1b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc2-leaf1b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc2-leaf1-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc2-leaf1-server1 peer_interface: iLO peer_type: server - description: SERVER_dc2-leaf1-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc2-leaf1c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.161/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC2_L3_LEAF1_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -103,7 +104,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2a.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2a.yml index 6eab615b9d1..aa6bfd2cbdb 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2a.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2a.yml @@ -1,58 +1,237 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf2b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf2b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.113/31 + peer: dc2-spine1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.115/31 + peer: dc2-spine2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf2c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf2c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc1-leaf2a_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.16.100.1/31 + peer: dc1-leaf2a + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc2-leaf2-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf2-server1 + peer_interface: PCI1 + peer_type: server hostname: dc2-leaf2a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.15/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.15/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.15/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.15/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.113/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.129.89 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf2b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc2-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.120/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65202' router_id: 10.255.128.15 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65202' - next_hop_self: true description: dc2-leaf2b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false neighbors: - ip_address: 10.255.129.121 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -70,80 +249,35 @@ router_bgp: description: dc2-spine2_Ethernet3 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-CORE + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 172.16.100.0 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.15:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.121 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2b_Vlan3009 - - name: VRF11 - rd: 10.255.128.15:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.121 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2b_Vlan3010 - vlans: - - id: 11 - tenant: TENANT1 - rd: 10.255.128.15:10011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: TENANT1 + rd: 10.255.128.15:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10011 route_targets: both: - 10011:10011 @@ -152,12 +286,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10011 - id: 12 tenant: TENANT1 rd: 10.255.128.15:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10012 route_targets: both: - 10012:10012 @@ -166,12 +300,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10012 - id: 21 tenant: TENANT1 rd: 10.255.128.15:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10021 route_targets: both: - 10021:10021 @@ -180,12 +314,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10021 - id: 22 tenant: TENANT1 rd: 10.255.128.15:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10022 route_targets: both: - 10022:10022 @@ -194,12 +328,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10022 - id: 3401 tenant: TENANT1 rd: 10.255.128.15:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:13401 route_targets: both: - 13401:13401 @@ -208,12 +342,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:13401 - id: 3402 tenant: TENANT1 rd: 10.255.128.15:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:13402 route_targets: both: - 13402:13402 @@ -222,73 +356,153 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.15:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.15 + neighbors: + - ip_address: 10.255.129.121 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.15:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.15 + neighbors: + - ip_address: 10.255.129.121 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.15 - name: VRF11 + ip_address: 10.255.11.15 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.120/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.88/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.113/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.120/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.129.120/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -317,228 +531,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.120/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.88/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.120/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.120/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf2b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc2-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf2b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf2b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf2b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf2b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc2-spine1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.113/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc2-spine2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.115/31 -- name: Ethernet8 - peer: dc2-leaf2c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc2-leaf2c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc1-leaf2a - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 172.16.100.1/31 - description: P2P_dc1-leaf2a_Ethernet6 -- name: Ethernet5 - peer: dc2-leaf2-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc2-leaf2-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.129.89 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.15/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.15/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.15/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.15/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.120/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf2a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -558,10 +565,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.15 -- name: VRF11 - ip_address: 10.255.11.15 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2b.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2b.yml index a1ed3956fad..a8a4307738c 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2b.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2b.yml @@ -1,58 +1,237 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf2a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf2a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.117/31 + peer: dc2-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.119/31 + peer: dc2-spine2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf2c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf2c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc1-leaf2b_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.16.100.3/31 + peer: dc1-leaf2b + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc2-leaf2-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf2-server1 + peer_interface: PCI2 + peer_type: server hostname: dc2-leaf2b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.16/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.15/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.16/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.16/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.114/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.129.88 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf2a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc2-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.120/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65202' router_id: 10.255.128.16 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65202' - next_hop_self: true description: dc2-leaf2a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false neighbors: - ip_address: 10.255.129.120 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -70,80 +249,35 @@ router_bgp: description: dc2-spine2_Ethernet4 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-CORE + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' - ip_address: 172.16.100.2 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.16:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.120 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2a_Vlan3009 - - name: VRF11 - rd: 10.255.128.16:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.120 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2a_Vlan3010 - vlans: - - id: 11 - tenant: TENANT1 - rd: 10.255.128.16:10011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: TENANT1 + rd: 10.255.128.16:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10011 route_targets: both: - 10011:10011 @@ -152,12 +286,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10011 - id: 12 tenant: TENANT1 rd: 10.255.128.16:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10012 route_targets: both: - 10012:10012 @@ -166,12 +300,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10012 - id: 21 tenant: TENANT1 rd: 10.255.128.16:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10021 route_targets: both: - 10021:10021 @@ -180,12 +314,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10021 - id: 22 tenant: TENANT1 rd: 10.255.128.16:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10022 route_targets: both: - 10022:10022 @@ -194,12 +328,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10022 - id: 3401 tenant: TENANT1 rd: 10.255.128.16:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:13401 route_targets: both: - 13401:13401 @@ -208,12 +342,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:13401 - id: 3402 tenant: TENANT1 rd: 10.255.128.16:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:13402 route_targets: both: - 13402:13402 @@ -222,73 +356,153 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.16:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.16 + neighbors: + - ip_address: 10.255.129.120 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.16:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.16 + neighbors: + - ip_address: 10.255.129.120 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.16 - name: VRF11 + ip_address: 10.255.11.16 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.121/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.89/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.114/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.121/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.129.121/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -317,228 +531,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.121/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.89/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.121/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.121/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf2a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc2-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf2a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf2a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf2a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf2a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc2-spine1_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.117/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc2-spine2_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.119/31 -- name: Ethernet8 - peer: dc2-leaf2c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc2-leaf2c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc1-leaf2b - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 172.16.100.3/31 - description: P2P_dc1-leaf2b_Ethernet6 -- name: Ethernet5 - peer: dc2-leaf2-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc2-leaf2-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.129.88 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.16/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.15/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.16/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.16/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.120/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf2b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -558,10 +565,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.16 -- name: VRF11 - ip_address: 10.255.11.16 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2c.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2c.yml index 898ec587a5c..95002485bb3 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2c.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-leaf2c.yml @@ -1,89 +1,90 @@ -hostname: dc2-leaf2c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.162/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: dc2-leaf2a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc2-leaf2a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc2-leaf2b + peer: dc2-leaf2a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc2-leaf2b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc2-leaf2b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc2-leaf2-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc2-leaf2-server1 peer_interface: iLO peer_type: server - description: SERVER_dc2-leaf2-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc2-leaf2c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.162/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC2_L3_LEAF2_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -103,7 +104,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine1.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine1.yml index 58f5340e3cd..73a40e89858 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine1.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine1.yml @@ -1,39 +1,121 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc2-leaf1a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.104/31 + peer: dc2-leaf1a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-leaf1b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.108/31 + peer: dc2-leaf1b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc2-leaf2a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.112/31 + peer: dc2-leaf2a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc2-leaf2b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.116/31 + peer: dc2-leaf2b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: dc2-spine1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.21/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65200' router_id: 10.255.128.11 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.105 peer_group: IPv4-UNDERLAY-PEERS @@ -57,133 +139,51 @@ router_bgp: description: dc2-leaf2b_Ethernet1 - ip_address: 10.255.128.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1a description: dc2-leaf1a_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1b description: dc2-leaf1b_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2a description: dc2-leaf2a_Loopback0 - remote_as: '65202' - ip_address: 10.255.128.16 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2b description: dc2-leaf2b_Loopback0 - remote_as: '65202' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.21/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc2-leaf1a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf1a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.104/31 -- name: Ethernet2 - peer: dc2-leaf1b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf1b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.108/31 -- name: Ethernet3 - peer: dc2-leaf2a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf2a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.112/31 -- name: Ethernet4 - peer: dc2-leaf2b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf2b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.116/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine2.yml b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine2.yml index 179589e8739..5a9ae0fba03 100644 --- a/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine2.yml +++ b/ansible_collections/arista/avd/examples/dual-dc-l3ls/intended/structured_configs/dc2-spine2.yml @@ -1,39 +1,121 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc2-leaf1a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.106/31 + peer: dc2-leaf1a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-leaf1b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.110/31 + peer: dc2-leaf1b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc2-leaf2a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.114/31 + peer: dc2-leaf2a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc2-leaf2b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.118/31 + peer: dc2-leaf2b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: dc2-spine2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.12/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.22/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65200' router_id: 10.255.128.12 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.107 peer_group: IPv4-UNDERLAY-PEERS @@ -57,133 +139,51 @@ router_bgp: description: dc2-leaf2b_Ethernet2 - ip_address: 10.255.128.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1a description: dc2-leaf1a_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1b description: dc2-leaf1b_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2a description: dc2-leaf2a_Loopback0 - remote_as: '65202' - ip_address: 10.255.128.16 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2b description: dc2-leaf2b_Loopback0 - remote_as: '65202' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.22/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc2-leaf1a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf1a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.106/31 -- name: Ethernet2 - peer: dc2-leaf1b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf1b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.110/31 -- name: Ethernet3 - peer: dc2-leaf2a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf2a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.114/31 -- name: Ethernet4 - peer: dc2-leaf2b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf2b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.118/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.12/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p1.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p1.yml index 84237338264..0b354f111a8 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p1.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p1.yml @@ -1,175 +1,175 @@ -hostname: p1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.11/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +ethernet_interfaces: +- name: Ethernet1 + description: P2P_pe1_Ethernet1 shutdown: false - ip_address: 10.255.0.1/32 + mtu: 1500 + ip_address: 10.255.3.1/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: + ip: true ldp: interface: true - isis_enable: CORE - isis_passive: true -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0102.5500.0001.00 - router_id: 10.255.0.1 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.0.1 - shutdown: false - transport_address_interface: Loopback0 -ethernet_interfaces: -- name: Ethernet1 + igp_sync: true peer: pe1 peer_interface: Ethernet1 peer_type: pe switchport: enabled: false +- name: Ethernet2 + description: P2P_pe2_Ethernet2 shutdown: false mtu: 1500 - ip_address: 10.255.3.1/31 + ip_address: 10.255.3.7/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_pe1_Ethernet1 -- name: Ethernet2 peer: pe2 peer_interface: Ethernet2 peer_type: pe switchport: enabled: false +- name: Ethernet4 + description: P2P_p2_Ethernet4 shutdown: false mtu: 1500 - ip_address: 10.255.3.7/31 + ip_address: 10.255.3.8/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_pe2_Ethernet2 -- name: Ethernet4 peer: p2 peer_interface: Ethernet4 peer_type: p switchport: enabled: false +- name: Ethernet3 + description: P2P_rr1_Ethernet3 shutdown: false mtu: 1500 - ip_address: 10.255.3.8/31 + ip_address: 10.255.3.11/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p2_Ethernet4 -- name: Ethernet3 peer: rr1 peer_interface: Ethernet3 peer_type: rr switchport: enabled: false +hostname: p1 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 1500 - ip_address: 10.255.3.11/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' + ip_address: 10.255.0.1/32 mpls: - ip: true ldp: interface: true - igp_sync: true - description: P2P_rr1_Ethernet3 + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.11/24 + type: oob + gateway: 172.16.1.1 metadata: platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.0.1 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.0102.5500.0001.00 + router_id: 10.255.0.1 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p2.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p2.yml index 72980f2bedb..a263b2a4ae5 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p2.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p2.yml @@ -1,175 +1,175 @@ -hostname: p2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.12/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +ethernet_interfaces: +- name: Ethernet2 + description: P2P_pe1_Ethernet2 shutdown: false - ip_address: 10.255.0.2/32 + mtu: 1500 + ip_address: 10.255.3.3/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: + ip: true ldp: interface: true - isis_enable: CORE - isis_passive: true -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0102.5500.0002.00 - router_id: 10.255.0.2 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.0.2 - shutdown: false - transport_address_interface: Loopback0 -ethernet_interfaces: -- name: Ethernet2 + igp_sync: true peer: pe1 peer_interface: Ethernet2 peer_type: pe switchport: enabled: false +- name: Ethernet1 + description: P2P_pe2_Ethernet1 shutdown: false mtu: 1500 - ip_address: 10.255.3.3/31 + ip_address: 10.255.3.5/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_pe1_Ethernet2 -- name: Ethernet1 peer: pe2 peer_interface: Ethernet1 peer_type: pe switchport: enabled: false +- name: Ethernet4 + description: P2P_p1_Ethernet4 shutdown: false mtu: 1500 - ip_address: 10.255.3.5/31 + ip_address: 10.255.3.9/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_pe2_Ethernet1 -- name: Ethernet4 peer: p1 peer_interface: Ethernet4 peer_type: p switchport: enabled: false +- name: Ethernet3 + description: P2P_rr2_Ethernet3 shutdown: false mtu: 1500 - ip_address: 10.255.3.9/31 + ip_address: 10.255.3.17/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p1_Ethernet4 -- name: Ethernet3 peer: rr2 peer_interface: Ethernet3 peer_type: rr switchport: enabled: false +hostname: p2 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 1500 - ip_address: 10.255.3.17/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' + ip_address: 10.255.0.2/32 mpls: - ip: true ldp: interface: true - igp_sync: true - description: P2P_rr2_Ethernet3 + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.12/24 + type: oob + gateway: 172.16.1.1 metadata: platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.0.2 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.0102.5500.0002.00 + router_id: 10.255.0.2 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p3.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p3.yml index 928fa5c744e..f5e74ef4f1e 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p3.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p3.yml @@ -1,150 +1,150 @@ -hostname: p3 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.13/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.3/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0102.5500.0003.00 - router_id: 10.255.0.3 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.0.3 - shutdown: false - transport_address_interface: Loopback0 ethernet_interfaces: - name: Ethernet2 - peer: rr1 - peer_interface: Ethernet2 - peer_type: rr - switchport: - enabled: false + description: P2P_rr1_Ethernet2 shutdown: false mtu: 1500 ip_address: 10.255.3.13/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_rr1_Ethernet2 -- name: Ethernet4 - peer: p4 - peer_interface: Ethernet4 - peer_type: p + peer: rr1 + peer_interface: Ethernet2 + peer_type: rr switchport: enabled: false +- name: Ethernet4 + description: P2P_p4_Ethernet4 shutdown: false mtu: 1500 ip_address: 10.255.3.20/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p4_Ethernet4 -- name: Ethernet1 - peer: pe3 - peer_interface: Ethernet1 - peer_type: pe + peer: p4 + peer_interface: Ethernet4 + peer_type: p switchport: enabled: false +- name: Ethernet1 + description: P2P_pe3_Ethernet1 shutdown: false mtu: 1500 ip_address: 10.255.3.23/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_pe3_Ethernet1 + peer: pe3 + peer_interface: Ethernet1 + peer_type: pe + switchport: + enabled: false +hostname: p3 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.3/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.13/24 + type: oob + gateway: 172.16.1.1 metadata: platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.0.3 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.0102.5500.0003.00 + router_id: 10.255.0.3 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p4.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p4.yml index 3a9d645a1ff..f62eb716c2a 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p4.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/p4.yml @@ -1,150 +1,150 @@ -hostname: p4 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.14/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.4/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0102.5500.0004.00 - router_id: 10.255.0.4 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.0.4 - shutdown: false - transport_address_interface: Loopback0 ethernet_interfaces: - name: Ethernet2 - peer: rr2 - peer_interface: Ethernet2 - peer_type: rr - switchport: - enabled: false + description: P2P_rr2_Ethernet2 shutdown: false mtu: 1500 ip_address: 10.255.3.19/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_rr2_Ethernet2 -- name: Ethernet4 - peer: p3 - peer_interface: Ethernet4 - peer_type: p + peer: rr2 + peer_interface: Ethernet2 + peer_type: rr switchport: enabled: false +- name: Ethernet4 + description: P2P_p3_Ethernet4 shutdown: false mtu: 1500 ip_address: 10.255.3.21/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p3_Ethernet4 -- name: Ethernet3 - peer: pe3 - peer_interface: Ethernet3 - peer_type: pe + peer: p3 + peer_interface: Ethernet4 + peer_type: p switchport: enabled: false +- name: Ethernet3 + description: P2P_pe3_Ethernet3 shutdown: false mtu: 1500 ip_address: 10.255.3.25/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_pe3_Ethernet3 + peer: pe3 + peer_interface: Ethernet3 + peer_type: pe + switchport: + enabled: false +hostname: p4 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.4/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.14/24 + type: oob + gateway: 172.16.1.1 metadata: platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.0.4 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.0102.5500.0004.00 + router_id: 10.255.0.4 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe1.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe1.yml index b7319c94f93..4658e940983 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe1.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe1.yml @@ -1,5 +1,133 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_p1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.3.0/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: p1 + peer_interface: Ethernet1 + peer_type: p + switchport: + enabled: false +- name: Ethernet2 + description: P2P_p2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.3.2/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: p2 + peer_interface: Ethernet2 + peer_type: p + switchport: + enabled: false +- name: Ethernet3.10 + description: C1_L3_SERVICE + shutdown: false + vrf: C1_VRF1 + encapsulation_dot1q: + vlan: 10 + ip_address: 10.0.1.1/29 + ospf_network_point_to_point: false + ospf_area: 0.0.0.0 + peer_type: l3_interface +- name: Ethernet3.20 + description: C2_L3_SERVICE + shutdown: false + vrf: C2_VRF1 + encapsulation_dot1q: + vlan: 20 + ip_address: 10.1.1.1/29 + peer_type: l3_interface +- name: Ethernet3 + shutdown: false + peer_type: l3_interface + switchport: + enabled: false hostname: pe1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.1.1/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.101/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.1.1 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 10.255.1.1 @@ -7,31 +135,21 @@ router_bgp: external_routes: 20 internal_routes: 200 local_routes: 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65001' update_source: Loopback0 bfd: true password: $1c$G8BQN0ezkiJOX2cuAYpsEA== send_community: all maximum_routes: 0 - remote_as: '65001' - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true neighbors: - ip_address: 10.255.2.1 peer_group: MPLS-OVERLAY-PEERS @@ -41,6 +159,16 @@ router_bgp: peer_group: MPLS-OVERLAY-PEERS peer: rr2 description: rr2_Loopback0 + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 vrfs: - name: C1_VRF1 rd: 10.255.1.1:10 @@ -71,6 +199,12 @@ router_bgp: route_targets: - '20:20' router_id: 10.255.1.1 + neighbors: + - ip_address: 10.1.1.3 + remote_as: '65123' + description: C2_ROUTER1 + send_community: standard + maximum_routes: 100 redistribute: connected: enabled: true @@ -78,170 +212,16 @@ router_bgp: neighbors: - ip_address: 10.1.1.3 activate: true - neighbors: - - ip_address: 10.1.1.3 - remote_as: '65123' - description: C2_ROUTER1 - send_community: standard - maximum_routes: 100 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -- name: C1_VRF1 - tenant: CUSTOMER1 - ip_routing: true -- name: C2_VRF1 - tenant: CUSTOMER2 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.101/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.1.1/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.0102.5500.1001.00 router_id: 10.255.1.1 is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true address_family_ipv4: enabled: true maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.1.1 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ethernet_interfaces: -- name: Ethernet1 - peer: p1 - peer_interface: Ethernet1 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.255.3.0/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_p1_Ethernet1 -- name: Ethernet2 - peer: p2 - peer_interface: Ethernet2 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.255.3.2/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_p2_Ethernet2 -- name: Ethernet3.10 - peer_type: l3_interface - ip_address: 10.0.1.1/29 - shutdown: false - description: C1_L3_SERVICE - encapsulation_dot1q: - vlan: 10 - vrf: C1_VRF1 - ospf_area: 0.0.0.0 - ospf_network_point_to_point: false -- name: Ethernet3.20 - peer_type: l3_interface - ip_address: 10.1.1.1/29 - shutdown: false - description: C2_L3_SERVICE - encapsulation_dot1q: - vlan: 20 - vrf: C2_VRF1 -- name: Ethernet3 - switchport: - enabled: false - peer_type: l3_interface - shutdown: false -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 router_ospf: process_ids: - id: 10 @@ -253,5 +233,25 @@ router_ospf: redistribute: bgp: enabled: true -metadata: - platform: vEOS-lab +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: C1_VRF1 + ip_routing: true + tenant: CUSTOMER1 +- name: C2_VRF1 + ip_routing: true + tenant: CUSTOMER2 diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe2.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe2.yml index dacadc42e05..d4f01a027f9 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe2.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe2.yml @@ -1,5 +1,133 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_p2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.3.4/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: p2 + peer_interface: Ethernet1 + peer_type: p + switchport: + enabled: false +- name: Ethernet2 + description: P2P_p1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.3.6/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: p1 + peer_interface: Ethernet2 + peer_type: p + switchport: + enabled: false +- name: Ethernet4.10 + description: C1_L3_SERVICE + shutdown: false + vrf: C1_VRF1 + encapsulation_dot1q: + vlan: 10 + ip_address: 10.0.1.2/29 + ospf_network_point_to_point: false + ospf_area: 0.0.0.0 + peer_type: l3_interface +- name: Ethernet4.20 + description: C2_L3_SERVICE + shutdown: false + vrf: C2_VRF1 + encapsulation_dot1q: + vlan: 20 + ip_address: 10.1.1.2/29 + peer_type: l3_interface +- name: Ethernet4 + shutdown: false + peer_type: l3_interface + switchport: + enabled: false hostname: pe2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.1.2/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.102/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.1.2 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 10.255.1.2 @@ -7,31 +135,21 @@ router_bgp: external_routes: 20 internal_routes: 200 local_routes: 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65001' update_source: Loopback0 bfd: true password: $1c$G8BQN0ezkiJOX2cuAYpsEA== send_community: all maximum_routes: 0 - remote_as: '65001' - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true neighbors: - ip_address: 10.255.2.1 peer_group: MPLS-OVERLAY-PEERS @@ -41,6 +159,16 @@ router_bgp: peer_group: MPLS-OVERLAY-PEERS peer: rr2 description: rr2_Loopback0 + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 vrfs: - name: C1_VRF1 rd: 10.255.1.2:10 @@ -71,6 +199,12 @@ router_bgp: route_targets: - '20:20' router_id: 10.255.1.2 + neighbors: + - ip_address: 10.1.1.3 + remote_as: '65123' + description: C2_ROUTER1 + send_community: standard + maximum_routes: 100 redistribute: connected: enabled: true @@ -78,170 +212,16 @@ router_bgp: neighbors: - ip_address: 10.1.1.3 activate: true - neighbors: - - ip_address: 10.1.1.3 - remote_as: '65123' - description: C2_ROUTER1 - send_community: standard - maximum_routes: 100 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -- name: C1_VRF1 - tenant: CUSTOMER1 - ip_routing: true -- name: C2_VRF1 - tenant: CUSTOMER2 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.102/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.1.2/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.0102.5500.1002.00 router_id: 10.255.1.2 is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true address_family_ipv4: enabled: true maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.1.2 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ethernet_interfaces: -- name: Ethernet1 - peer: p2 - peer_interface: Ethernet1 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.255.3.4/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_p2_Ethernet1 -- name: Ethernet2 - peer: p1 - peer_interface: Ethernet2 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.255.3.6/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_p1_Ethernet2 -- name: Ethernet4.10 - peer_type: l3_interface - ip_address: 10.0.1.2/29 - shutdown: false - description: C1_L3_SERVICE - encapsulation_dot1q: - vlan: 10 - vrf: C1_VRF1 - ospf_area: 0.0.0.0 - ospf_network_point_to_point: false -- name: Ethernet4.20 - peer_type: l3_interface - ip_address: 10.1.1.2/29 - shutdown: false - description: C2_L3_SERVICE - encapsulation_dot1q: - vlan: 20 - vrf: C2_VRF1 -- name: Ethernet4 - switchport: - enabled: false - peer_type: l3_interface - shutdown: false -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 router_ospf: process_ids: - id: 10 @@ -253,5 +233,25 @@ router_ospf: redistribute: bgp: enabled: true -metadata: - platform: vEOS-lab +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: C1_VRF1 + ip_routing: true + tenant: CUSTOMER1 +- name: C2_VRF1 + ip_routing: true + tenant: CUSTOMER2 diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe3.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe3.yml index b64d1eb47fe..215fd4aa130 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe3.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/pe3.yml @@ -1,5 +1,128 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_p3_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.3.22/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: p3 + peer_interface: Ethernet1 + peer_type: p + switchport: + enabled: false +- name: Ethernet3 + description: P2P_p4_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.3.24/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: p4 + peer_interface: Ethernet3 + peer_type: p + switchport: + enabled: false +- name: Ethernet2 + description: C1_L3_SERVICE + shutdown: false + vrf: C1_VRF1 + ip_address: 10.0.1.9/30 + ospf_network_point_to_point: false + ospf_area: 0.0.0.0 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet4 + description: C2_L3_SERVICE + shutdown: false + vrf: C2_VRF1 + ip_address: 10.1.1.9/30 + peer_type: l3_interface + switchport: + enabled: false hostname: pe3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.1.3/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.103/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.1.3 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 10.255.1.3 @@ -7,31 +130,21 @@ router_bgp: external_routes: 20 internal_routes: 200 local_routes: 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65001' update_source: Loopback0 bfd: true password: $1c$G8BQN0ezkiJOX2cuAYpsEA== send_community: all maximum_routes: 0 - remote_as: '65001' - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true neighbors: - ip_address: 10.255.2.1 peer_group: MPLS-OVERLAY-PEERS @@ -41,6 +154,16 @@ router_bgp: peer_group: MPLS-OVERLAY-PEERS peer: rr2 description: rr2_Loopback0 + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 vrfs: - name: C1_VRF1 rd: 10.255.1.3:10 @@ -71,6 +194,12 @@ router_bgp: route_targets: - '20:20' router_id: 10.255.1.3 + neighbors: + - ip_address: 10.1.1.10 + remote_as: '65124' + description: C2_ROUTER2 + send_community: standard + maximum_routes: 100 redistribute: connected: enabled: true @@ -78,165 +207,16 @@ router_bgp: neighbors: - ip_address: 10.1.1.10 activate: true - neighbors: - - ip_address: 10.1.1.10 - remote_as: '65124' - description: C2_ROUTER2 - send_community: standard - maximum_routes: 100 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -- name: C1_VRF1 - tenant: CUSTOMER1 - ip_routing: true -- name: C2_VRF1 - tenant: CUSTOMER2 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.103/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.1.3/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.0102.5500.1003.00 router_id: 10.255.1.3 is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true address_family_ipv4: enabled: true maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.1.3 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ethernet_interfaces: -- name: Ethernet1 - peer: p3 - peer_interface: Ethernet1 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.255.3.22/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_p3_Ethernet1 -- name: Ethernet3 - peer: p4 - peer_interface: Ethernet3 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.255.3.24/31 - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_p4_Ethernet3 -- name: Ethernet2 - peer_type: l3_interface - ip_address: 10.0.1.9/30 - shutdown: false - description: C1_L3_SERVICE - switchport: - enabled: false - vrf: C1_VRF1 - ospf_area: 0.0.0.0 - ospf_network_point_to_point: false -- name: Ethernet4 - peer_type: l3_interface - ip_address: 10.1.1.9/30 - shutdown: false - description: C2_L3_SERVICE - switchport: - enabled: false - vrf: C2_VRF1 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 router_ospf: process_ids: - id: 10 @@ -248,5 +228,25 @@ router_ospf: redistribute: bgp: enabled: true -metadata: - platform: vEOS-lab +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: C1_VRF1 + ip_routing: true + tenant: CUSTOMER1 +- name: C2_VRF1 + ip_routing: true + tenant: CUSTOMER2 diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr1.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr1.yml index f978e1b45b0..2b847815698 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr1.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr1.yml @@ -1,216 +1,216 @@ -hostname: rr1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 10.255.2.1 - distance: - external_routes: 20 - internal_routes: 200 - local_routes: 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - bgp_cluster_id: 10.255.2.1 - peer_groups: - - name: MPLS-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: $1c$G8BQN0ezkiJOX2cuAYpsEA== - send_community: all - maximum_routes: 0 - remote_as: '65001' - route_reflector_client: true - - name: RR-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: $1c$G8BQN0ezkiJOX2cuAYpsEA== - send_community: all - maximum_routes: 0 - remote_as: '65001' - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - - name: RR-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - - name: RR-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 10.255.1.1 - peer_group: MPLS-OVERLAY-PEERS - peer: pe1 - description: pe1_Loopback0 - - ip_address: 10.255.1.2 - peer_group: MPLS-OVERLAY-PEERS - peer: pe2 - description: pe2_Loopback0 - - ip_address: 10.255.1.3 - peer_group: MPLS-OVERLAY-PEERS - peer: pe3 - description: pe3_Loopback0 - - ip_address: 10.255.2.2 - peer_group: RR-OVERLAY-PEERS - peer: rr2 - description: rr2_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.151/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.2.1/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0102.5500.2001.00 - router_id: 10.255.2.1 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.2.1 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet3 - peer: p1 - peer_interface: Ethernet3 - peer_type: p - switchport: - enabled: false + description: P2P_p1_Ethernet3 shutdown: false mtu: 1500 ip_address: 10.255.3.10/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p1_Ethernet3 -- name: Ethernet2 - peer: p3 - peer_interface: Ethernet2 + peer: p1 + peer_interface: Ethernet3 peer_type: p switchport: enabled: false +- name: Ethernet2 + description: P2P_p3_Ethernet2 shutdown: false mtu: 1500 ip_address: 10.255.3.12/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p3_Ethernet2 -- name: Ethernet4 - peer: rr2 - peer_interface: Ethernet4 - peer_type: rr + peer: p3 + peer_interface: Ethernet2 + peer_type: p switchport: enabled: false +- name: Ethernet4 + description: P2P_rr2_Ethernet4 shutdown: false mtu: 1500 ip_address: 10.255.3.14/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_rr2_Ethernet4 + peer: rr2 + peer_interface: Ethernet4 + peer_type: rr + switchport: + enabled: false +hostname: rr1 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.2.1/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.151/24 + type: oob + gateway: 172.16.1.1 metadata: platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.2.1 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65001' + router_id: 10.255.2.1 + distance: + external_routes: 20 + internal_routes: 200 + local_routes: 200 + maximum_paths: + paths: 4 + ecmp: 4 + bgp_cluster_id: 10.255.2.1 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MPLS-OVERLAY-PEERS + type: mpls + remote_as: '65001' + update_source: Loopback0 + route_reflector_client: true + bfd: true + password: $1c$G8BQN0ezkiJOX2cuAYpsEA== + send_community: all + maximum_routes: 0 + - name: RR-OVERLAY-PEERS + type: mpls + remote_as: '65001' + update_source: Loopback0 + bfd: true + password: $1c$G8BQN0ezkiJOX2cuAYpsEA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.1.1 + peer_group: MPLS-OVERLAY-PEERS + peer: pe1 + description: pe1_Loopback0 + - ip_address: 10.255.1.2 + peer_group: MPLS-OVERLAY-PEERS + peer: pe2 + description: pe2_Loopback0 + - ip_address: 10.255.1.3 + peer_group: MPLS-OVERLAY-PEERS + peer: pe3 + description: pe3_Loopback0 + - ip_address: 10.255.2.2 + peer_group: RR-OVERLAY-PEERS + peer: rr2 + description: rr2_Loopback0 + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + - name: RR-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + - name: RR-OVERLAY-PEERS + activate: true +router_isis: + instance: CORE + net: 49.0001.0102.5500.2001.00 + router_id: 10.255.2.1 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr2.yml b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr2.yml index 2a4297f8e60..648212b021a 100644 --- a/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr2.yml +++ b/ansible_collections/arista/avd/examples/isis-ldp-ipvpn/intended/structured_configs/rr2.yml @@ -1,216 +1,216 @@ -hostname: rr2 -is_deployed: true -router_bgp: - as: '65001' - router_id: 10.255.2.2 - distance: - external_routes: 20 - internal_routes: 200 - local_routes: 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - bgp_cluster_id: 10.255.2.2 - peer_groups: - - name: MPLS-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: $1c$G8BQN0ezkiJOX2cuAYpsEA== - send_community: all - maximum_routes: 0 - remote_as: '65001' - route_reflector_client: true - - name: RR-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: $1c$G8BQN0ezkiJOX2cuAYpsEA== - send_community: all - maximum_routes: 0 - remote_as: '65001' - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - - name: RR-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - - name: RR-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 10.255.1.1 - peer_group: MPLS-OVERLAY-PEERS - peer: pe1 - description: pe1_Loopback0 - - ip_address: 10.255.1.2 - peer_group: MPLS-OVERLAY-PEERS - peer: pe2 - description: pe2_Loopback0 - - ip_address: 10.255.1.3 - peer_group: MPLS-OVERLAY-PEERS - peer: pe3 - description: pe3_Loopback0 - - ip_address: 10.255.2.1 - peer_group: RR-OVERLAY-PEERS - peer: rr1 - description: rr1_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.152/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.2.2/32 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0102.5500.2002.00 - router_id: 10.255.2.2 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - mpls_ldp_sync_default: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 10.255.2.2 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet4 - peer: rr1 - peer_interface: Ethernet4 - peer_type: rr - switchport: - enabled: false + description: P2P_rr1_Ethernet4 shutdown: false mtu: 1500 ip_address: 10.255.3.15/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_rr1_Ethernet4 -- name: Ethernet3 - peer: p2 - peer_interface: Ethernet3 - peer_type: p + peer: rr1 + peer_interface: Ethernet4 + peer_type: rr switchport: enabled: false +- name: Ethernet3 + description: P2P_p2_Ethernet3 shutdown: false mtu: 1500 ip_address: 10.255.3.16/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p2_Ethernet3 -- name: Ethernet2 - peer: p4 - peer_interface: Ethernet2 + peer: p2 + peer_interface: Ethernet3 peer_type: p switchport: enabled: false +- name: Ethernet2 + description: P2P_p4_Ethernet2 shutdown: false mtu: 1500 ip_address: 10.255.3.18/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_p4_Ethernet2 + peer: p4 + peer_interface: Ethernet2 + peer_type: p + switchport: + enabled: false +hostname: rr2 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$QJUtFkyu9yoecsq.$ysGzlb2YXaIMvezqGEna7RE8CMALJHnv7Q1i.27VygyKUtSeX.n2xRTyOtCR8eOAl.4imBLyhXFc4o97P5n071 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.2.2/32 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.152/24 + type: oob + gateway: 172.16.1.1 metadata: platform: vEOS-lab +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.255.2.2 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65001' + router_id: 10.255.2.2 + distance: + external_routes: 20 + internal_routes: 200 + local_routes: 200 + maximum_paths: + paths: 4 + ecmp: 4 + bgp_cluster_id: 10.255.2.2 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MPLS-OVERLAY-PEERS + type: mpls + remote_as: '65001' + update_source: Loopback0 + route_reflector_client: true + bfd: true + password: $1c$G8BQN0ezkiJOX2cuAYpsEA== + send_community: all + maximum_routes: 0 + - name: RR-OVERLAY-PEERS + type: mpls + remote_as: '65001' + update_source: Loopback0 + bfd: true + password: $1c$G8BQN0ezkiJOX2cuAYpsEA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.1.1 + peer_group: MPLS-OVERLAY-PEERS + peer: pe1 + description: pe1_Loopback0 + - ip_address: 10.255.1.2 + peer_group: MPLS-OVERLAY-PEERS + peer: pe2 + description: pe2_Loopback0 + - ip_address: 10.255.1.3 + peer_group: MPLS-OVERLAY-PEERS + peer: pe3 + description: pe3_Loopback0 + - ip_address: 10.255.2.1 + peer_group: RR-OVERLAY-PEERS + peer: rr1 + description: rr1_Loopback0 + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + - name: RR-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + - name: RR-OVERLAY-PEERS + activate: true +router_isis: + instance: CORE + net: 49.0001.0102.5500.2002.00 + router_id: 10.255.2.2 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF1.yml b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF1.yml index c0d4b8cf885..9beac1350f0 100644 --- a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF1.yml +++ b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF1.yml @@ -1,32 +1,66 @@ -hostname: LEAF1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet47 + description: MLAG_LEAF2_Ethernet47 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF2 + peer_interface: Ethernet47 + peer_type: mlag_peer +- name: Ethernet48 + description: MLAG_LEAF2_Ethernet48 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF2 + peer_interface: Ethernet48 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_SPINE1_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE1 + peer_interface: Ethernet1 + peer_type: l2spine +- name: Ethernet2 + description: L2_SPINE2_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE2 + peer_interface: Ethernet1 + peer_type: l2spine +- name: Ethernet3 + description: SERVER_HostA_Eth1 + shutdown: false + spanning_tree_portfast: edge + peer: HostA + peer_interface: Eth1 + peer_type: server + port_profile: PP-BLUE + switchport: + enabled: true + mode: access + access_vlan: 10 +hostname: LEAF1 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -36,126 +70,92 @@ local_users: privilege: 15 role: network-admin no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.105/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOS-LAB +mlag_configuration: + domain_id: RACK1 + local_interface: Vlan4094 + peer_address: 192.168.0.1 + peer_link: Port-Channel47 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 10 - name: BLUE-NET - tenant: MY_FABRIC -- id: 20 - name: GREEN-NET - tenant: MY_FABRIC -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.0/31 port_channel_interfaces: - name: Port-Channel47 description: MLAG_LEAF2_Port-Channel47 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_SPINES_Port-Channel1 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,20 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet47 - peer: LEAF2 - peer_interface: Ethernet47 - peer_type: mlag_peer - description: MLAG_LEAF2_Ethernet47 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet48 - peer: LEAF2 - peer_interface: Ethernet48 - peer_type: mlag_peer - description: MLAG_LEAF2_Ethernet48 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet1 - peer: SPINE1 - peer_interface: Ethernet1 - peer_type: l2spine - description: L2_SPINE1_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: SPINE2 - peer_interface: Ethernet1 - peer_type: l2spine - description: L2_SPINE2_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet3 - peer: HostA - peer_interface: Eth1 - peer_type: server - port_profile: PP-BLUE - description: SERVER_HostA_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 10 - spanning_tree_portfast: edge -mlag_configuration: - domain_id: RACK1 - local_interface: Vlan4094 - peer_address: 192.168.0.1 - peer_link: Port-Channel47 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOS-LAB + ip_address: 192.168.0.0/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 10 + name: BLUE-NET + tenant: MY_FABRIC +- id: 20 + name: GREEN-NET + tenant: MY_FABRIC +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF2.yml b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF2.yml index cf3023e1e8d..09adfaa2c43 100644 --- a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF2.yml +++ b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF2.yml @@ -1,32 +1,66 @@ -hostname: LEAF2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet47 + description: MLAG_LEAF1_Ethernet47 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF1 + peer_interface: Ethernet47 + peer_type: mlag_peer +- name: Ethernet48 + description: MLAG_LEAF1_Ethernet48 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF1 + peer_interface: Ethernet48 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_SPINE1_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE1 + peer_interface: Ethernet2 + peer_type: l2spine +- name: Ethernet2 + description: L2_SPINE2_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE2 + peer_interface: Ethernet2 + peer_type: l2spine +- name: Ethernet3 + description: SERVER_HostB_Eth1 + shutdown: false + spanning_tree_portfast: edge + peer: HostB + peer_interface: Eth1 + peer_type: server + port_profile: PP-GREEN + switchport: + enabled: true + mode: access + access_vlan: 20 +hostname: LEAF2 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -36,126 +70,92 @@ local_users: privilege: 15 role: network-admin no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.106/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOS-LAB +mlag_configuration: + domain_id: RACK1 + local_interface: Vlan4094 + peer_address: 192.168.0.0 + peer_link: Port-Channel47 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 10 - name: BLUE-NET - tenant: MY_FABRIC -- id: 20 - name: GREEN-NET - tenant: MY_FABRIC -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.1/31 port_channel_interfaces: - name: Port-Channel47 description: MLAG_LEAF1_Port-Channel47 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_SPINES_Port-Channel1 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,20 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet47 - peer: LEAF1 - peer_interface: Ethernet47 - peer_type: mlag_peer - description: MLAG_LEAF1_Ethernet47 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet48 - peer: LEAF1 - peer_interface: Ethernet48 - peer_type: mlag_peer - description: MLAG_LEAF1_Ethernet48 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet1 - peer: SPINE1 - peer_interface: Ethernet2 - peer_type: l2spine - description: L2_SPINE1_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: SPINE2 - peer_interface: Ethernet2 - peer_type: l2spine - description: L2_SPINE2_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet3 - peer: HostB - peer_interface: Eth1 - peer_type: server - port_profile: PP-GREEN - description: SERVER_HostB_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 20 - spanning_tree_portfast: edge -mlag_configuration: - domain_id: RACK1 - local_interface: Vlan4094 - peer_address: 192.168.0.0 - peer_link: Port-Channel47 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOS-LAB + ip_address: 192.168.0.1/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 10 + name: BLUE-NET + tenant: MY_FABRIC +- id: 20 + name: GREEN-NET + tenant: MY_FABRIC +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF3.yml b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF3.yml index 8a95c4a27b0..1652015a0a2 100644 --- a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF3.yml +++ b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF3.yml @@ -1,32 +1,66 @@ -hostname: LEAF3 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet47 + description: MLAG_LEAF4_Ethernet47 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF4 + peer_interface: Ethernet47 + peer_type: mlag_peer +- name: Ethernet48 + description: MLAG_LEAF4_Ethernet48 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF4 + peer_interface: Ethernet48 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_SPINE1_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE1 + peer_interface: Ethernet3 + peer_type: l2spine +- name: Ethernet2 + description: L2_SPINE2_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE2 + peer_interface: Ethernet3 + peer_type: l2spine +- name: Ethernet3 + description: SERVER_HostC_Eth1 + shutdown: false + spanning_tree_portfast: edge + peer: HostC + peer_interface: Eth1 + peer_type: server + port_profile: PP-BLUE + switchport: + enabled: true + mode: access + access_vlan: 10 +hostname: LEAF3 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -36,126 +70,92 @@ local_users: privilege: 15 role: network-admin no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.107/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOS-LAB +mlag_configuration: + domain_id: RACK2 + local_interface: Vlan4094 + peer_address: 192.168.0.5 + peer_link: Port-Channel47 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 10 - name: BLUE-NET - tenant: MY_FABRIC -- id: 30 - name: ORANGE-NET - tenant: MY_FABRIC -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.4/31 port_channel_interfaces: - name: Port-Channel47 description: MLAG_LEAF4_Port-Channel47 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_SPINES_Port-Channel3 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,30 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet47 - peer: LEAF4 - peer_interface: Ethernet47 - peer_type: mlag_peer - description: MLAG_LEAF4_Ethernet47 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet48 - peer: LEAF4 - peer_interface: Ethernet48 - peer_type: mlag_peer - description: MLAG_LEAF4_Ethernet48 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet1 - peer: SPINE1 - peer_interface: Ethernet3 - peer_type: l2spine - description: L2_SPINE1_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: SPINE2 - peer_interface: Ethernet3 - peer_type: l2spine - description: L2_SPINE2_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet3 - peer: HostC - peer_interface: Eth1 - peer_type: server - port_profile: PP-BLUE - description: SERVER_HostC_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 10 - spanning_tree_portfast: edge -mlag_configuration: - domain_id: RACK2 - local_interface: Vlan4094 - peer_address: 192.168.0.5 - peer_link: Port-Channel47 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOS-LAB + ip_address: 192.168.0.4/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 10 + name: BLUE-NET + tenant: MY_FABRIC +- id: 30 + name: ORANGE-NET + tenant: MY_FABRIC +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF4.yml b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF4.yml index 8897820d220..9dbcf72b23c 100644 --- a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF4.yml +++ b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/LEAF4.yml @@ -1,32 +1,66 @@ -hostname: LEAF4 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet47 + description: MLAG_LEAF3_Ethernet47 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF3 + peer_interface: Ethernet47 + peer_type: mlag_peer +- name: Ethernet48 + description: MLAG_LEAF3_Ethernet48 + shutdown: false + channel_group: + id: 47 + mode: active + peer: LEAF3 + peer_interface: Ethernet48 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_SPINE1_Ethernet4 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE1 + peer_interface: Ethernet4 + peer_type: l2spine +- name: Ethernet2 + description: L2_SPINE2_Ethernet4 + shutdown: false + channel_group: + id: 1 + mode: active + peer: SPINE2 + peer_interface: Ethernet4 + peer_type: l2spine +- name: Ethernet3 + description: SERVER_Host2_Eth1 + shutdown: false + spanning_tree_portfast: edge + peer: Host2 + peer_interface: Eth1 + peer_type: server + port_profile: PP-ORANGE + switchport: + enabled: true + mode: access + access_vlan: 30 +hostname: LEAF4 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -36,126 +70,92 @@ local_users: privilege: 15 role: network-admin no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.108/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOS-LAB +mlag_configuration: + domain_id: RACK2 + local_interface: Vlan4094 + peer_address: 192.168.0.4 + peer_link: Port-Channel47 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 10 - name: BLUE-NET - tenant: MY_FABRIC -- id: 30 - name: ORANGE-NET - tenant: MY_FABRIC -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.5/31 port_channel_interfaces: - name: Port-Channel47 description: MLAG_LEAF3_Port-Channel47 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_SPINES_Port-Channel3 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,30 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet47 - peer: LEAF3 - peer_interface: Ethernet47 - peer_type: mlag_peer - description: MLAG_LEAF3_Ethernet47 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet48 - peer: LEAF3 - peer_interface: Ethernet48 - peer_type: mlag_peer - description: MLAG_LEAF3_Ethernet48 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet1 - peer: SPINE1 - peer_interface: Ethernet4 - peer_type: l2spine - description: L2_SPINE1_Ethernet4 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: SPINE2 - peer_interface: Ethernet4 - peer_type: l2spine - description: L2_SPINE2_Ethernet4 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet3 - peer: Host2 - peer_interface: Eth1 - peer_type: server - port_profile: PP-ORANGE - description: SERVER_Host2_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 30 - spanning_tree_portfast: edge -mlag_configuration: - domain_id: RACK2 - local_interface: Vlan4094 - peer_address: 192.168.0.4 - peer_link: Port-Channel47 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOS-LAB + ip_address: 192.168.0.5/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 10 + name: BLUE-NET + tenant: MY_FABRIC +- id: 30 + name: ORANGE-NET + tenant: MY_FABRIC +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE1.yml b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE1.yml index a40b8b4b3c3..d418fb6a0f8 100644 --- a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE1.yml +++ b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE1.yml @@ -1,32 +1,82 @@ -hostname: SPINE1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet47 + description: MLAG_SPINE2_Ethernet47 + shutdown: false + channel_group: + id: 47 + mode: active + peer: SPINE2 + peer_interface: Ethernet47 + peer_type: mlag_peer +- name: Ethernet48 + description: MLAG_SPINE2_Ethernet48 + shutdown: false + channel_group: + id: 47 + mode: active + peer: SPINE2 + peer_interface: Ethernet48 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_LEAF1_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: LEAF1 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet2 + description: L2_LEAF2_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: LEAF2 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet3 + description: L2_LEAF3_Ethernet1 + shutdown: false + channel_group: + id: 3 + mode: active + peer: LEAF3 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet4 + description: L2_LEAF4_Ethernet1 + shutdown: false + channel_group: + id: 3 + mode: active + peer: LEAF4 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: FIREWALL_FIREWALL_Eth1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: FIREWALL + peer_interface: Eth1 + peer_type: firewall + port_profile: PP-FIREWALL +hostname: SPINE1 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -36,163 +86,113 @@ local_users: privilege: 15 role: network-admin no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.101/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOS-LAB +mlag_configuration: + domain_id: SPINES + local_interface: Vlan4094 + peer_address: 192.168.0.1 + peer_link: Port-Channel47 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 10 - name: BLUE-NET - tenant: MY_FABRIC -- id: 20 - name: GREEN-NET - tenant: MY_FABRIC -- id: 30 - name: ORANGE-NET - tenant: MY_FABRIC -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.0/31 port_channel_interfaces: - name: Port-Channel47 description: MLAG_SPINE2_Port-Channel47 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_RACK1_Port-Channel1 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,20 - shutdown: false - mlag: 1 - name: Port-Channel3 description: L2_RACK2_Port-Channel1 + shutdown: false + mlag: 3 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,30 - shutdown: false - mlag: 3 - name: Port-Channel5 description: FIREWALL_FIREWALL shutdown: false + mlag: 5 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,20,30 - mlag: 5 -ethernet_interfaces: -- name: Ethernet47 - peer: SPINE2 - peer_interface: Ethernet47 - peer_type: mlag_peer - description: MLAG_SPINE2_Ethernet47 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet48 - peer: SPINE2 - peer_interface: Ethernet48 - peer_type: mlag_peer - description: MLAG_SPINE2_Ethernet48 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet1 - peer: LEAF1 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_LEAF1_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: LEAF2 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_LEAF2_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet3 - peer: LEAF3 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_LEAF3_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: LEAF4 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_LEAF4_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet5 - peer: FIREWALL - peer_interface: Eth1 - peer_type: firewall - port_profile: PP-FIREWALL - description: FIREWALL_FIREWALL_Eth1 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: SPINES - local_interface: Vlan4094 - peer_address: 192.168.0.1 - peer_link: Port-Channel47 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOS-LAB + ip_address: 192.168.0.0/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 10 + name: BLUE-NET + tenant: MY_FABRIC +- id: 20 + name: GREEN-NET + tenant: MY_FABRIC +- id: 30 + name: ORANGE-NET + tenant: MY_FABRIC +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE2.yml b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE2.yml index fde91f5f6ef..f0722e7a504 100644 --- a/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE2.yml +++ b/ansible_collections/arista/avd/examples/l2ls-fabric/intended/structured_configs/SPINE2.yml @@ -1,32 +1,82 @@ -hostname: SPINE2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.100.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet47 + description: MLAG_SPINE1_Ethernet47 + shutdown: false + channel_group: + id: 47 + mode: active + peer: SPINE1 + peer_interface: Ethernet47 + peer_type: mlag_peer +- name: Ethernet48 + description: MLAG_SPINE1_Ethernet48 + shutdown: false + channel_group: + id: 47 + mode: active + peer: SPINE1 + peer_interface: Ethernet48 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_LEAF1_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: LEAF1 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet2 + description: L2_LEAF2_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: LEAF2 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet3 + description: L2_LEAF3_Ethernet2 + shutdown: false + channel_group: + id: 3 + mode: active + peer: LEAF3 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet4 + description: L2_LEAF4_Ethernet2 + shutdown: false + channel_group: + id: 3 + mode: active + peer: LEAF4 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: FIREWALL_FIREWALL_Eth2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: FIREWALL + peer_interface: Eth2 + peer_type: firewall + port_profile: PP-FIREWALL +hostname: SPINE2 +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 8.8.4.4 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -36,163 +86,113 @@ local_users: privilege: 15 role: network-admin no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.100.102/24 - gateway: 172.16.100.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.100.1 +metadata: + platform: cEOS-LAB +mlag_configuration: + domain_id: SPINES + local_interface: Vlan4094 + peer_address: 192.168.0.0 + peer_link: Port-Channel47 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management0 vrf: MGMT servers: - name: time.google.com - vrf: MGMT preferred: true + vrf: MGMT - name: pool.ntp.org vrf: MGMT -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 10 - name: BLUE-NET - tenant: MY_FABRIC -- id: 20 - name: GREEN-NET - tenant: MY_FABRIC -- id: 30 - name: ORANGE-NET - tenant: MY_FABRIC -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 192.168.0.1/31 port_channel_interfaces: - name: Port-Channel47 description: MLAG_SPINE1_Port-Channel47 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_RACK1_Port-Channel1 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,20 - shutdown: false - mlag: 1 - name: Port-Channel3 description: L2_RACK2_Port-Channel1 + shutdown: false + mlag: 3 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,30 - shutdown: false - mlag: 3 - name: Port-Channel5 description: FIREWALL_FIREWALL shutdown: false + mlag: 5 switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,20,30 - mlag: 5 -ethernet_interfaces: -- name: Ethernet47 - peer: SPINE1 - peer_interface: Ethernet47 - peer_type: mlag_peer - description: MLAG_SPINE1_Ethernet47 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet48 - peer: SPINE1 - peer_interface: Ethernet48 - peer_type: mlag_peer - description: MLAG_SPINE1_Ethernet48 - shutdown: false - channel_group: - id: 47 - mode: active -- name: Ethernet1 - peer: LEAF1 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_LEAF1_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: LEAF2 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_LEAF2_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet3 - peer: LEAF3 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_LEAF3_Ethernet2 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: LEAF4 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_LEAF4_Ethernet2 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet5 - peer: FIREWALL - peer_interface: Eth2 - peer_type: firewall - port_profile: PP-FIREWALL - description: FIREWALL_FIREWALL_Eth2 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.100.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: SPINES - local_interface: Vlan4094 - peer_address: 192.168.0.0 - peer_link: Port-Channel47 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: cEOS-LAB + ip_address: 192.168.0.1/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 10 + name: BLUE-NET + tenant: MY_FABRIC +- id: 20 + name: GREEN-NET + tenant: MY_FABRIC +- id: 30 + name: ORANGE-NET + tenant: MY_FABRIC +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml index e5ed135d64e..1e35c548192 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1a.yml @@ -1,49 +1,241 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.1.12:9910 + cvauth: + method: token + token_file: /tmp/token + cvvrf: MGMT + disable_aaa: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.1/31 + peer: dc1-spine1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.3/31 + peer: dc1-spine2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf1c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf1c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf1-server1 + peer_interface: PCI1 + peer_type: server hostname: dc1-leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.1.1 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.3/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.3/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.101/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.1.65 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc1-leaf1-server1_Bond1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.96/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.255.0.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: dc1-leaf1b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.97 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +253,18 @@ router_bgp: description: dc1-spine2_Ethernet1 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.3:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1b_Vlan3009 - - name: VRF11 - rd: 10.255.0.3:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,91 +314,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.3:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.3 + neighbors: + - ip_address: 10.255.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.3:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.3 + neighbors: + - ip_address: 10.255.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.1.12:9910 - cvauth: - method: token - token_file: /tmp/token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.1.1 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.3 - name: VRF11 + ip_address: 10.255.11.3 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.96/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.64/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.96/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.101/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true + vrf: VRF11 + ip_address: 10.255.1.96/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -276,218 +480,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.64/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.96/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf1-server1_Bond1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc1-spine1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.1/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc1-spine2_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.3/31 -- name: Ethernet8 - peer: dc1-leaf1c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc1-leaf1c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc1-leaf1-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.1.65 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.3/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.3/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.96/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -507,10 +514,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.3 -- name: VRF11 - ip_address: 10.255.11.3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml index 46ca109b1a4..f195c1a723c 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1b.yml @@ -1,49 +1,241 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.1.12:9910 + cvauth: + method: token + token_file: /tmp/token + cvvrf: MGMT + disable_aaa: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.5/31 + peer: dc1-spine1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.7/31 + peer: dc1-spine2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf1c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf1c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf1-server1 + peer_interface: PCI2 + peer_type: server hostname: dc1-leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.1.1 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.3/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.4/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.102/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.1.64 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc1-leaf1-server1_Bond1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.96/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.255.0.4 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: dc1-leaf1a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.96 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +253,18 @@ router_bgp: description: dc1-spine2_Ethernet2 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.4:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1a_Vlan3009 - - name: VRF11 - rd: 10.255.0.4:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,91 +314,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.4:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.4 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.4:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.4 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.1.12:9910 - cvauth: - method: token - token_file: /tmp/token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.1.1 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.4 - name: VRF11 + ip_address: 10.255.11.4 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.97/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.65/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.97/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.102/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true + vrf: VRF11 + ip_address: 10.255.1.97/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -276,218 +480,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.65/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.97/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf1-server1_Bond1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc1-spine1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.5/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc1-spine2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.7/31 -- name: Ethernet8 - peer: dc1-leaf1c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc1-leaf1c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc1-leaf1-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.1.64 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.3/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.4/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.96/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -507,10 +514,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.4 -- name: VRF11 - ip_address: 10.255.11.4 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml index 63b3cd03784..40eec6c66cd 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf1c.yml @@ -1,10 +1,6 @@ -hostname: dc1-leaf1c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.1.12:9910 @@ -12,28 +8,48 @@ daemon_terminattr: method: token token_file: /tmp/token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_dc1-leaf1a_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: dc1-leaf1a + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: L2_dc1-leaf1b_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_iLO + shutdown: false + spanning_tree_portfast: edge + peer: dc1-leaf1-server1 + peer_interface: iLO + peer_type: server + switchport: + enabled: true + mode: access + access_vlan: 11 +hostname: dc1-leaf1c +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.1.1 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 +is_deployed: true local_users: - name: admin privilege: 15 @@ -43,68 +59,53 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.1.151/24 - gateway: 172.16.1.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 0.pool.ntp.org - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_dc1-leaf1a_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_dc1-leaf1b_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: iLO - peer_type: server - description: SERVER_dc1-leaf1-server1_iLO - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_L3_LEAF1_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -124,7 +125,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml index 59176326ef4..b5283ec6a4f 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2a.yml @@ -1,49 +1,241 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.1.12:9910 + cvauth: + method: token + token_file: /tmp/token + cvvrf: MGMT + disable_aaa: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf2b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf2b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.9/31 + peer: dc1-spine1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.11/31 + peer: dc1-spine2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf2c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf2c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf2-server1 + peer_interface: PCI1 + peer_type: server hostname: dc1-leaf2a +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.1.1 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.5/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.5/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.103/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.1.69 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf2b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc1-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.100/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.255.0.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: dc1-leaf2b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.101 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +253,18 @@ router_bgp: description: dc1-spine2_Ethernet3 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.5:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2b_Vlan3009 - - name: VRF11 - rd: 10.255.0.5:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,91 +314,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.5:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.5 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.5:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.5 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.1.12:9910 - cvauth: - method: token - token_file: /tmp/token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.1.1 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.5 - name: VRF11 + ip_address: 10.255.11.5 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.100/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.68/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.100/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.103/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true + vrf: VRF11 + ip_address: 10.255.1.100/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -276,218 +480,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.68/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.100/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf2b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf2b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf2b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf2b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc1-spine1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.9/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc1-spine2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.11/31 -- name: Ethernet8 - peer: dc1-leaf2c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc1-leaf2c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc1-leaf2-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.1.69 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.5/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.5/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.100/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf2a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -507,10 +514,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.5 -- name: VRF11 - ip_address: 10.255.11.5 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml index b916b90b70d..c9283e8c1d9 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2b.yml @@ -1,49 +1,241 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.1.12:9910 + cvauth: + method: token + token_file: /tmp/token + cvvrf: MGMT + disable_aaa: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf2a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf2a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.13/31 + peer: dc1-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.15/31 + peer: dc1-spine2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf2c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf2c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf2-server1 + peer_interface: PCI2 + peer_type: server hostname: dc1-leaf2b +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.1.1 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.5/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.6/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.104/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.1.68 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf2a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc1-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.100/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.255.0.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: dc1-leaf2a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.100 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +253,18 @@ router_bgp: description: dc1-spine2_Ethernet4 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.6:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2a_Vlan3009 - - name: VRF11 - rd: 10.255.0.6:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,91 +314,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.6:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.6 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.6:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.6 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.1.12:9910 - cvauth: - method: token - token_file: /tmp/token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.1.1 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.6 - name: VRF11 + ip_address: 10.255.11.6 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.101/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.69/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.101/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.104/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true + vrf: VRF11 + ip_address: 10.255.1.101/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -276,218 +480,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.69/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.101/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf2a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf2a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf2a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf2a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc1-spine1_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.13/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc1-spine2_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.15/31 -- name: Ethernet8 - peer: dc1-leaf2c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc1-leaf2c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc1-leaf2-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.1.68 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.5/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.6/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.100/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf2b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -507,10 +514,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.6 -- name: VRF11 - ip_address: 10.255.11.6 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml index 95386c7337d..b6c73a9ceba 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-leaf2c.yml @@ -1,10 +1,6 @@ -hostname: dc1-leaf2c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.1.12:9910 @@ -12,28 +8,48 @@ daemon_terminattr: method: token token_file: /tmp/token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_dc1-leaf2a_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: L2_dc1-leaf2b_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_iLO + shutdown: false + spanning_tree_portfast: edge + peer: dc1-leaf2-server1 + peer_interface: iLO + peer_type: server + switchport: + enabled: true + mode: access + access_vlan: 11 +hostname: dc1-leaf2c +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.1.1 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 +is_deployed: true local_users: - name: admin privilege: 15 @@ -43,68 +59,53 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 172.16.1.152/24 - gateway: 172.16.1.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 0.pool.ntp.org - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf2a - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_dc1-leaf2a_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: dc1-leaf2b - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_dc1-leaf2b_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: iLO - peer_type: server - description: SERVER_dc1-leaf2-server1_iLO - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_L3_LEAF2_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -124,7 +125,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine1.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine1.yml index fccde89a8c6..3516cc445e3 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine1.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine1.yml @@ -1,39 +1,142 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.1.12:9910 + cvauth: + method: token + token_file: /tmp/token + cvvrf: MGMT + disable_aaa: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc1-leaf1a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.0/31 + peer: dc1-leaf1a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-leaf1b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.4/31 + peer: dc1-leaf1b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc1-leaf2a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.8/31 + peer: dc1-leaf2a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc1-leaf2b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.12/31 + peer: dc1-leaf2b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: dc1-spine1 +ip_name_servers: +- ip_address: 192.168.1.1 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.11/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 10.255.0.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -57,154 +160,51 @@ router_bgp: description: dc1-leaf2b_Ethernet1 - ip_address: 10.255.0.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1a description: dc1-leaf1a_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1b description: dc1-leaf1b_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.1.12:9910 - cvauth: - method: token - token_file: /tmp/token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.1.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.11/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf1a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.0/31 -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf1b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.4/31 -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf2a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.8/31 -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf2b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.12/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine2.yml b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine2.yml index 976fd03974c..0e481787943 100644 --- a/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine2.yml +++ b/ansible_collections/arista/avd/examples/single-dc-l3ls/intended/structured_configs/dc1-spine2.yml @@ -1,39 +1,142 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.1.12:9910 + cvauth: + method: token + token_file: /tmp/token + cvvrf: MGMT + disable_aaa: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc1-leaf1a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.2/31 + peer: dc1-leaf1a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-leaf1b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.6/31 + peer: dc1-leaf1b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc1-leaf2a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.10/31 + peer: dc1-leaf2a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc1-leaf2b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.14/31 + peer: dc1-leaf2b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: dc1-spine2 +ip_name_servers: +- ip_address: 192.168.1.1 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.12/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 0.pool.ntp.org + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 10.255.0.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.3 peer_group: IPv4-UNDERLAY-PEERS @@ -57,154 +160,51 @@ router_bgp: description: dc1-leaf2b_Ethernet2 - ip_address: 10.255.0.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1a description: dc1-leaf1a_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1b description: dc1-leaf1b_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.1.12:9910 - cvauth: - method: token - token_file: /tmp/token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.1.1 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.12/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 0.pool.ntp.org - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf1a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.2/31 -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf1b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.6/31 -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf2a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.10/31 -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf2b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.14/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1A.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1A.yml index 651b6a57a96..8dad483174a 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1A.yml @@ -1,53 +1,219 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-BL1B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-BL1B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-BL1B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-BL1B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.41/31 + peer: DC1-SPINE1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.43/31 + peer: DC1-SPINE2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.45/31 + peer: DC1-SPINE3 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.47/31 + peer: DC1-SPINE4 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false hostname: DC1-BL1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.10/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_BL1 + local_interface: Vlan4094 + peer_address: 10.255.252.11 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-BL1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.10/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65104' router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65104' - next_hop_self: true description: DC1-BL1B + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.11 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -75,28 +241,65 @@ router_bgp: description: DC1-SPINE4_Ethernet6 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.10:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.10:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.255.10:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_WAN_Zone rd: 192.168.255.10:14 @@ -110,16 +313,16 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.11 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-BL1B_Vlan3013 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.10:21 route_targets: @@ -132,16 +335,16 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.11 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-BL1B_Vlan3020 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_WAN_Zone rd: 192.168.255.10:31 route_targets: @@ -154,131 +357,104 @@ router_bgp: route_targets: - '31:31' router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.11 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-BL1B_Vlan3030 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.10:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.10:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.255.10:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_WAN_Zone +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.10/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.10/31 + mtu: 1500 + no_autostate: true +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 + shutdown: false + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A - ip_routing: true -- name: Tenant_B_WAN_Zone + tags: + - wan +- name: Vlan3013 + description: MLAG_L3_VRF_Tenant_A_WAN_Zone + shutdown: false + vrf: Tenant_A_WAN_Zone + ip_address: 10.255.251.10/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone + tags: + - wan +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.251.10/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.10/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 150 name: Tenant_A_WAN_Zone_1 tenant: Tenant_A @@ -303,198 +479,24 @@ vlans: trunk_groups: - MLAG tenant: Tenant_C -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.10/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.10/31 -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan3013 +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_WAN_Zone + ip_routing: true tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_WAN_Zone - vrf: Tenant_A_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.10/31 -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 +- name: Tenant_B_WAN_Zone + ip_routing: true tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.10/31 -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.10/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-BL1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-BL1B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-BL1B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-BL1B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-BL1B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.41/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.43/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.45/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.47/31 -mlag_configuration: - domain_id: DC1_BL1 - local_interface: Vlan4094 - peer_address: 10.255.252.11 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.10/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.10/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: DC1-BL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 150 @@ -510,5 +512,3 @@ vxlan_interface: vni: 21 - name: Tenant_C_WAN_Zone vni: 31 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1B.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1B.yml index a650940b156..9af16b62aae 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-BL1B.yml @@ -1,53 +1,219 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-BL1A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-BL1A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-BL1A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-BL1A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet7 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.49/31 + peer: DC1-SPINE1 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet7 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.51/31 + peer: DC1-SPINE2 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet7 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.53/31 + peer: DC1-SPINE3 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet7 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.55/31 + peer: DC1-SPINE4 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false hostname: DC1-BL1B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.11/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.10/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.111/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_BL1 + local_interface: Vlan4094 + peer_address: 10.255.252.10 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-BL1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.10/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65104' router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65104' - next_hop_self: true description: DC1-BL1A + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.10 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -75,28 +241,65 @@ router_bgp: description: DC1-SPINE4_Ethernet7 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.11:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.11:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.255.11:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_WAN_Zone rd: 192.168.255.11:14 @@ -110,16 +313,16 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.10 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-BL1A_Vlan3013 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.11:21 route_targets: @@ -132,16 +335,16 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.10 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-BL1A_Vlan3020 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_WAN_Zone rd: 192.168.255.11:31 route_targets: @@ -154,131 +357,104 @@ router_bgp: route_targets: - '31:31' router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.10 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-BL1A_Vlan3030 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.11:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.11:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.255.11:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_WAN_Zone +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.11/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.11/31 + mtu: 1500 + no_autostate: true +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 + shutdown: false + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A - ip_routing: true -- name: Tenant_B_WAN_Zone + tags: + - wan +- name: Vlan3013 + description: MLAG_L3_VRF_Tenant_A_WAN_Zone + shutdown: false + vrf: Tenant_A_WAN_Zone + ip_address: 10.255.251.11/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone + tags: + - wan +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.251.11/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone shutdown: false - vrf: MGMT - ip_address: 192.168.200.111/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.11/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 150 name: Tenant_A_WAN_Zone_1 tenant: Tenant_A @@ -303,198 +479,24 @@ vlans: trunk_groups: - MLAG tenant: Tenant_C -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.11/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.11/31 -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan3013 +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_WAN_Zone + ip_routing: true tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_WAN_Zone - vrf: Tenant_A_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.11/31 -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 +- name: Tenant_B_WAN_Zone + ip_routing: true tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.11/31 -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.11/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-BL1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-BL1A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-BL1A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-BL1A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.49/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.51/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.53/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.55/31 -mlag_configuration: - domain_id: DC1_BL1 - local_interface: Vlan4094 - peer_address: 10.255.252.10 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.11/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.10/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.10/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: DC1-BL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 150 @@ -510,5 +512,3 @@ vxlan_interface: vni: 21 - name: Tenant_C_WAN_Zone vni: 31 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF1A.yml index 4f2ee7622a3..057487439e2 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,30 +8,42 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC1-LEAF2A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-LEAF2B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin privilege: 15 @@ -45,57 +53,53 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.112/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_LEAF2_Port-Channel7 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-121,130-131 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -115,10 +119,6 @@ vlans: - id: 121 name: Tenant_A_WEBZone_2 tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2A.yml index 0c7fc67552e..eb812ab8f6e 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,60 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet7 + shutdown: true + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet7 + shutdown: true + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,35 +71,84 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.113/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.17 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF2B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.16/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -120,80 +194,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.16/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF2B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_DC1_SVC3_Port-Channel7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet7 - shutdown: true - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet7 - shutdown: true - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.17 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2B.yml index 769c19a6a44..d5e5f527503 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-L2LEAF2B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,60 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet8 + shutdown: true + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet8 + shutdown: true + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,35 +71,84 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.16 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF2A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.17/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -120,80 +194,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.17/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF2A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_DC1_SVC3_Port-Channel7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet8 - shutdown: true - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet8 - shutdown: true - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.16 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF1A.yml index e6a955a8985..2fe34c0d09c 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF1A.yml @@ -1,42 +1,182 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.1/31 + peer: DC1-SPINE1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.3/31 + peer: DC1-SPINE2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.5/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.7/31 + peer: DC1-SPINE4 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet6 + description: SERVER_server02_SINGLE_NODE_TRUNK_Eth1 + shutdown: false + peer: server02_SINGLE_NODE_TRUNK + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A_B + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,210-211 +- name: Ethernet7 + description: SERVER_server02_SINGLE_NODE_Eth1 + shutdown: false + peer: server02_SINGLE_NODE + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 hostname: DC1-LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.0 peer_group: IPv4-UNDERLAY-PEERS @@ -60,28 +200,55 @@ router_bgp: description: DC1-SPINE4_Ethernet1 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.5:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.5:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.5:12 @@ -113,255 +280,90 @@ router_bgp: redistribute: connected: enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.5:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.5:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.1/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.3/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.5/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.7/31 -- name: Ethernet6 - peer: server02_SINGLE_NODE_TRUNK - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A_B - description: SERVER_server02_SINGLE_NODE_TRUNK_Eth1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 -- name: Ethernet7 - peer: server02_SINGLE_NODE - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: SERVER_server02_SINGLE_NODE_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan120 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - web - - erp1 + - app +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -376,5 +378,3 @@ vxlan_interface: vni: 12 - name: Tenant_A_WEB_Zone vni: 11 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2A.yml index e089ca05eb2..61731e4a45c 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2A.yml @@ -1,53 +1,264 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF2B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF2B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.9/31 + peer: DC1-SPINE1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.11/31 + peer: DC1-SPINE2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.13/31 + peer: DC1-SPINE3 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.15/31 + peer: DC1-SPINE4 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet10 + description: SERVER_server01_MLAG_Eth2 + shutdown: false + channel_group: + id: 10 + mode: active + peer: server01_MLAG + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_B hostname: DC1-LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.3 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131 +- name: Port-Channel10 + description: SERVER_server01_MLAG + shutdown: false + mlag: 10 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 210-211 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.2/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.6 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: DC1-LEAF2B + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -75,28 +286,89 @@ router_bgp: description: DC1-SPINE4_Ethernet2 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.6:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.6:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.6:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.6:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_B_OP_Zone + rd: 192.168.255.6:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.6:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.6:12 @@ -110,16 +382,16 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3011 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.6:13 route_targets: @@ -132,16 +404,16 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3012 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.6:10 route_targets: @@ -154,16 +426,16 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3009 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.6:11 route_targets: @@ -176,16 +448,16 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3010 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.6:20 route_targets: @@ -198,16 +470,16 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3019 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.6:30 route_targets: @@ -220,575 +492,308 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3029 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.6:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.6:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.6:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.6:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_B_OP_Zone - rd: 192.168.255.6:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.6:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 3029 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C + ip_address: 10.255.1.6 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.255.251.2/31 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.2/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ip_address: 10.255.251.2/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan310 - tenant: Tenant_C - tags: - - opzone description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan3029 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3029 description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false vrf: Tenant_C_OP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131 - shutdown: false - mlag: 7 -- name: Port-Channel10 - description: SERVER_server01_MLAG - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 210-211 - mlag: 10 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF2B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF2B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.9/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.11/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.13/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet2 - shutdown: false mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.15/31 -- name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet10 - peer: server01_MLAG - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_B - description: SERVER_server01_MLAG_Eth2 - shutdown: false - channel_group: - id: 10 - mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.3 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.6/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.2/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 3029 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -828,8 +833,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.6 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2B.yml index e6f192fa08f..064183e2220 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-LEAF2B.yml @@ -1,53 +1,264 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF2A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF2A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.17/31 + peer: DC1-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.19/31 + peer: DC1-SPINE2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.21/31 + peer: DC1-SPINE3 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.23/31 + peer: DC1-SPINE4 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF1A_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet10 + description: SERVER_server01_MLAG_Eth3 + shutdown: false + channel_group: + id: 10 + mode: active + peer: server01_MLAG + peer_interface: Eth3 + peer_type: server + port_profile: TENANT_B hostname: DC1-LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.7/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131 +- name: Port-Channel10 + description: SERVER_server01_MLAG + shutdown: false + mlag: 10 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 210-211 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.2/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.7 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: DC1-LEAF2A + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -75,28 +286,89 @@ router_bgp: description: DC1-SPINE4_Ethernet3 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.7:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.7:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.7:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.7:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_B_OP_Zone + rd: 192.168.255.7:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.7:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.7:12 @@ -110,16 +382,16 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3011 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.7:13 route_targets: @@ -132,16 +404,16 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3012 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.7:10 route_targets: @@ -154,16 +426,16 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3009 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.7:11 route_targets: @@ -176,16 +448,16 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3010 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.7:20 route_targets: @@ -198,16 +470,16 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3019 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.7:30 route_targets: @@ -220,575 +492,308 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3029 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.7:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.7:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.7:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.7:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_B_OP_Zone - rd: 192.168.255.7:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.7:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 3029 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C + ip_address: 10.255.1.7 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.255.251.3/31 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.3/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ip_address: 10.255.251.3/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan310 - tenant: Tenant_C - tags: - - opzone description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan3029 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3029 description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false vrf: Tenant_C_OP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131 - shutdown: false - mlag: 7 -- name: Port-Channel10 - description: SERVER_server01_MLAG - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 210-211 - mlag: 10 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF2A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF2A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.17/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.19/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.21/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet3 - shutdown: false mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.23/31 -- name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF1A_Ethernet2 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet10 - peer: server01_MLAG - peer_interface: Eth3 - peer_type: server - port_profile: TENANT_B - description: SERVER_server01_MLAG_Eth3 - shutdown: false - channel_group: - id: 10 - mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.7/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.6/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.7/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.2/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 3029 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -828,8 +833,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.7 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE1.yml index 0e4ce31165d..34471f4b195 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE1.yml @@ -1,43 +1,178 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-LEAF1A_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.0/31 + peer: DC1-LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-LEAF2A_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.8/31 + peer: DC1-LEAF2A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-LEAF2B_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.16/31 + peer: DC1-LEAF2B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SVC3A_Ethernet1 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.24/31 + peer: DC1-SVC3A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-SVC3B_Ethernet1 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.32/31 + peer: DC1-SVC3B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_DC1-BL1A_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.40/31 + peer: DC1-BL1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1-BL1B_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.48/31 + peer: DC1-BL1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE1 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -78,203 +213,68 @@ router_bgp: description: DC1-BL1B_Ethernet1 - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.7 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.8 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' shutdown: true - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' shutdown: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-LEAF1A_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.0/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-LEAF2A_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.8/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-LEAF2B_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.16/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-SVC3A_Ethernet1 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.24/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-SVC3B_Ethernet1 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.32/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-BL1A_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.40/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-BL1B_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.48/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE2.yml index d6dc15fef08..4cf5ac84611 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE2.yml @@ -1,43 +1,178 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-LEAF1A_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.2/31 + peer: DC1-LEAF1A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-LEAF2A_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.10/31 + peer: DC1-LEAF2A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-LEAF2B_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.18/31 + peer: DC1-LEAF2B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SVC3A_Ethernet2 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.26/31 + peer: DC1-SVC3A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-SVC3B_Ethernet2 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.34/31 + peer: DC1-SVC3B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_DC1-BL1A_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.42/31 + peer: DC1-BL1A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1-BL1B_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.50/31 + peer: DC1-BL1B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE2 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.3 peer_group: IPv4-UNDERLAY-PEERS @@ -78,203 +213,68 @@ router_bgp: description: DC1-BL1B_Ethernet2 - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.7 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.8 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' shutdown: true - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' shutdown: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-LEAF1A_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.2/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-LEAF2A_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.10/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-LEAF2B_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.18/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-SVC3A_Ethernet2 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.26/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-SVC3B_Ethernet2 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.34/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-BL1A_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.42/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-BL1B_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.50/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE3.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE3.yml index c0d9e1c9805..a434bc2a569 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE3.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE3.yml @@ -1,43 +1,178 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-LEAF1A_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.4/31 + peer: DC1-LEAF1A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-LEAF2A_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.12/31 + peer: DC1-LEAF2A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-LEAF2B_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.20/31 + peer: DC1-LEAF2B + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SVC3A_Ethernet3 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.28/31 + peer: DC1-SVC3A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-SVC3B_Ethernet3 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.36/31 + peer: DC1-SVC3B + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_DC1-BL1A_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.44/31 + peer: DC1-BL1A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1-BL1B_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.52/31 + peer: DC1-BL1B + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE3 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.5 peer_group: IPv4-UNDERLAY-PEERS @@ -78,203 +213,68 @@ router_bgp: description: DC1-BL1B_Ethernet3 - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.7 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.8 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' shutdown: true - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' shutdown: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-LEAF1A_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.4/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-LEAF2A_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.12/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-LEAF2B_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.20/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-SVC3A_Ethernet3 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.28/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-SVC3B_Ethernet3 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.36/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-BL1A_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.44/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-BL1B_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.52/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE4.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE4.yml index e8c748f2186..2df7da3049f 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE4.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SPINE4.yml @@ -1,43 +1,178 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-LEAF1A_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.6/31 + peer: DC1-LEAF1A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-LEAF2A_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.14/31 + peer: DC1-LEAF2A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-LEAF2B_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.22/31 + peer: DC1-LEAF2B + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SVC3A_Ethernet4 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.30/31 + peer: DC1-SVC3A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-SVC3B_Ethernet4 + shutdown: true + mtu: 1500 + ip_address: 172.31.255.38/31 + peer: DC1-SVC3B + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_DC1-BL1A_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.46/31 + peer: DC1-BL1A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1-BL1B_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.54/31 + peer: DC1-BL1B + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE4 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.7 peer_group: IPv4-UNDERLAY-PEERS @@ -78,203 +213,68 @@ router_bgp: description: DC1-BL1B_Ethernet4 - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.7 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.8 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' shutdown: true - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' shutdown: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-LEAF1A_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.6/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-LEAF2A_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.14/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-LEAF2B_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.22/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-SVC3A_Ethernet4 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.30/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-SVC3B_Ethernet4 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.38/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-BL1A_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.46/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-BL1B_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.54/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3A.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3A.yml index 12416fde964..63b6e2d9eec 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3A.yml @@ -1,45 +1,402 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-SVC3B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-SVC3B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.25/31 + peer: DC1-SPINE1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.27/31 + peer: DC1-SPINE2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.29/31 + peer: DC1-SPINE3 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.31/31 + peer: DC1-SPINE4 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF2A_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet8 + description: L2_DC1-L2LEAF2B_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet10 + description: SERVER_server03_ESI_Eth1 + shutdown: false + channel_group: + id: 10 + mode: active + peer: server03_ESI + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A_B hostname: DC1-SVC3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: false +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.8/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.8/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.8/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.7 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 +- name: Port-Channel10 + description: SERVER_server03_ESI + shutdown: false + evpn_ethernet_segment: + identifier: 0000:0000:0303:0202:0101 + route_target: 03:03:02:02:01:01 + lacp_id: 0303.0202.0101 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,210-211 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.6/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.8 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65103' - next_hop_self: true description: DC1-SVC3B + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: DC1-SVC3B + description: DC1-SVC3B_Vlan4093 + - ip_address: 172.31.255.24 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet4 + - ip_address: 172.31.255.26 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet4 + - ip_address: 172.31.255.28 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet4 + - ip_address: 172.31.255.30 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet4 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.8:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.8:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.8:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.8:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.8:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_B_OP_Zone + rd: 192.168.255.8:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.8:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.8:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: 192.168.255.8:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER @@ -48,55 +405,6 @@ router_bgp: activate: true - name: EVPN-OVERLAY-PEERS activate: false - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: DC1-SVC3B - description: DC1-SVC3B_Vlan4093 - - ip_address: 172.31.255.24 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet4 - - ip_address: 172.31.255.26 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet4 - - ip_address: 172.31.255.28 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet4 - - ip_address: 172.31.255.30 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet4 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.8:12 @@ -110,16 +418,16 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3011 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.8:13 route_targets: @@ -132,16 +440,16 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3012 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.8:10 route_targets: @@ -154,16 +462,16 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3009 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WAN_Zone rd: 192.168.255.8:14 route_targets: @@ -176,16 +484,16 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3013 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.8:11 route_targets: @@ -198,16 +506,16 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3010 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.8:20 route_targets: @@ -220,16 +528,16 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3019 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.8:21 route_targets: @@ -242,16 +550,16 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3B_Vlan3020 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.8:30 route_targets: @@ -264,714 +572,411 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: DC1-SVC3B_Vlan3029 updates: wait_install: true - - name: Tenant_C_WAN_Zone - rd: 192.168.255.8:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbors: - ip_address: 10.255.251.7 peer_group: MLAG-IPv4-UNDERLAY-PEER - description: DC1-SVC3B_Vlan3030 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.8:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.8:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.8:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.8:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.8:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_B_OP_Zone - rd: 192.168.255.8:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.8:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: 192.168.255.8:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 + description: DC1-SVC3B_Vlan3029 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_WAN_Zone rd: 192.168.255.8:31 route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.8 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: DC1-SVC3B_Vlan3030 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_L3_VRF_Tenant_A_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_Tenant_B_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 3029 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_L3_VRF_Tenant_C_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.8 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.255.251.6/31 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.6/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.6/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.6/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.6/31 -- name: Vlan150 + mtu: 1500 tenant: Tenant_A - tags: - - wan + type: underlay_peering +- name: Vlan150 description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone -- name: Vlan3013 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - wan +- name: Vlan3013 description: MLAG_L3_VRF_Tenant_A_WAN_Zone + shutdown: false vrf: Tenant_A_WAN_Zone - mtu: 1500 ip_address: 10.255.251.6/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.6/31 -- name: Vlan250 + mtu: 1500 tenant: Tenant_B - tags: - - wan + type: underlay_peering +- name: Vlan250 description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan3020 + ip_address_virtual: 10.2.50.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan3029 - tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan350 - tenant: Tenant_C tags: - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 - shutdown: false - mlag: 7 -- name: Port-Channel10 - description: SERVER_server03_ESI - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 - evpn_ethernet_segment: - identifier: 0000:0000:0303:0202:0101 - route_target: 03:03:02:02:01:01 - lacp_id: 0303.0202.0101 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-SVC3B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-SVC3B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-SVC3B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.25/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.27/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.29/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.31/31 -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF2A_Ethernet1 +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF2B_Ethernet1 + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet10 - peer: server03_ESI - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A_B - description: SERVER_server03_ESI_Eth1 + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - channel_group: - id: 10 - mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.7 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan3029 + description: MLAG_L3_VRF_Tenant_C_OP_Zone shutdown: false - ip_address: 192.168.255.8/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.8/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.8/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.6/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_L3_VRF_Tenant_A_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_Tenant_B_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 3029 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_L3_VRF_Tenant_C_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1023,8 +1028,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.8 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3B.yml b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3B.yml index 010872683a2..10c5fb434bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_config_deploy_cvp/intended/structured_configs/DC1-SVC3B.yml @@ -1,53 +1,254 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-SVC3A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-SVC3A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.33/31 + peer: DC1-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.35/31 + peer: DC1-SPINE2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.37/31 + peer: DC1-SPINE3 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.39/31 + peer: DC1-SPINE4 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF2A_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet8 + description: L2_DC1-L2LEAF2B_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf hostname: DC1-SVC3B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: false +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.9/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.8/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.6 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.6/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.9 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65103' - next_hop_self: true description: DC1-SVC3A + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -75,29 +276,114 @@ router_bgp: description: DC1-SPINE4_Ethernet5 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.9:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.9:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.9:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.9:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.9:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_B_OP_Zone + rd: 192.168.255.9:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.9:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.9:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: 192.168.255.9:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.9:12 route_targets: @@ -110,16 +396,16 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3011 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.9:13 route_targets: @@ -132,16 +418,16 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3012 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.9:10 route_targets: @@ -154,16 +440,16 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3009 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WAN_Zone rd: 192.168.255.9:14 route_targets: @@ -176,16 +462,16 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3013 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.9:11 route_targets: @@ -198,16 +484,16 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3010 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.9:20 route_targets: @@ -220,16 +506,16 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3019 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.9:21 route_targets: @@ -242,16 +528,16 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3020 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.9:30 route_targets: @@ -264,16 +550,16 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3029 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_WAN_Zone rd: 192.168.255.9:31 route_targets: @@ -286,670 +572,389 @@ router_bgp: route_targets: - '31:31' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.6 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-SVC3A_Vlan3030 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.9:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.9:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.9:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.9:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.9:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_B_OP_Zone - rd: 192.168.255.9:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.9:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: 192.168.255.9:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: Tenant_C_WAN_Zone - rd: 192.168.255.9:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_L3_VRF_Tenant_A_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_Tenant_B_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 3029 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_L3_VRF_Tenant_C_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.9 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.255.251.7/31 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.7/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.7/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.7/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.7/31 -- name: Vlan150 + mtu: 1500 tenant: Tenant_A - tags: - - wan + type: underlay_peering +- name: Vlan150 description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone -- name: Vlan3013 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - wan +- name: Vlan3013 description: MLAG_L3_VRF_Tenant_A_WAN_Zone + shutdown: false vrf: Tenant_A_WAN_Zone - mtu: 1500 ip_address: 10.255.251.7/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 tenant: Tenant_B tags: - wan - description: Tenant_B_WAN_Zone_1 +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan3020 + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan3029 + description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_L3_VRF_Tenant_A_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_Tenant_B_WAN_Zone + trunk_groups: + - MLAG tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan310 +- id: 310 + name: Tenant_C_OP_Zone_1 tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 +- id: 311 + name: Tenant_C_OP_Zone_2 tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan3029 +- id: 3029 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan350 +- id: 350 + name: Tenant_C_WAN_Zone_1 tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 +- id: 3030 + name: MLAG_L3_VRF_Tenant_C_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,210-211,250,310-311,350 - shutdown: false - mlag: 7 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-SVC3A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-SVC3A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-SVC3A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-SVC3A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.33/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.35/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.37/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.39/31 -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF2A_Ethernet2 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF2B_Ethernet2 - shutdown: false - channel_group: - id: 7 - mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.6 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.9/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.8/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.6/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: DC1-SVC3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1001,8 +1006,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.9 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF1.yml index 64822c5e6b7..b330b5afdfe 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF1.yml @@ -1,69 +1,47 @@ -hostname: BGP-LEAF1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: BGP-SPINE1 - peer_interface: Ethernet1 - peer_type: l3spine description: L2_BGP-SPINE1_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: BGP-SPINE2 + peer: BGP-SPINE1 peer_interface: Ethernet1 peer_type: l3spine +- name: Ethernet2 description: L2_BGP-SPINE2_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: BGP-SPINE2 + peer_interface: Ethernet1 + peer_type: l3spine - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet11 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet12 - peer_type: network_port description: IP Phone shutdown: false + peer_type: network_port switchport: enabled: true mode: trunk phone @@ -73,9 +51,9 @@ ethernet_interfaces: vlan: 200 trunk: untagged - name: Ethernet13 - peer_type: network_port description: IP Phone shutdown: false + peer_type: network_port switchport: enabled: true mode: trunk phone @@ -85,24 +63,52 @@ ethernet_interfaces: vlan: 200 trunk: untagged - name: Ethernet14 - peer_type: network_port description: IP Phone with no native VLAN shutdown: false + peer_type: network_port switchport: enabled: true mode: trunk phone phone: vlan: 200 trunk: untagged +hostname: BGP-LEAF1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_BGP_SPINES_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 1,100,200,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 1 name: SVI_1 @@ -114,14 +120,8 @@ vlans: name: SVI_200 tenant: L2LS_BGP - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.4/24 - type: inband_mgmt + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF2.yml index ca25f60e466..d4f5e64e933 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-LEAF2.yml @@ -1,87 +1,87 @@ -hostname: BGP-LEAF2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: BGP-SPINE1 - peer_interface: Ethernet2 - peer_type: l3spine description: L2_BGP-SPINE1_Ethernet2 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: BGP-SPINE2 + peer: BGP-SPINE1 peer_interface: Ethernet2 peer_type: l3spine +- name: Ethernet2 description: L2_BGP-SPINE2_Ethernet2 shutdown: false channel_group: id: 1 mode: active + peer: BGP-SPINE2 + peer_interface: Ethernet2 + peer_type: l3spine - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet11 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 +hostname: BGP-LEAF2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_BGP_SPINES_Port-Channel2 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.5/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 100 name: SVI_100 tenant: L2LS_BGP - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.5/24 - type: inband_mgmt + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE1.yml index 521f84326a0..f4648e1b02e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE1.yml @@ -1,229 +1,229 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_BGP-SPINE2_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: BGP-SPINE2 + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_BGP-SPINE2_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: BGP-SPINE2 + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_BGP-LEAF1_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: BGP-LEAF1 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet2 + description: L2_BGP-LEAF2_Ethernet1 + shutdown: false + channel_group: + id: 2 + mode: active + peer: BGP-LEAF2 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: P2P_DUMMY-CORE_Ethernet1/3 + shutdown: false + mtu: 9214 + ip_address: 192.168.253.4/31 + peer: DUMMY-CORE + peer_interface: Ethernet1/3 + peer_type: other + switchport: + enabled: false hostname: BGP-SPINE1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: BGP_SPINES + local_interface: Vlan4094 + peer_address: 192.168.254.1 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_BGP-SPINE2_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_BGP-LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1,100,200,4092 +- name: Port-Channel2 + description: L2_BGP-LEAF2_Port-Channel1 + shutdown: false + mlag: 2 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - attached_host: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: BGP-SPINE2 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 192.168.254.1 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: BGP-SPINE2 description: BGP-SPINE2_Vlan4094 - ip_address: 192.168.253.5 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' peer: DUMMY-CORE description: DUMMY-CORE - peer_group: IPv4-UNDERLAY-PEERS + redistribute: + attached_host: + enabled: true + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.31.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 1 - name: SVI_1 - tenant: L2LS_BGP -- id: 100 - name: SVI_100 - tenant: L2LS_BGP -- id: 200 - name: SVI_200 - tenant: L2LS_BGP -- id: 220 - name: SVI_220 - tenant: L2LS_BGP -- id: 4092 - tenant: system - name: INBAND_MGMT vlan_interfaces: - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 9214 ip_address: 192.168.254.0/31 + mtu: 9214 + no_autostate: true - name: Vlan1 - tenant: L2LS_BGP description: SVI_1 shutdown: false ip_address_virtual: 10.1.1.1/24 -- name: Vlan100 tenant: L2LS_BGP +- name: Vlan100 description: SVI_100 shutdown: false ip_address_virtual: 10.1.100.1/24 -- name: Vlan200 tenant: L2LS_BGP +- name: Vlan200 description: SVI_200 shutdown: false ip_address_virtual: 10.1.200.1/24 -- name: Vlan220 tenant: L2LS_BGP +- name: Vlan220 description: SVI_220 shutdown: false ip_address_virtual: 10.1.220.1/24 + tenant: L2LS_BGP - name: Vlan4092 description: Inband Management shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 172.23.254.2/24 ip_virtual_router_addresses: - 172.23.254.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_BGP-SPINE2_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_BGP-LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1,100,200,4092 - shutdown: false - mlag: 1 -- name: Port-Channel2 - description: L2_BGP-LEAF2_Port-Channel1 - switchport: + mtu: 1500 + ip_attached_host_route_export: enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 2 -ethernet_interfaces: -- name: Ethernet3 - peer: BGP-SPINE2 - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_BGP-SPINE2_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: BGP-SPINE2 - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_BGP-SPINE2_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: BGP-LEAF1 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_BGP-LEAF1_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: BGP-LEAF2 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_BGP-LEAF2_Ethernet1 - shutdown: false - channel_group: - id: 2 - mode: active -- name: Ethernet5 - peer: DUMMY-CORE - peer_interface: Ethernet1/3 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 9214 - ip_address: 192.168.253.4/31 - description: P2P_DUMMY-CORE_Ethernet1/3 -mlag_configuration: - domain_id: BGP_SPINES - local_interface: Vlan4094 - peer_address: 192.168.254.1 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 1 + name: SVI_1 + tenant: L2LS_BGP +- id: 100 + name: SVI_100 + tenant: L2LS_BGP +- id: 200 + name: SVI_200 + tenant: L2LS_BGP +- id: 220 + name: SVI_220 + tenant: L2LS_BGP +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE2.yml index e1dd8dc0978..b7391e72e69 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/BGP-SPINE2.yml @@ -1,234 +1,234 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_BGP-SPINE1_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: BGP-SPINE1 + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_BGP-SPINE1_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: BGP-SPINE1 + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_BGP-LEAF1_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: BGP-LEAF1 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet2 + description: L2_BGP-LEAF2_Ethernet2 + shutdown: false + channel_group: + id: 2 + mode: active + peer: BGP-LEAF2 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: P2P_DUMMY-CORE_Ethernet1/4 + shutdown: false + mtu: 9214 + ip_address: 192.168.253.6/31 + peer: DUMMY-CORE + peer_interface: Ethernet1/4 + peer_type: other + switchport: + enabled: false hostname: BGP-SPINE2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: BGP_SPINES + local_interface: Vlan4094 + peer_address: 192.168.254.0 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_BGP-SPINE1_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_BGP-LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1,100,200,4092 +- name: Port-Channel2 + description: L2_BGP-LEAF2_Port-Channel1 + shutdown: false + mlag: 2 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete router_bgp: as: '65001' router_id: 192.168.255.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - static: - enabled: true - attached_host: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: BGP-SPINE1 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 192.168.254.0 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: BGP-SPINE1 description: BGP-SPINE1_Vlan4094 - ip_address: 192.168.253.7 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' peer: DUMMY-CORE description: DUMMY-CORE - peer_group: IPv4-UNDERLAY-PEERS + redistribute: + attached_host: + enabled: true + connected: + enabled: true + static: + enabled: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.31.0.1 -- destination_address_prefix: 10.0.0.0/8 +- vrf: default + destination_address_prefix: 10.0.0.0/8 gateway: 10.1.100.100 - vrf: default -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 1 - name: SVI_1 - tenant: L2LS_BGP -- id: 100 - name: SVI_100 - tenant: L2LS_BGP -- id: 200 - name: SVI_200 - tenant: L2LS_BGP -- id: 220 - name: SVI_220 - tenant: L2LS_BGP -- id: 4092 - tenant: system - name: INBAND_MGMT vlan_interfaces: - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 9214 ip_address: 192.168.254.1/31 + mtu: 9214 + no_autostate: true - name: Vlan1 - tenant: L2LS_BGP description: SVI_1 shutdown: false ip_address_virtual: 10.1.1.1/24 -- name: Vlan100 tenant: L2LS_BGP +- name: Vlan100 description: SVI_100 shutdown: false ip_address_virtual: 10.1.100.1/24 -- name: Vlan200 tenant: L2LS_BGP +- name: Vlan200 description: SVI_200 shutdown: false ip_address_virtual: 10.1.200.1/24 -- name: Vlan220 tenant: L2LS_BGP +- name: Vlan220 description: SVI_220 shutdown: false ip_address_virtual: 10.1.220.1/24 + tenant: L2LS_BGP - name: Vlan4092 description: Inband Management shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 172.23.254.3/24 ip_virtual_router_addresses: - 172.23.254.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_BGP-SPINE1_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_BGP-LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1,100,200,4092 - shutdown: false - mlag: 1 -- name: Port-Channel2 - description: L2_BGP-LEAF2_Port-Channel1 - switchport: + mtu: 1500 + ip_attached_host_route_export: enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 2 -ethernet_interfaces: -- name: Ethernet3 - peer: BGP-SPINE1 - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_BGP-SPINE1_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: BGP-SPINE1 - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_BGP-SPINE1_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: BGP-LEAF1 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_BGP-LEAF1_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: BGP-LEAF2 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_BGP-LEAF2_Ethernet2 - shutdown: false - channel_group: - id: 2 - mode: active -- name: Ethernet5 - peer: DUMMY-CORE - peer_interface: Ethernet1/4 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 9214 - ip_address: 192.168.253.6/31 - description: P2P_DUMMY-CORE_Ethernet1/4 -mlag_configuration: - domain_id: BGP_SPINES - local_interface: Vlan4094 - peer_address: 192.168.254.0 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 1 + name: SVI_1 + tenant: L2LS_BGP +- id: 100 + name: SVI_100 + tenant: L2LS_BGP +- id: 200 + name: SVI_200 + tenant: L2LS_BGP +- id: 220 + name: SVI_220 + tenant: L2LS_BGP +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-LEAF1.yml index ea2b901fa8d..b0c03dd4c5c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-LEAF1.yml @@ -1,72 +1,72 @@ -hostname: ISIS-LEAF1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 172.31.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: ISIS-SPINE1 - peer_interface: Ethernet1 - peer_type: l3spine description: L2_ISIS-SPINE1_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: ISIS-SPINE1 + peer_interface: Ethernet1 + peer_type: l3spine +hostname: ISIS-LEAF1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 172.31.0.1 +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_ISIS-SPINE1_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 110 name: SVI_110 tenant: L2LS_ISIS - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.4/24 - type: inband_mgmt -metadata: - platform: vEOS-LAB + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-SPINE1.yml index 920bb2c5b7e..643d6656ed0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/ISIS-SPINE1.yml @@ -1,111 +1,111 @@ -hostname: ISIS-SPINE1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 10.1.0.0/16 - gateway: 10.1.100.100 - vrf: default -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 172.31.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: ISIS-LEAF1 - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_ISIS-LEAF1_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: ISIS-LEAF1 + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 110 +hostname: ISIS-SPINE1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:9a +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 + isis_enable: EVPN_UNDERLAY + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 172.31.0.1 +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_ISIS-LEAF1_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110,4092 - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 - isis_enable: EVPN_UNDERLAY - isis_passive: true router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5001.00 router_id: 192.168.255.1 is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 + log_adjacency_changes: true redistribute_routes: - source_protocol: connected - source_protocol: static -vlans: -- id: 110 - name: SVI_110 - tenant: L2LS_ISIS -- id: 4092 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:9a + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- vrf: default + destination_address_prefix: 10.1.0.0/16 + gateway: 10.1.100.100 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan110 - tenant: L2LS_ISIS description: SVI_110 shutdown: false ip_address_virtual: 10.0.110.1/24 + tenant: L2LS_ISIS - name: Vlan4092 description: Inband Management shutdown: false + ip_address: 172.23.254.2/24 + ip_virtual_router_addresses: + - 172.23.254.1 mtu: 1500 ip_attached_host_route_export: enabled: true distance: 19 - ip_address: 172.23.254.2/24 - ip_virtual_router_addresses: - - 172.23.254.1 -metadata: - platform: vEOS-LAB +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 110 + name: SVI_110 + tenant: L2LS_ISIS +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF1.yml index aced0b39991..44eeacbc2bc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF1.yml @@ -1,87 +1,87 @@ -hostname: L2ONLY-LEAF1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: L2ONLY-SPINE1 - peer_interface: Ethernet1 - peer_type: l2spine description: L2_L2ONLY-SPINE1_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: L2ONLY-SPINE2 + peer: L2ONLY-SPINE1 peer_interface: Ethernet1 peer_type: l2spine +- name: Ethernet2 description: L2_L2ONLY-SPINE2_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: L2ONLY-SPINE2 + peer_interface: Ethernet1 + peer_type: l2spine - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet11 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 +hostname: L2ONLY-LEAF1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_L2ONLY_SPINES_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 100 name: L2VLAN_100 tenant: L2LS_L2ONLY - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.4/24 - type: inband_mgmt + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF2.yml index 985c801e2de..e4499acabbb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-LEAF2.yml @@ -1,87 +1,87 @@ -hostname: L2ONLY-LEAF2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: L2ONLY-SPINE1 - peer_interface: Ethernet2 - peer_type: l2spine description: L2_L2ONLY-SPINE1_Ethernet2 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: L2ONLY-SPINE2 + peer: L2ONLY-SPINE1 peer_interface: Ethernet2 peer_type: l2spine +- name: Ethernet2 description: L2_L2ONLY-SPINE2_Ethernet2 shutdown: false channel_group: id: 1 mode: active + peer: L2ONLY-SPINE2 + peer_interface: Ethernet2 + peer_type: l2spine - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet11 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 +hostname: L2ONLY-LEAF2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_L2ONLY_SPINES_Port-Channel2 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.5/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 100 name: L2VLAN_100 tenant: L2LS_L2ONLY - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.5/24 - type: inband_mgmt + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE1.yml index 93d6cfb7927..7e19dd4ca81 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE1.yml @@ -1,112 +1,54 @@ -hostname: L2ONLY-SPINE1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 100 - name: L2VLAN_100 - tenant: L2LS_L2ONLY -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.254.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_L2ONLY-SPINE2_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_L2ONLY-LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 1 -- name: Port-Channel2 - description: L2_L2ONLY-LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 2 ethernet_interfaces: - name: Ethernet3 - peer: L2ONLY-SPINE2 - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_L2ONLY-SPINE2_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: L2ONLY-SPINE2 - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_L2ONLY-SPINE2_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: L2ONLY-SPINE2 + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: L2ONLY-LEAF1 - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_L2ONLY-LEAF1_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: L2ONLY-LEAF2 + peer: L2ONLY-LEAF1 peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet2 description: L2_L2ONLY-LEAF2_Ethernet1 shutdown: false channel_group: id: 2 mode: active + peer: L2ONLY-LEAF2 + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: L2ONLY-SPINE1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: L2ONLY_SPINES local_interface: Vlan4094 @@ -114,5 +56,63 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_L2ONLY-SPINE2_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_L2ONLY-LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +- name: Port-Channel2 + description: L2_L2ONLY-LEAF2_Port-Channel1 + shutdown: false + mlag: 2 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.254.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 100 + name: L2VLAN_100 + tenant: L2LS_L2ONLY +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE2.yml index a8583cc5852..742398ff095 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/L2ONLY-SPINE2.yml @@ -1,112 +1,54 @@ -hostname: L2ONLY-SPINE2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 100 - name: L2VLAN_100 - tenant: L2LS_L2ONLY -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.254.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_L2ONLY-SPINE1_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_L2ONLY-LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 1 -- name: Port-Channel2 - description: L2_L2ONLY-LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 2 ethernet_interfaces: - name: Ethernet3 - peer: L2ONLY-SPINE1 - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_L2ONLY-SPINE1_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: L2ONLY-SPINE1 - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_L2ONLY-SPINE1_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: L2ONLY-SPINE1 + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: L2ONLY-LEAF1 - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_L2ONLY-LEAF1_Ethernet2 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: L2ONLY-LEAF2 + peer: L2ONLY-LEAF1 peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet2 description: L2_L2ONLY-LEAF2_Ethernet2 shutdown: false channel_group: id: 2 mode: active + peer: L2ONLY-LEAF2 + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: L2ONLY-SPINE2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: L2ONLY_SPINES local_interface: Vlan4094 @@ -114,5 +56,63 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_L2ONLY-SPINE1_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_L2ONLY-LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +- name: Port-Channel2 + description: L2_L2ONLY-LEAF2_Port-Channel1 + shutdown: false + mlag: 2 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.254.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 100 + name: L2VLAN_100 + tenant: L2LS_L2ONLY +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF1.yml index d90963cedd4..dcbd76c1d35 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF1.yml @@ -1,87 +1,87 @@ -hostname: OSPF-LEAF1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: OSPF-SPINE1 - peer_interface: Ethernet1 - peer_type: l3spine description: L2_OSPF-SPINE1_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: OSPF-SPINE2 + peer: OSPF-SPINE1 peer_interface: Ethernet1 peer_type: l3spine +- name: Ethernet2 description: L2_OSPF-SPINE2_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: OSPF-SPINE2 + peer_interface: Ethernet1 + peer_type: l3spine - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet11 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 +hostname: OSPF-LEAF1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_OSPF_SPINES_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 100 name: SVI_100 tenant: L2LS_OSPF - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.4/24 - type: inband_mgmt + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF2.yml index b52d7f639f2..2a42644383f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-LEAF2.yml @@ -1,87 +1,87 @@ -hostname: OSPF-LEAF2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.23.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: OSPF-SPINE1 - peer_interface: Ethernet2 - peer_type: l3spine description: L2_OSPF-SPINE1_Ethernet2 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: OSPF-SPINE2 + peer: OSPF-SPINE1 peer_interface: Ethernet2 peer_type: l3spine +- name: Ethernet2 description: L2_OSPF-SPINE2_Ethernet2 shutdown: false channel_group: id: 1 mode: active + peer: OSPF-SPINE2 + peer_interface: Ethernet2 + peer_type: l3spine - name: Ethernet10 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 - name: Ethernet11 - peer_type: network_port description: Endpoint shutdown: false + peer_type: network_port switchport: enabled: true mode: access access_vlan: 100 +hostname: OSPF-LEAF2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_OSPF_SPINES_Port-Channel2 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 100,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.23.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management shutdown: false + ip_address: 172.23.254.5/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 100 name: SVI_100 tenant: L2LS_OSPF - id: 4092 - tenant: system name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 172.23.254.5/24 - type: inband_mgmt + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE1.yml index 5511f4ccda9..e9b23ca3204 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE1.yml @@ -1,144 +1,73 @@ -hostname: OSPF-SPINE1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 100 - name: SVI_100 - tenant: L2LS_OSPF -- id: 4092 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.254.0/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 -- name: Vlan100 - tenant: L2LS_OSPF - description: SVI_100 - shutdown: false - ip_address_virtual: 10.0.100.1/24 -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.23.254.2/24 - ip_virtual_router_addresses: - - 172.23.254.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_OSPF-SPINE2_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_OSPF-LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 1 -- name: Port-Channel2 - description: L2_OSPF-LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 2 ethernet_interfaces: - name: Ethernet3 - peer: OSPF-SPINE2 - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_OSPF-SPINE2_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: OSPF-SPINE2 - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_OSPF-SPINE2_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: OSPF-SPINE2 + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: OSPF-LEAF1 - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_OSPF-LEAF1_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: OSPF-LEAF2 + peer: OSPF-LEAF1 peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet2 description: L2_OSPF-LEAF2_Ethernet1 shutdown: false channel_group: id: 2 mode: active + peer: OSPF-LEAF2 + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet5 + description: P2P_DUMMY-CORE_Ethernet1/1 + shutdown: false + mtu: 9214 + ip_address: 192.168.253.0/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 peer: DUMMY-CORE peer_interface: Ethernet1/1 peer_type: other switchport: enabled: false +hostname: OSPF-SPINE1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 9214 - ip_address: 192.168.253.0/31 - ospf_network_point_to_point: true + ip_address: 192.168.255.1/32 ospf_area: 0.0.0.0 - description: P2P_DUMMY-CORE_Ethernet1/1 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: OSPF_SPINES local_interface: Vlan4094 @@ -146,25 +75,96 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_OSPF-SPINE2_Port-Channel3 shutdown: false - ip_address: 192.168.255.1/32 - ospf_area: 0.0.0.0 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_OSPF-LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +- name: Port-Channel2 + description: L2_OSPF-LEAF2_Port-Channel1 + shutdown: false + mlag: 2 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 router_ospf: process_ids: - id: 100 passive_interface_default: true router_id: 192.168.255.1 - max_lsa: 12000 + bfd_enable: false no_passive_interfaces: - Vlan4094 - Ethernet5 - bfd_enable: false + max_lsa: 12000 redistribute: connected: enabled: true -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.254.0/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 9214 + no_autostate: true +- name: Vlan100 + description: SVI_100 + shutdown: false + ip_address_virtual: 10.0.100.1/24 + tenant: L2LS_OSPF +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 172.23.254.2/24 + ip_virtual_router_addresses: + - 172.23.254.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 100 + name: SVI_100 + tenant: L2LS_OSPF +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE2.yml index 87eb34c3bd5..d1d469cada5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-l2ls/intended/structured_configs/OSPF-SPINE2.yml @@ -1,147 +1,73 @@ -hostname: OSPF-SPINE2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.31.0.1 -- destination_address_prefix: 10.0.0.0/8 - gateway: 10.1.100.100 - vrf: default -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 100 - name: SVI_100 - tenant: L2LS_OSPF -- id: 4092 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.254.1/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 -- name: Vlan100 - tenant: L2LS_OSPF - description: SVI_100 - shutdown: false - ip_address_virtual: 10.0.100.1/24 -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.23.254.3/24 - ip_virtual_router_addresses: - - 172.23.254.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_OSPF-SPINE1_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_OSPF-LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 1 -- name: Port-Channel2 - description: L2_OSPF-LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 100,4092 - shutdown: false - mlag: 2 ethernet_interfaces: - name: Ethernet3 - peer: OSPF-SPINE1 - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_OSPF-SPINE1_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: OSPF-SPINE1 - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_OSPF-SPINE1_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: OSPF-SPINE1 + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: OSPF-LEAF1 - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_OSPF-LEAF1_Ethernet2 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: OSPF-LEAF2 + peer: OSPF-LEAF1 peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet2 description: L2_OSPF-LEAF2_Ethernet2 shutdown: false channel_group: id: 2 mode: active + peer: OSPF-LEAF2 + peer_interface: Ethernet2 + peer_type: l2leaf - name: Ethernet5 + description: P2P_DUMMY-CORE_Ethernet1/2 + shutdown: false + mtu: 9214 + ip_address: 192.168.253.2/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 peer: DUMMY-CORE peer_interface: Ethernet1/2 peer_type: other switchport: enabled: false +hostname: OSPF-SPINE2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 9214 - ip_address: 192.168.253.2/31 - ospf_network_point_to_point: true + ip_address: 192.168.255.2/32 ospf_area: 0.0.0.0 - description: P2P_DUMMY-CORE_Ethernet1/2 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: OSPF_SPINES local_interface: Vlan4094 @@ -149,27 +75,101 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_OSPF-SPINE1_Port-Channel3 shutdown: false - ip_address: 192.168.255.2/32 - ospf_area: 0.0.0.0 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_OSPF-LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 +- name: Port-Channel2 + description: L2_OSPF-LEAF2_Port-Channel1 + shutdown: false + mlag: 2 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 100,4092 router_ospf: process_ids: - id: 100 passive_interface_default: true router_id: 192.168.255.2 - max_lsa: 12000 + bfd_enable: false no_passive_interfaces: - Vlan4094 - Ethernet5 - bfd_enable: false + max_lsa: 12000 redistribute: - connected: - enabled: true static: enabled: true -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + connected: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.31.0.1 +- vrf: default + destination_address_prefix: 10.0.0.0/8 + gateway: 10.1.100.100 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.254.1/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 9214 + no_autostate: true +- name: Vlan100 + description: SVI_100 + shutdown: false + ip_address_virtual: 10.0.100.1/24 + tenant: L2LS_OSPF +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 172.23.254.3/24 + ip_virtual_router_addresses: + - 172.23.254.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 100 + name: SVI_100 + tenant: L2LS_OSPF +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER1.yml index 569a677a113..fb92a2af001 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER1.yml @@ -1,315 +1,153 @@ -hostname: SITE1-LER1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 100.70.0.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: MPLS-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: SHsTgDgjVUU5a9blyxSt3Q== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - neighbor_default: - encapsulation: mpls - next_hop_self_source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 100.70.0.8 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-RR1 - description: SITE1-RR1_Loopback0 - - ip_address: 100.70.0.9 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE2-RR1 - description: SITE2-RR1_Loopback0 - vrfs: - - name: TENANT_B_INTRA - rd: 100.70.0.5:19 - route_targets: - import: - - address_family: evpn - route_targets: - - '65000:19' - export: - - address_family: evpn - route_targets: - - '65000:19' - router_id: 100.70.0.5 - redistribute: - connected: - enabled: true - ospf: - enabled: true - vlans: - - id: 10 - tenant: TENANT_A - rd: 100.70.0.5:10010 - route_targets: - both: - - 65000:10010 - redistribute_routes: - - learned - - id: 20 - tenant: TENANT_A - rd: 100.70.0.5:123456 - route_targets: - both: - - 65000:123456 - redistribute_routes: - - learned - - id: 2020 - tenant: TENANT_B - rd: 100.70.0.5:22020 - route_targets: - both: - - 65000:22020 - redistribute_routes: - - learned - vpws: - - name: TENANT_A - rd: 100.70.0.5:1000 - route_targets: - import_export: 65000:1000 - pseudowires: - - name: TEN_A_site2_site5_eline_port_based - id_local: 26 - id_remote: 57 - - name: TENANT_B - rd: 100.70.0.5:2000 - route_targets: - import_export: 65000:2000 - pseudowires: - - name: TEN_B_site3_site5_eline_vlan_based_1000 - id_local: 31000 - id_remote: 51000 - - name: TEN_B_site3_site5_eline_vlan_based_1001 - id_local: 31001 - id_remote: 51001 - - name: TEN_B_site3_site5_eline_vlan_based_1002 - id_local: 31002 - id_remote: 51002 - - name: TEN_B_site3_site5_eline_vlan_based_1003 - id_local: 31003 - id_remote: 51003 - - name: TEN_B_site3_site5_eline_vlan_based_1004 - id_local: 31004 - id_remote: 51004 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -- name: TENANT_B_INTRA - tenant: TENANT_B - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.5/32 - ipv6_address: 2000:1234:ffff:ffff::5/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 205 - ipv6_index: 205 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.1000.7000.0005.00 - router_id: 100.70.0.5 - is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.5 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.5 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet1 - peer: SITE1-LSR1 - peer_interface: Ethernet1 - peer_type: p - switchport: - enabled: false + description: P2P_SITE1-LSR1_Ethernet1 shutdown: false + speed: forced 40gfull mtu: 9178 - eos_cli: 'link-debounce time 1000 - - ' ip_address: 100.64.48.0/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LSR1_Ethernet1 - speed: forced 40gfull -- name: Ethernet2 - peer: SITE1-LER2 - peer_interface: Ethernet2 - peer_type: pe + peer: SITE1-LSR1 + peer_interface: Ethernet1 + peer_type: p switchport: enabled: false - shutdown: false - mtu: 9178 - eos_cli: 'link-debounce time 1500 + eos_cli: 'link-debounce time 1000 ' +- name: Ethernet2 + description: P2P_SITE1-LER2_Ethernet2 + shutdown: false + speed: forced 10000full + mtu: 9178 ip_address: 100.64.48.4/31 ipv6_enable: true isis_enable: CORE isis_metric: 500 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LER2_Ethernet2 - speed: forced 10000full + peer: SITE1-LER2 + peer_interface: Ethernet2 + peer_type: pe + switchport: + enabled: false + eos_cli: 'link-debounce time 1500 + + ' - name: Ethernet6.10 - peer_type: l3_interface - ip_address: 10.123.1.0/31 - shutdown: false description: TENANT_B_SITE_3_INTRA_L3VPN + shutdown: false + vrf: TENANT_B_INTRA encapsulation_dot1q: vlan: 10 - vrf: TENANT_B_INTRA - ospf_area: 0.0.0.0 + ip_address: 10.123.1.0/31 ospf_network_point_to_point: true + ospf_area: 0.0.0.0 ospf_cost: 10 + peer_type: l3_interface - name: Ethernet6 - switchport: - enabled: false - peer_type: point_to_point_service shutdown: false lldp: transmit: false receive: false -- name: Ethernet3 peer_type: point_to_point_service + switchport: + enabled: false +- name: Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer_type: point_to_point_service +- name: Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer_type: point_to_point_service - name: Ethernet8 + description: CPE_CPE_TENANT_A_SITE1_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active peer: CPE_TENANT_A_SITE1 peer_interface: Ethernet1 peer_type: cpe port_profile: TENANT_A_WAN_SERVICE_10 - description: CPE_CPE_TENANT_A_SITE1_Ethernet1 +hostname: SITE1-LER1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.5/32 + ipv6_address: 2000:1234:ffff:ffff::5/128 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 205 + ipv6_index: 205 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT shutdown: false - channel_group: - id: 8 - mode: active + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR3 +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.5 + shutdown: false + transport_address_interface: Loopback0 patch_panel: patches: - name: TEN_A_site2_site5_eline_port_based @@ -366,111 +204,235 @@ patch_panel: - id: '2' type: pseudowire endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1004 -vlans: -- id: 10 - name: TENANT_A_L2_SERVICE - tenant: TENANT_A -- id: 20 - name: TENANT_A_L2_SERVICE - tenant: TENANT_A -- id: 2020 - name: TENANT_B_INSIDE_FW - tenant: TENANT_B -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 -vlan_interfaces: -- name: Vlan2020 - tenant: TENANT_B - tags: - - tag1 - description: TENANT_B_INSIDE_FW - shutdown: false - vrf: TENANT_B_INTRA port_channel_interfaces: - name: Port-Channel3.1000 - peer_type: point_to_point_service + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1000 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1001 peer_type: point_to_point_service +- name: Port-Channel3.1001 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1001 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1002 peer_type: point_to_point_service +- name: Port-Channel3.1002 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1002 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1003 peer_type: point_to_point_service +- name: Port-Channel3.1003 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1003 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1004 peer_type: point_to_point_service +- name: Port-Channel3.1004 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1004 network: encapsulation: client - shutdown: false + peer_type: point_to_point_service - name: Port-Channel3 - switchport: - enabled: false - peer_type: system shutdown: false evpn_ethernet_segment: identifier: 0000:0000:0102:0000:0034 route_target: 01:02:00:00:00:34 lacp_id: 0102.0000.0034 + peer_type: system + switchport: + enabled: false - name: Port-Channel8 description: CPE_CPE_TENANT_A_SITE1_EVPN-A-A-PortChannel shutdown: false switchport: enabled: false - name: Port-Channel8.111 - vlan_id: 111 encapsulation_vlan: client: encapsulation: dot1q vlan: 111 network: encapsulation: client + vlan_id: 111 - name: Port-Channel8.222 - vlan_id: 222 encapsulation_vlan: client: encapsulation: dot1q vlan: 222 network: encapsulation: client + vlan_id: 222 - name: Port-Channel8.333 - vlan_id: 434 encapsulation_vlan: client: encapsulation: dot1q vlan: 333 network: encapsulation: client + vlan_id: 434 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 100.70.0.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MPLS-OVERLAY-PEERS + type: mpls + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: SHsTgDgjVUU5a9blyxSt3Q== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.70.0.8 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-RR1 + description: SITE1-RR1_Loopback0 + - ip_address: 100.70.0.9 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE2-RR1 + description: SITE2-RR1_Loopback0 + vlans: + - id: 10 + tenant: TENANT_A + rd: 100.70.0.5:10010 + route_targets: + both: + - 65000:10010 + redistribute_routes: + - learned + - id: 20 + tenant: TENANT_A + rd: 100.70.0.5:123456 + route_targets: + both: + - 65000:123456 + redistribute_routes: + - learned + - id: 2020 + tenant: TENANT_B + rd: 100.70.0.5:22020 + route_targets: + both: + - 65000:22020 + redistribute_routes: + - learned + vpws: + - name: TENANT_A + rd: 100.70.0.5:1000 + route_targets: + import_export: 65000:1000 + pseudowires: + - name: TEN_A_site2_site5_eline_port_based + id_local: 26 + id_remote: 57 + - name: TENANT_B + rd: 100.70.0.5:2000 + route_targets: + import_export: 65000:2000 + pseudowires: + - name: TEN_B_site3_site5_eline_vlan_based_1000 + id_local: 31000 + id_remote: 51000 + - name: TEN_B_site3_site5_eline_vlan_based_1001 + id_local: 31001 + id_remote: 51001 + - name: TEN_B_site3_site5_eline_vlan_based_1002 + id_local: 31002 + id_remote: 51002 + - name: TEN_B_site3_site5_eline_vlan_based_1003 + id_local: 31003 + id_remote: 51003 + - name: TEN_B_site3_site5_eline_vlan_based_1004 + id_local: 31004 + id_remote: 51004 + address_family_evpn: + neighbor_default: + encapsulation: mpls + next_hop_self_source_interface: Loopback0 + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + vrfs: + - name: TENANT_B_INTRA + rd: 100.70.0.5:19 + route_targets: + import: + - address_family: evpn + route_targets: + - '65000:19' + export: + - address_family: evpn + route_targets: + - '65000:19' + router_id: 100.70.0.5 + redistribute: + connected: + enabled: true + ospf: + enabled: true +router_isis: + instance: CORE + net: 49.0001.1000.7000.0005.00 + router_id: 100.70.0.5 + is_type: level-1-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 100.70.0.5 router_ospf: process_ids: - id: 19 @@ -483,5 +445,43 @@ router_ospf: redistribute: bgp: enabled: true -metadata: - platform: 7280SR3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan2020 + description: TENANT_B_INSIDE_FW + shutdown: false + vrf: TENANT_B_INTRA + tenant: TENANT_B + tags: + - tag1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 10 + name: TENANT_A_L2_SERVICE + tenant: TENANT_A +- id: 20 + name: TENANT_A_L2_SERVICE + tenant: TENANT_A +- id: 2020 + name: TENANT_B_INSIDE_FW + tenant: TENANT_B +vrfs: +- name: MGMT + ip_routing: false +- name: TENANT_B_INTRA + ip_routing: true + tenant: TENANT_B diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER2.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER2.yml index 841b33bb842..b18f3cea6d1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LER2.yml @@ -1,354 +1,147 @@ -hostname: SITE1-LER2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 100.70.0.6 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: MPLS-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: SHsTgDgjVUU5a9blyxSt3Q== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - neighbor_default: - encapsulation: mpls - next_hop_self_source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - address_family_vpn_ipv6: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 100.70.0.8 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-RR1 - description: SITE1-RR1_Loopback0 - - ip_address: 100.70.0.9 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE2-RR1 - description: SITE2-RR1_Loopback0 - - ip_address: 100.70.0.5 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-LER1 - description: SITE1-LER1_Loopback0 - - ip_address: 100.70.0.7 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE2-LER1 - description: SITE2-LER1_Loopback0 - vrfs: - - name: TENANT_B_INTRA - rd: 100.70.0.6:19 - route_targets: - import: - - address_family: evpn - route_targets: - - '65000:19' - export: - - address_family: evpn - route_targets: - - '65000:19' - router_id: 100.70.0.6 - redistribute: - connected: - enabled: true - - name: TENANT_B_WAN - rd: 100.70.0.6:20 - route_targets: - import: - - address_family: vpn-ipv4 - route_targets: - - '65000:20' - - address_family: vpn-ipv6 - route_targets: - - '65000:20' - export: - - address_family: vpn-ipv4 - route_targets: - - '65000:20' - - address_family: vpn-ipv6 - route_targets: - - '65000:20' - router_id: 100.70.0.6 - redistribute: - connected: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 192.168.48.1 - activate: true - neighbors: - - ip_address: 192.168.48.1 - remote_as: '65201' - description: TENANT_B_CPE_SITE3 - password: toZKiUFLVUTU4hdS5V8F4Q== - updates: - wait_install: true - vlans: - - id: 10 - tenant: TENANT_A - rd: 100.70.0.6:10010 - route_targets: - both: - - 65000:10010 - redistribute_routes: - - learned - - id: 20 - tenant: TENANT_A - rd: 100.70.0.6:123456 - route_targets: - both: - - 65000:123456 - redistribute_routes: - - learned - - id: 2020 - tenant: TENANT_B - rd: 100.70.0.6:22020 - route_targets: - both: - - 65000:22020 - redistribute_routes: - - learned - vpws: - - name: TENANT_B - rd: 100.70.0.6:2000 - route_targets: - import_export: 65000:2000 - pseudowires: - - name: TEN_B_site3_site5_eline_vlan_based_1000 - id_local: 31000 - id_remote: 51000 - - name: TEN_B_site3_site5_eline_vlan_based_1001 - id_local: 31001 - id_remote: 51001 - - name: TEN_B_site3_site5_eline_vlan_based_1002 - id_local: 31002 - id_remote: 51002 - - name: TEN_B_site3_site5_eline_vlan_based_1003 - id_local: 31003 - id_remote: 51003 - - name: TEN_B_site3_site5_eline_vlan_based_1004 - id_local: 31004 - id_remote: 51004 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -- name: TENANT_B_INTRA - tenant: TENANT_B - ip_routing: true -- name: TENANT_B_WAN - tenant: TENANT_B - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.6/32 - ipv6_address: 2000:1234:ffff:ffff::6/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 206 - ipv6_index: 206 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.1000.7000.0006.00 - router_id: 100.70.0.6 - is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.6 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.6 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet1 - peer: SITE1-LSR2 - peer_interface: Ethernet1 - peer_type: p - switchport: - enabled: false + description: P2P_SITE1-LSR2_Ethernet1 shutdown: false + speed: forced 100gfull mtu: 9214 - eos_cli: 'link-debounce time 1000 - - ' ip_address: 100.64.48.2/31 ipv6_enable: true isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-1-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LSR2_Ethernet1 - speed: forced 100gfull -- name: Ethernet2 - peer: SITE1-LER1 - peer_interface: Ethernet2 - peer_type: pe + peer: SITE1-LSR2 + peer_interface: Ethernet1 + peer_type: p switchport: enabled: false - shutdown: false - mtu: 9178 - eos_cli: 'link-debounce time 1500 + eos_cli: 'link-debounce time 1000 ' +- name: Ethernet2 + description: P2P_SITE1-LER1_Ethernet2 + shutdown: false + speed: forced 10000full + mtu: 9178 ip_address: 100.64.48.5/31 ipv6_enable: true isis_enable: CORE isis_metric: 500 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LER1_Ethernet2 - speed: forced 10000full + peer: SITE1-LER1 + peer_interface: Ethernet2 + peer_type: pe + switchport: + enabled: false + eos_cli: 'link-debounce time 1500 + + ' - name: Ethernet5.100 - peer_type: l3_interface - ip_address: 192.168.48.0/31 - shutdown: false description: TENANT_B_SITE_3 + shutdown: false + vrf: TENANT_B_WAN encapsulation_dot1q: vlan: 100 - vrf: TENANT_B_WAN + ip_address: 192.168.48.0/31 + peer_type: l3_interface - name: Ethernet3 - peer_type: point_to_point_service shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer_type: point_to_point_service +- name: Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer_type: point_to_point_service - name: Ethernet5 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false - name: Ethernet8 - peer: CPE_TENANT_A_SITE1 - peer_interface: Ethernet2 - peer_type: cpe - port_profile: TENANT_A_WAN_SERVICE_10 description: CPE_CPE_TENANT_A_SITE1_Ethernet2 shutdown: false channel_group: id: 8 mode: active + peer: CPE_TENANT_A_SITE1 + peer_interface: Ethernet2 + peer_type: cpe + port_profile: TENANT_A_WAN_SERVICE_10 +hostname: SITE1-LER2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.6/32 + ipv6_address: 2000:1234:ffff:ffff::6/128 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 206 + ipv6_index: 206 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR3 +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.6 + shutdown: false + transport_address_interface: Loopback0 patch_panel: patches: - name: TEN_B_site3_site5_eline_vlan_based_1000 @@ -396,110 +189,317 @@ patch_panel: - id: '2' type: pseudowire endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1004 -vlans: -- id: 10 - name: TENANT_A_L2_SERVICE - tenant: TENANT_A -- id: 20 - name: TENANT_A_L2_SERVICE - tenant: TENANT_A -- id: 2020 - name: TENANT_B_INSIDE_FW - tenant: TENANT_B -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 -vlan_interfaces: -- name: Vlan2020 - tenant: TENANT_B - tags: - - tag1 - description: TENANT_B_INSIDE_FW - shutdown: false - vrf: TENANT_B_INTRA port_channel_interfaces: - name: Port-Channel3.1000 - peer_type: point_to_point_service + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1000 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1001 peer_type: point_to_point_service +- name: Port-Channel3.1001 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1001 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1002 peer_type: point_to_point_service +- name: Port-Channel3.1002 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1002 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1003 peer_type: point_to_point_service +- name: Port-Channel3.1003 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1003 network: encapsulation: client - shutdown: false -- name: Port-Channel3.1004 peer_type: point_to_point_service +- name: Port-Channel3.1004 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1004 network: encapsulation: client - shutdown: false + peer_type: point_to_point_service - name: Port-Channel3 - switchport: - enabled: false - peer_type: system shutdown: false evpn_ethernet_segment: identifier: 0000:0000:0102:0000:0034 route_target: 01:02:00:00:00:34 lacp_id: 0102.0000.0034 + peer_type: system + switchport: + enabled: false - name: Port-Channel8 description: CPE_CPE_TENANT_A_SITE1_EVPN-A-A-PortChannel shutdown: false switchport: enabled: false - name: Port-Channel8.111 - vlan_id: 111 encapsulation_vlan: client: encapsulation: dot1q vlan: 111 network: encapsulation: client + vlan_id: 111 - name: Port-Channel8.222 - vlan_id: 222 encapsulation_vlan: client: encapsulation: dot1q vlan: 222 network: encapsulation: client + vlan_id: 222 - name: Port-Channel8.333 - vlan_id: 434 encapsulation_vlan: client: encapsulation: dot1q vlan: 333 network: encapsulation: client -metadata: - platform: 7280SR3 + vlan_id: 434 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 100.70.0.6 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MPLS-OVERLAY-PEERS + type: mpls + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: SHsTgDgjVUU5a9blyxSt3Q== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.70.0.8 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-RR1 + description: SITE1-RR1_Loopback0 + - ip_address: 100.70.0.9 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE2-RR1 + description: SITE2-RR1_Loopback0 + - ip_address: 100.70.0.5 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-LER1 + description: SITE1-LER1_Loopback0 + - ip_address: 100.70.0.7 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE2-LER1 + description: SITE2-LER1_Loopback0 + vlans: + - id: 10 + tenant: TENANT_A + rd: 100.70.0.6:10010 + route_targets: + both: + - 65000:10010 + redistribute_routes: + - learned + - id: 20 + tenant: TENANT_A + rd: 100.70.0.6:123456 + route_targets: + both: + - 65000:123456 + redistribute_routes: + - learned + - id: 2020 + tenant: TENANT_B + rd: 100.70.0.6:22020 + route_targets: + both: + - 65000:22020 + redistribute_routes: + - learned + vpws: + - name: TENANT_B + rd: 100.70.0.6:2000 + route_targets: + import_export: 65000:2000 + pseudowires: + - name: TEN_B_site3_site5_eline_vlan_based_1000 + id_local: 31000 + id_remote: 51000 + - name: TEN_B_site3_site5_eline_vlan_based_1001 + id_local: 31001 + id_remote: 51001 + - name: TEN_B_site3_site5_eline_vlan_based_1002 + id_local: 31002 + id_remote: 51002 + - name: TEN_B_site3_site5_eline_vlan_based_1003 + id_local: 31003 + id_remote: 51003 + - name: TEN_B_site3_site5_eline_vlan_based_1004 + id_local: 31004 + id_remote: 51004 + address_family_evpn: + neighbor_default: + encapsulation: mpls + next_hop_self_source_interface: Loopback0 + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + address_family_vpn_ipv6: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + vrfs: + - name: TENANT_B_INTRA + rd: 100.70.0.6:19 + route_targets: + import: + - address_family: evpn + route_targets: + - '65000:19' + export: + - address_family: evpn + route_targets: + - '65000:19' + router_id: 100.70.0.6 + redistribute: + connected: + enabled: true + - name: TENANT_B_WAN + rd: 100.70.0.6:20 + route_targets: + import: + - address_family: vpn-ipv4 + route_targets: + - '65000:20' + - address_family: vpn-ipv6 + route_targets: + - '65000:20' + export: + - address_family: vpn-ipv4 + route_targets: + - '65000:20' + - address_family: vpn-ipv6 + route_targets: + - '65000:20' + router_id: 100.70.0.6 + updates: + wait_install: true + neighbors: + - ip_address: 192.168.48.1 + remote_as: '65201' + password: toZKiUFLVUTU4hdS5V8F4Q== + description: TENANT_B_CPE_SITE3 + redistribute: + connected: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 192.168.48.1 + activate: true +router_isis: + instance: CORE + net: 49.0001.1000.7000.0006.00 + router_id: 100.70.0.6 + is_type: level-1-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 100.70.0.6 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan2020 + description: TENANT_B_INSIDE_FW + shutdown: false + vrf: TENANT_B_INTRA + tenant: TENANT_B + tags: + - tag1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 10 + name: TENANT_A_L2_SERVICE + tenant: TENANT_A +- id: 20 + name: TENANT_A_L2_SERVICE + tenant: TENANT_A +- id: 2020 + name: TENANT_B_INSIDE_FW + tenant: TENANT_B +vrfs: +- name: MGMT + ip_routing: false +- name: TENANT_B_INTRA + ip_routing: true + tenant: TENANT_B +- name: TENANT_B_WAN + ip_routing: true + tenant: TENANT_B diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR1.yml index 3c778bea43a..e8a5f737931 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR1.yml @@ -1,178 +1,178 @@ -hostname: SITE1-LSR1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +ethernet_interfaces: +- name: Ethernet1 + description: P2P_SITE1-LER1_Ethernet1 shutdown: false - ip_address: 100.70.0.1/32 - ipv6_address: 2000:1234:ffff:ffff::1/128 + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.1/31 + ipv6_enable: true + isis_enable: CORE + isis_metric: 60 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: false + isis_authentication: + both: + key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: + ip: true ldp: interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 301 - ipv6_index: 301 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.1000.7000.0001.00 - router_id: 100.70.0.1 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.1 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.1 - shutdown: false - transport_address_interface: Loopback0 -ethernet_interfaces: -- name: Ethernet1 + igp_sync: true peer: SITE1-LER1 peer_interface: Ethernet1 peer_type: pe switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' - ip_address: 100.64.48.1/31 +- name: Ethernet4 + description: P2P_SITE1-RR1_Ethernet4 + shutdown: false + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.6/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LER1_Ethernet1 - speed: forced 40gfull -- name: Ethernet4 peer: SITE1-RR1 peer_interface: Ethernet4 peer_type: rr switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' - ip_address: 100.64.48.6/31 +- name: Ethernet3 + description: P2P_SITE2-LSR1_Ethernet3 + shutdown: false + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.8/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-RR1_Ethernet4 - speed: forced 40gfull -- name: Ethernet3 peer: SITE2-LSR1 peer_interface: Ethernet3 peer_type: p switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' - ip_address: 100.64.48.8/31 - ipv6_enable: true - isis_enable: CORE - isis_metric: 60 - isis_network_point_to_point: true - isis_hello_padding: false - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: asdadjiwtelogkkdng - key_type: '7' +hostname: SITE1-LSR1 +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.1/32 + ipv6_address: 2000:1234:ffff:ffff::1/128 mpls: - ip: true ldp: interface: true - igp_sync: true - description: P2P_SITE2-LSR1_Ethernet3 - speed: forced 40gfull + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 301 + ipv6_index: 301 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 metadata: platform: 7280SR +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.1 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.1000.7000.0001.00 + router_id: 100.70.0.1 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 100.70.0.1 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR2.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR2.yml index bc164af0335..3a2e70ce5d6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-LSR2.yml @@ -1,148 +1,148 @@ -hostname: SITE1-LSR2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.2/32 - ipv6_address: 2000:1234:ffff:ffff::2/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 302 - ipv6_index: 302 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.1000.7000.0002.00 - router_id: 100.70.0.2 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.2 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.2 - shutdown: false - transport_address_interface: Loopback0 ethernet_interfaces: - name: Ethernet1 - peer: SITE1-LER2 - peer_interface: Ethernet1 - peer_type: pe - switchport: - enabled: false + description: P2P_SITE1-LER2_Ethernet1 shutdown: false + speed: forced 100gfull mtu: 9214 - eos_cli: 'link-debounce time 1000 - - ' ip_address: 100.64.48.3/31 ipv6_enable: true isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-1-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LER2_Ethernet1 - speed: forced 100gfull -- name: Ethernet3 - peer: SITE2-LSR2 - peer_interface: Ethernet3 - peer_type: p + peer: SITE1-LER2 + peer_interface: Ethernet1 + peer_type: pe switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' +- name: Ethernet3 + description: P2P_SITE2-LSR2_Ethernet3 + shutdown: false + speed: forced 40gfull + mtu: 9178 ip_address: 100.64.48.10/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE2-LSR2_Ethernet3 - speed: forced 40gfull + peer: SITE2-LSR2 + peer_interface: Ethernet3 + peer_type: p + switchport: + enabled: false + eos_cli: 'link-debounce time 1000 + + ' +hostname: SITE1-LSR2 +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.2/32 + ipv6_address: 2000:1234:ffff:ffff::2/128 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 302 + ipv6_index: 302 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 metadata: platform: 7280SR +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.2 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.1000.7000.0002.00 + router_id: 100.70.0.2 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 100.70.0.2 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-RR1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-RR1.yml index f12a19aa924..0e169fede95 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-RR1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE1-RR1.yml @@ -1,38 +1,134 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "management security\n password encryption-key common\n" +ethernet_interfaces: +- name: Ethernet4 + description: P2P_SITE1-LSR1_Ethernet4 + shutdown: false + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.7/31 + ipv6_enable: true + isis_enable: CORE + isis_metric: 60 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: false + isis_authentication: + both: + key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: SITE1-LSR1 + peer_interface: Ethernet4 + peer_type: p + switchport: + enabled: false + eos_cli: 'link-debounce time 1000 + + ' hostname: SITE1-RR1 +ip_routing: true +ipv6_unicast_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.8/32 + ipv6_address: 2000:1234:ffff:ffff::8/128 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 108 + ipv6_index: 108 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 10.30.30.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR3 +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.8 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 100.70.0.8 - bgp_defaults: - - distance bgp 20 200 200 - - bgp route-reflector preserve-attributes always - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true bgp_cluster_id: 1.1.1.1 + bgp_defaults: + - distance bgp 20 200 200 + - bgp route-reflector preserve-attributes always + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65000' update_source: Loopback0 + route_reflector_client: true bfd: true password: SHsTgDgjVUU5a9blyxSt3Q== send_community: all maximum_routes: 0 - remote_as: '65000' - route_reflector_client: true - name: RR-OVERLAY-PEERS type: mpls + remote_as: '65000' update_source: Loopback0 bfd: true password: 04FdfTXWrEfpDTUc3mlSjg== send_community: all maximum_routes: 0 - remote_as: '65000' + neighbors: + - ip_address: 100.70.0.5 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-LER1 + description: SITE1-LER1_Loopback0 + - ip_address: 100.70.0.6 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-LER2 + description: SITE1-LER2_Loopback0 + - ip_address: 100.70.0.7 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE2-LER1 + description: SITE2-LER1_Loopback0 + - ip_address: 100.70.0.9 + peer_group: RR-OVERLAY-PEERS + peer: SITE2-RR1 + description: SITE2-RR1_Loopback0 address_family_evpn: neighbor_default: encapsulation: mpls @@ -59,141 +155,45 @@ router_bgp: activate: true - name: RR-OVERLAY-PEERS activate: true - neighbors: - - ip_address: 100.70.0.5 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-LER1 - description: SITE1-LER1_Loopback0 - - ip_address: 100.70.0.6 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-LER2 - description: SITE1-LER2_Loopback0 - - ip_address: 100.70.0.7 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE2-LER1 - description: SITE2-LER1_Loopback0 - - ip_address: 100.70.0.9 - peer_group: RR-OVERLAY-PEERS - peer: SITE2-RR1 - description: SITE2-RR1_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 10.30.30.108/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.8/32 - ipv6_address: 2000:1234:ffff:ffff::8/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 108 - ipv6_index: 108 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.1000.7000.0008.00 router_id: 100.70.0.8 is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection + log_adjacency_changes: true mpls_ldp_sync_default: true timers: local_convergence: - delay: 15000 protected_prefixes: true + delay: 15000 advertise: passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection address_family_ipv6: enabled: true maximum_paths: 4 fast_reroute_ti_lfa: mode: link-protection segment_routing_mpls: - router_id: 100.70.0.8 enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true router_id: 100.70.0.8 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ethernet_interfaces: -- name: Ethernet4 - peer: SITE1-LSR1 - peer_interface: Ethernet4 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 9178 - eos_cli: 'link-debounce time 1000 - - ' - ip_address: 100.64.48.7/31 - ipv6_enable: true - isis_enable: CORE - isis_metric: 60 - isis_network_point_to_point: true - isis_hello_padding: false - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: asdadjiwtelogkkdng - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_SITE1-LSR1_Ethernet4 - speed: forced 40gfull -metadata: - platform: 7280SR3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LER1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LER1.yml index d5827d010aa..17bf83ba4b0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LER1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LER1.yml @@ -1,592 +1,546 @@ -hostname: SITE2-LER1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 100.70.0.7 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: MPLS-OVERLAY-PEERS - type: mpls - update_source: Loopback0 - bfd: true - password: SHsTgDgjVUU5a9blyxSt3Q== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - neighbor_default: - encapsulation: mpls - next_hop_self_source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: false - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - address_family_vpn_ipv6: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: - - name: MPLS-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 100.70.0.8 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-RR1 - description: SITE1-RR1_Loopback0 - - ip_address: 100.70.0.9 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE2-RR1 - description: SITE2-RR1_Loopback0 - vrfs: - - name: TENANT_B_INTRA - rd: 100.70.0.7:19 - route_targets: - import: - - address_family: evpn - route_targets: - - '65000:19' - export: - - address_family: evpn - route_targets: - - '65000:19' - router_id: 100.70.0.7 - redistribute: - connected: - enabled: true - static: - enabled: true - - name: TENANT_B_WAN - rd: 100.70.0.7:20 - route_targets: - import: - - address_family: vpn-ipv4 - route_targets: - - '65000:20' - - address_family: vpn-ipv6 - route_targets: - - '65000:20' - export: - - address_family: vpn-ipv4 - route_targets: - - '65000:20' - - address_family: vpn-ipv6 - route_targets: - - '65000:20' - router_id: 100.70.0.7 - redistribute: - connected: - enabled: true - ospf: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 192.168.48.3 - activate: true - neighbors: - - ip_address: 192.168.48.3 - remote_as: '65202' - description: TENANT_B_CPE_SITE5 - password: OajzUG59/YF0NkgvOQyRnQ== - updates: - wait_install: true - vlans: - - id: 10 - tenant: TENANT_A - rd: 100.70.0.7:10010 - route_targets: - both: - - 65000:10010 - redistribute_routes: - - learned - - id: 20 - tenant: TENANT_A - rd: 100.70.0.7:123456 - route_targets: - both: - - 65000:123456 - redistribute_routes: - - learned - - id: 2020 - tenant: TENANT_B - rd: 100.70.0.7:22020 - route_targets: - both: - - 65000:22020 - redistribute_routes: - - learned - vpws: - - name: TENANT_A - rd: 100.70.0.7:1000 - route_targets: - import_export: 65000:1000 - pseudowires: - - name: TEN_A_site2_site5_eline_port_based - id_local: 57 - id_remote: 26 - - name: TENANT_B - rd: 100.70.0.7:2000 - route_targets: - import_export: 65000:2000 - pseudowires: - - name: TEN_B_site3_site5_eline_vlan_based_1000 - id_local: 51000 - id_remote: 31000 - - name: TEN_B_site3_site5_eline_vlan_based_1001 - id_local: 51001 - id_remote: 31001 - - name: TEN_B_site3_site5_eline_vlan_based_1002 - id_local: 51002 - id_remote: 31002 - - name: TEN_B_site3_site5_eline_vlan_based_1003 - id_local: 51003 - id_remote: 31003 - - name: TEN_B_site3_site5_eline_vlan_based_1004 - id_local: 51004 - id_remote: 31004 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 123.0.10.0/24 - gateway: 123.1.1.3 - name: TENANT_B_SITE_5_SUBNET - interface: Ethernet6.10 - vrf: TENANT_B_INTRA -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -- name: TENANT_B_INTRA - tenant: TENANT_B - ip_routing: true -- name: TENANT_B_WAN - tenant: TENANT_B - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.7/32 - ipv6_address: 2000:1234:ffff:ffff::7/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 207 - ipv6_index: 207 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.1000.7000.0007.00 - router_id: 100.70.0.7 - is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.7 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.7 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet1 - peer: SITE2-LSR1 - peer_interface: Ethernet1 - peer_type: p - switchport: - enabled: false + description: P2P_SITE2-LSR1_Ethernet1 shutdown: false + speed: forced 40gfull mtu: 9178 - eos_cli: 'link-debounce time 1000 - - ' ip_address: 100.64.48.15/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE2-LSR1_Ethernet1 - speed: forced 40gfull + peer: SITE2-LSR1 + peer_interface: Ethernet1 + peer_type: p + switchport: + enabled: false + eos_cli: 'link-debounce time 1000 + + ' - name: Ethernet11 + description: P2P_SITE2-LSR2_Ethernet12 + shutdown: false + speed: forced 40gfull + channel_group: + id: 11 + mode: active peer: SITE2-LSR2 peer_interface: Ethernet12 peer_type: p +- name: Ethernet12 + description: P2P_SITE2-LSR2_Ethernet13 shutdown: false + speed: forced 40gfull channel_group: id: 11 mode: active - description: P2P_SITE2-LSR2_Ethernet12 - speed: forced 40gfull -- name: Ethernet12 peer: SITE2-LSR2 peer_interface: Ethernet13 peer_type: p +- name: Ethernet13 + description: P2P_SITE2-LSR2_Ethernet14 shutdown: false + speed: forced 40gfull channel_group: - id: 11 + id: 220 mode: active - description: P2P_SITE2-LSR2_Ethernet13 - speed: forced 40gfull -- name: Ethernet13 peer: SITE2-LSR2 peer_interface: Ethernet14 peer_type: p +- name: Ethernet14 + description: P2P_SITE2-LSR2_Ethernet15 shutdown: false + speed: forced 40gfull channel_group: id: 220 mode: active - description: P2P_SITE2-LSR2_Ethernet14 - speed: forced 40gfull -- name: Ethernet14 peer: SITE2-LSR2 peer_interface: Ethernet15 peer_type: p - shutdown: false - channel_group: - id: 220 - mode: active - description: P2P_SITE2-LSR2_Ethernet15 - speed: forced 40gfull - name: Ethernet6.10 - peer_type: l3_interface - ip_address: 123.1.1.2/31 - shutdown: false description: TENANT_B_SITE_5_INTRA_L3VPN + shutdown: false + vrf: TENANT_B_INTRA encapsulation_dot1q: vlan: 10 - vrf: TENANT_B_INTRA -- name: Ethernet6.100 + ip_address: 123.1.1.2/31 peer_type: l3_interface - ip_address: 192.168.48.4/31 - shutdown: false +- name: Ethernet6.100 description: TENANT_B_SITE_3_OSPF + shutdown: false + vrf: TENANT_B_WAN encapsulation_dot1q: vlan: 100 - vrf: TENANT_B_WAN - ospf_area: 0.0.0.0 + ip_address: 192.168.48.4/31 ospf_network_point_to_point: true + ospf_area: 0.0.0.0 ospf_cost: 10 -- name: Ethernet6.101 peer_type: l3_interface - ip_address: 192.168.48.2/31 - shutdown: false +- name: Ethernet6.101 description: TENANT_B_SITE_5 + shutdown: false + vrf: TENANT_B_WAN encapsulation_dot1q: vlan: 101 - vrf: TENANT_B_WAN -- name: Ethernet6 + ip_address: 192.168.48.2/31 peer_type: l3_interface - ip_address: 123.10.10.2/31 - shutdown: false +- name: Ethernet6 description: TENANT_B_SITE_5_WAN_TEST - switchport: - enabled: false + shutdown: false vrf: TENANT_B_WAN -- name: Ethernet7 + ip_address: 123.10.10.2/31 + peer_type: l3_interface switchport: enabled: false - peer_type: point_to_point_service +- name: Ethernet7 shutdown: false lldp: transmit: false receive: false -- name: Ethernet4 peer_type: point_to_point_service + switchport: + enabled: false +- name: Ethernet4 shutdown: false channel_group: id: 4 mode: active -- name: Ethernet5 peer_type: point_to_point_service +- name: Ethernet5 shutdown: false channel_group: id: 4 mode: active + peer_type: point_to_point_service - name: Ethernet8 + description: CPE_CPE_TENANT_A_SITE2_eth0 + shutdown: false + spanning_tree_portfast: edge peer: CPE_TENANT_A_SITE2 peer_interface: eth0 peer_type: cpe port_profile: TENANT_A_WAN_SERVICE_10 - description: CPE_CPE_TENANT_A_SITE2_eth0 - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '10' - spanning_tree_portfast: edge +hostname: SITE2-LER1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.7/32 + ipv6_address: 2000:1234:ffff:ffff::7/128 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 207 + ipv6_index: 207 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR3 +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.7 + shutdown: false + transport_address_interface: Loopback0 +patch_panel: + patches: + - name: TEN_A_site2_site5_eline_port_based + enabled: true + connectors: + - id: '1' + type: interface + endpoint: Ethernet7 + - id: '2' + type: pseudowire + endpoint: bgp vpws TENANT_A pseudowire TEN_A_site2_site5_eline_port_based + - name: TEN_B_site3_site5_eline_vlan_based_1000 + enabled: true + connectors: + - id: '1' + type: interface + endpoint: Port-Channel4.1000 + - id: '2' + type: pseudowire + endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1000 + - name: TEN_B_site3_site5_eline_vlan_based_1001 + enabled: true + connectors: + - id: '1' + type: interface + endpoint: Port-Channel4.1001 + - id: '2' + type: pseudowire + endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1001 + - name: TEN_B_site3_site5_eline_vlan_based_1002 + enabled: true + connectors: + - id: '1' + type: interface + endpoint: Port-Channel4.1002 + - id: '2' + type: pseudowire + endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1002 + - name: TEN_B_site3_site5_eline_vlan_based_1003 + enabled: true + connectors: + - id: '1' + type: interface + endpoint: Port-Channel4.1003 + - id: '2' + type: pseudowire + endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1003 + - name: TEN_B_site3_site5_eline_vlan_based_1004 + enabled: true + connectors: + - id: '1' + type: interface + endpoint: Port-Channel4.1004 + - id: '2' + type: pseudowire + endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1004 port_channel_interfaces: - name: Port-Channel11 - peer: SITE2-LSR2 - peer_interface: Port-Channel12 - peer_type: p - switchport: - enabled: false + description: P2P_SITE2-LSR2_Port-Channel12 shutdown: false mtu: 9178 - eos_cli: 'link-debounce time 1600 - - ' - ip_address: 100.64.49.2/30 - ipv6_enable: true + mpls: + ip: true + ldp: + interface: true + igp_sync: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_SITE2-LSR2_Port-Channel12 -- name: Port-Channel220 + key: asdadjiwtelogkkdng + mode: md5 + ip_address: 100.64.49.2/30 + ipv6_enable: true peer: SITE2-LSR2 - peer_interface: Port-Channel110 + peer_interface: Port-Channel12 peer_type: p switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1600 ' - ip_address: 100.64.49.6/30 - ipv6_enable: true +- name: Port-Channel220 + description: P2P_SITE2-LSR2_Port-Channel110 + shutdown: false + mtu: 9178 + mpls: + ip: true + ldp: + interface: true + igp_sync: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_SITE2-LSR2_Port-Channel110 + key: asdadjiwtelogkkdng + mode: md5 + ip_address: 100.64.49.6/30 + ipv6_enable: true + peer: SITE2-LSR2 + peer_interface: Port-Channel110 + peer_type: p + switchport: + enabled: false + eos_cli: 'link-debounce time 1600 + + ' - name: Port-Channel4.1000 - peer_type: point_to_point_service + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1000 network: encapsulation: client - shutdown: false -- name: Port-Channel4.1001 peer_type: point_to_point_service +- name: Port-Channel4.1001 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1001 network: encapsulation: client - shutdown: false -- name: Port-Channel4.1002 peer_type: point_to_point_service +- name: Port-Channel4.1002 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1002 network: encapsulation: client - shutdown: false -- name: Port-Channel4.1003 peer_type: point_to_point_service +- name: Port-Channel4.1003 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1003 network: encapsulation: client - shutdown: false -- name: Port-Channel4.1004 peer_type: point_to_point_service +- name: Port-Channel4.1004 + shutdown: false encapsulation_vlan: client: encapsulation: dot1q vlan: 1004 network: encapsulation: client - shutdown: false + peer_type: point_to_point_service - name: Port-Channel4 + shutdown: false + peer_type: system switchport: enabled: false - peer_type: system - shutdown: false -patch_panel: - patches: - - name: TEN_A_site2_site5_eline_port_based - enabled: true - connectors: - - id: '1' - type: interface - endpoint: Ethernet7 - - id: '2' - type: pseudowire - endpoint: bgp vpws TENANT_A pseudowire TEN_A_site2_site5_eline_port_based - - name: TEN_B_site3_site5_eline_vlan_based_1000 - enabled: true - connectors: - - id: '1' - type: interface - endpoint: Port-Channel4.1000 - - id: '2' - type: pseudowire - endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1000 - - name: TEN_B_site3_site5_eline_vlan_based_1001 - enabled: true - connectors: - - id: '1' - type: interface - endpoint: Port-Channel4.1001 - - id: '2' - type: pseudowire - endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1001 - - name: TEN_B_site3_site5_eline_vlan_based_1002 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 100.70.0.7 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MPLS-OVERLAY-PEERS + type: mpls + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: SHsTgDgjVUU5a9blyxSt3Q== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.70.0.8 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-RR1 + description: SITE1-RR1_Loopback0 + - ip_address: 100.70.0.9 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE2-RR1 + description: SITE2-RR1_Loopback0 + vlans: + - id: 10 + tenant: TENANT_A + rd: 100.70.0.7:10010 + route_targets: + both: + - 65000:10010 + redistribute_routes: + - learned + - id: 20 + tenant: TENANT_A + rd: 100.70.0.7:123456 + route_targets: + both: + - 65000:123456 + redistribute_routes: + - learned + - id: 2020 + tenant: TENANT_B + rd: 100.70.0.7:22020 + route_targets: + both: + - 65000:22020 + redistribute_routes: + - learned + vpws: + - name: TENANT_A + rd: 100.70.0.7:1000 + route_targets: + import_export: 65000:1000 + pseudowires: + - name: TEN_A_site2_site5_eline_port_based + id_local: 57 + id_remote: 26 + - name: TENANT_B + rd: 100.70.0.7:2000 + route_targets: + import_export: 65000:2000 + pseudowires: + - name: TEN_B_site3_site5_eline_vlan_based_1000 + id_local: 51000 + id_remote: 31000 + - name: TEN_B_site3_site5_eline_vlan_based_1001 + id_local: 51001 + id_remote: 31001 + - name: TEN_B_site3_site5_eline_vlan_based_1002 + id_local: 51002 + id_remote: 31002 + - name: TEN_B_site3_site5_eline_vlan_based_1003 + id_local: 51003 + id_remote: 31003 + - name: TEN_B_site3_site5_eline_vlan_based_1004 + id_local: 51004 + id_remote: 31004 + address_family_evpn: + neighbor_default: + encapsulation: mpls + next_hop_self_source_interface: Loopback0 + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: false + address_family_vpn_ipv4: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + address_family_vpn_ipv6: + peer_groups: + - name: MPLS-OVERLAY-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + vrfs: + - name: TENANT_B_INTRA + rd: 100.70.0.7:19 + route_targets: + import: + - address_family: evpn + route_targets: + - '65000:19' + export: + - address_family: evpn + route_targets: + - '65000:19' + router_id: 100.70.0.7 + redistribute: + connected: + enabled: true + static: + enabled: true + - name: TENANT_B_WAN + rd: 100.70.0.7:20 + route_targets: + import: + - address_family: vpn-ipv4 + route_targets: + - '65000:20' + - address_family: vpn-ipv6 + route_targets: + - '65000:20' + export: + - address_family: vpn-ipv4 + route_targets: + - '65000:20' + - address_family: vpn-ipv6 + route_targets: + - '65000:20' + router_id: 100.70.0.7 + updates: + wait_install: true + neighbors: + - ip_address: 192.168.48.3 + remote_as: '65202' + password: OajzUG59/YF0NkgvOQyRnQ== + description: TENANT_B_CPE_SITE5 + redistribute: + connected: + enabled: true + ospf: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 192.168.48.3 + activate: true +router_isis: + instance: CORE + net: 49.0001.1000.7000.0007.00 + router_id: 100.70.0.7 + is_type: level-1-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: enabled: true - connectors: - - id: '1' - type: interface - endpoint: Port-Channel4.1002 - - id: '2' - type: pseudowire - endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1002 - - name: TEN_B_site3_site5_eline_vlan_based_1003 + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: enabled: true - connectors: - - id: '1' - type: interface - endpoint: Port-Channel4.1003 - - id: '2' - type: pseudowire - endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1003 - - name: TEN_B_site3_site5_eline_vlan_based_1004 + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: enabled: true - connectors: - - id: '1' - type: interface - endpoint: Port-Channel4.1004 - - id: '2' - type: pseudowire - endpoint: bgp vpws TENANT_B pseudowire TEN_B_site3_site5_eline_vlan_based_1004 -vlans: -- id: 10 - name: TENANT_A_L2_SERVICE - tenant: TENANT_A -- id: 20 - name: TENANT_A_L2_SERVICE - tenant: TENANT_A -- id: 2020 - name: TENANT_B_INSIDE_FW - tenant: TENANT_B -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 -vlan_interfaces: -- name: Vlan2020 - tenant: TENANT_B - tags: - - tag1 - description: TENANT_B_INSIDE_FW - shutdown: false - vrf: TENANT_B_INTRA + router_id: 100.70.0.7 router_ospf: process_ids: - id: 99 @@ -599,5 +553,51 @@ router_ospf: redistribute: bgp: enabled: true -metadata: - platform: 7280SR3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: TENANT_B_INTRA + destination_address_prefix: 123.0.10.0/24 + interface: Ethernet6.10 + gateway: 123.1.1.3 + name: TENANT_B_SITE_5_SUBNET +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan2020 + description: TENANT_B_INSIDE_FW + shutdown: false + vrf: TENANT_B_INTRA + tenant: TENANT_B + tags: + - tag1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 10 + name: TENANT_A_L2_SERVICE + tenant: TENANT_A +- id: 20 + name: TENANT_A_L2_SERVICE + tenant: TENANT_A +- id: 2020 + name: TENANT_B_INSIDE_FW + tenant: TENANT_B +vrfs: +- name: MGMT + ip_routing: false +- name: TENANT_B_INTRA + ip_routing: true + tenant: TENANT_B +- name: TENANT_B_WAN + ip_routing: true + tenant: TENANT_B diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR1.yml index c8d23572682..848ce3d4ca2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR1.yml @@ -1,178 +1,178 @@ -hostname: SITE2-LSR1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +ethernet_interfaces: +- name: Ethernet3 + description: P2P_SITE1-LSR1_Ethernet3 shutdown: false - ip_address: 100.70.0.3/32 - ipv6_address: 2000:1234:ffff:ffff::3/128 + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.9/31 + ipv6_enable: true + isis_enable: CUSTOM_NAME + isis_metric: 60 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: false + isis_authentication: + both: + key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: + ip: true ldp: interface: true - isis_enable: CUSTOM_NAME - isis_passive: true - node_segment: - ipv4_index: 303 - ipv6_index: 303 -router_isis: - instance: CUSTOM_NAME - log_adjacency_changes: true - net: 49.0001.1000.7000.0003.00 - router_id: 100.70.0.3 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.3 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.3 - shutdown: false - transport_address_interface: Loopback0 -ethernet_interfaces: -- name: Ethernet3 + igp_sync: true peer: SITE1-LSR1 peer_interface: Ethernet3 peer_type: p switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' - ip_address: 100.64.48.9/31 +- name: Ethernet4 + description: P2P_SITE2-RR1_Ethernet4 + shutdown: false + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.12/31 ipv6_enable: true isis_enable: CUSTOM_NAME isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LSR1_Ethernet3 - speed: forced 40gfull -- name: Ethernet4 peer: SITE2-RR1 peer_interface: Ethernet4 peer_type: rr switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' - ip_address: 100.64.48.12/31 +- name: Ethernet1 + description: P2P_SITE2-LER1_Ethernet1 + shutdown: false + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.14/31 ipv6_enable: true isis_enable: CUSTOM_NAME isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE2-RR1_Ethernet4 - speed: forced 40gfull -- name: Ethernet1 peer: SITE2-LER1 peer_interface: Ethernet1 peer_type: pe switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1000 ' - ip_address: 100.64.48.14/31 - ipv6_enable: true - isis_enable: CUSTOM_NAME - isis_metric: 60 - isis_network_point_to_point: true - isis_hello_padding: false - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: asdadjiwtelogkkdng - key_type: '7' +hostname: SITE2-LSR1 +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.3/32 + ipv6_address: 2000:1234:ffff:ffff::3/128 mpls: - ip: true ldp: interface: true - igp_sync: true - description: P2P_SITE2-LER1_Ethernet1 - speed: forced 40gfull + isis_enable: CUSTOM_NAME + isis_passive: true + node_segment: + ipv4_index: 303 + ipv6_index: 303 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 metadata: platform: 7280SR +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.3 + shutdown: false + transport_address_interface: Loopback0 +router_isis: + instance: CUSTOM_NAME + net: 49.0001.1000.7000.0003.00 + router_id: 100.70.0.3 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 100.70.0.3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR2.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR2.yml index 48ec585a3cb..20725abcc28 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-LSR2.yml @@ -1,217 +1,217 @@ -hostname: SITE2-LSR2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.4/32 - ipv6_address: 2000:1234:ffff:ffff::4/128 - mpls: - ldp: - interface: true - isis_enable: CUSTOM_NAME - isis_passive: true - node_segment: - ipv4_index: 304 - ipv6_index: 304 -router_isis: - instance: CUSTOM_NAME - log_adjacency_changes: true - net: 49.0001.1000.7000.0004.00 - router_id: 100.70.0.4 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 100.70.0.4 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - router_id: 100.70.0.4 - shutdown: false - transport_address_interface: Loopback0 ethernet_interfaces: - name: Ethernet3 - peer: SITE1-LSR2 - peer_interface: Ethernet3 - peer_type: p - switchport: - enabled: false + description: P2P_SITE1-LSR2_Ethernet3 shutdown: false + speed: forced 40gfull mtu: 9178 - eos_cli: 'link-debounce time 1000 - - ' ip_address: 100.64.48.11/31 ipv6_enable: true isis_enable: CUSTOM_NAME isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_SITE1-LSR2_Ethernet3 - speed: forced 40gfull + peer: SITE1-LSR2 + peer_interface: Ethernet3 + peer_type: p + switchport: + enabled: false + eos_cli: 'link-debounce time 1000 + + ' - name: Ethernet12 + description: P2P_SITE2-LER1_Ethernet11 + shutdown: false + speed: forced 40gfull + channel_group: + id: 12 + mode: active peer: SITE2-LER1 peer_interface: Ethernet11 peer_type: pe +- name: Ethernet13 + description: P2P_SITE2-LER1_Ethernet12 shutdown: false + speed: forced 40gfull channel_group: id: 12 mode: active - description: P2P_SITE2-LER1_Ethernet11 - speed: forced 40gfull -- name: Ethernet13 peer: SITE2-LER1 peer_interface: Ethernet12 peer_type: pe +- name: Ethernet14 + description: P2P_SITE2-LER1_Ethernet13 shutdown: false + speed: forced 40gfull channel_group: - id: 12 + id: 110 mode: active - description: P2P_SITE2-LER1_Ethernet12 - speed: forced 40gfull -- name: Ethernet14 peer: SITE2-LER1 peer_interface: Ethernet13 peer_type: pe +- name: Ethernet15 + description: P2P_SITE2-LER1_Ethernet14 shutdown: false + speed: forced 40gfull channel_group: id: 110 mode: active - description: P2P_SITE2-LER1_Ethernet13 - speed: forced 40gfull -- name: Ethernet15 peer: SITE2-LER1 peer_interface: Ethernet14 peer_type: pe +hostname: SITE2-LSR2 +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - channel_group: - id: 110 - mode: active - description: P2P_SITE2-LER1_Ethernet14 - speed: forced 40gfull + ip_address: 100.70.0.4/32 + ipv6_address: 2000:1234:ffff:ffff::4/128 + mpls: + ldp: + interface: true + isis_enable: CUSTOM_NAME + isis_passive: true + node_segment: + ipv4_index: 304 + ipv6_index: 304 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.4 + shutdown: false + transport_address_interface: Loopback0 port_channel_interfaces: - name: Port-Channel12 - peer: SITE2-LER1 - peer_interface: Port-Channel11 - peer_type: pe - switchport: - enabled: false + description: P2P_SITE2-LER1_Port-Channel11 shutdown: false mtu: 9178 - eos_cli: 'link-debounce time 1600 - - ' - ip_address: 100.64.49.1/30 - ipv6_enable: true + mpls: + ip: true + ldp: + interface: true + igp_sync: true isis_enable: CUSTOM_NAME isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_SITE2-LER1_Port-Channel11 -- name: Port-Channel110 + key: asdadjiwtelogkkdng + mode: md5 + ip_address: 100.64.49.1/30 + ipv6_enable: true peer: SITE2-LER1 - peer_interface: Port-Channel220 + peer_interface: Port-Channel11 peer_type: pe switchport: enabled: false - shutdown: false - mtu: 9178 eos_cli: 'link-debounce time 1600 ' - ip_address: 100.64.49.5/30 - ipv6_enable: true +- name: Port-Channel110 + description: P2P_SITE2-LER1_Port-Channel220 + shutdown: false + mtu: 9178 + mpls: + ip: true + ldp: + interface: true + igp_sync: true isis_enable: CUSTOM_NAME isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: asdadjiwtelogkkdng key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_SITE2-LER1_Port-Channel220 -metadata: - platform: 7280SR + key: asdadjiwtelogkkdng + mode: md5 + ip_address: 100.64.49.5/30 + ipv6_enable: true + peer: SITE2-LER1 + peer_interface: Port-Channel220 + peer_type: pe + switchport: + enabled: false + eos_cli: 'link-debounce time 1600 + + ' +router_isis: + instance: CUSTOM_NAME + net: 49.0001.1000.7000.0004.00 + router_id: 100.70.0.4 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 100.70.0.4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-RR1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-RR1.yml index ab745ca9b71..3ff15cce447 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-RR1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE2-RR1.yml @@ -1,38 +1,134 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "management security\n password encryption-key common\n" +ethernet_interfaces: +- name: Ethernet4 + description: P2P_SITE2-LSR1_Ethernet4 + shutdown: false + speed: forced 40gfull + mtu: 9178 + ip_address: 100.64.48.13/31 + ipv6_enable: true + isis_enable: CORE + isis_metric: 60 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: false + isis_authentication: + both: + key_type: '7' + key: asdadjiwtelogkkdng + mode: md5 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + peer: SITE2-LSR1 + peer_interface: Ethernet4 + peer_type: p + switchport: + enabled: false + eos_cli: 'link-debounce time 1000 + + ' hostname: SITE2-RR1 +ip_routing: true +ipv6_unicast_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 100.70.0.9/32 + ipv6_address: 2000:1234:ffff:ffff::9/128 + mpls: + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 109 + ipv6_index: 109 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 10.30.30.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR3 +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.9 + shutdown: false + transport_address_interface: Loopback0 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 100.70.0.9 - bgp_defaults: - - distance bgp 20 200 200 - - bgp route-reflector preserve-attributes always - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true bgp_cluster_id: 1.1.1.1 + bgp_defaults: + - distance bgp 20 200 200 + - bgp route-reflector preserve-attributes always + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65000' update_source: Loopback0 + route_reflector_client: true bfd: true password: SHsTgDgjVUU5a9blyxSt3Q== send_community: all maximum_routes: 0 - remote_as: '65000' - route_reflector_client: true - name: RR-OVERLAY-PEERS type: mpls + remote_as: '65000' update_source: Loopback0 bfd: true password: 04FdfTXWrEfpDTUc3mlSjg== send_community: all maximum_routes: 0 - remote_as: '65000' + neighbors: + - ip_address: 100.70.0.5 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-LER1 + description: SITE1-LER1_Loopback0 + - ip_address: 100.70.0.6 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE1-LER2 + description: SITE1-LER2_Loopback0 + - ip_address: 100.70.0.7 + peer_group: MPLS-OVERLAY-PEERS + peer: SITE2-LER1 + description: SITE2-LER1_Loopback0 + - ip_address: 100.70.0.8 + peer_group: RR-OVERLAY-PEERS + peer: SITE1-RR1 + description: SITE1-RR1_Loopback0 address_family_evpn: neighbor_default: encapsulation: mpls @@ -59,141 +155,45 @@ router_bgp: activate: true - name: RR-OVERLAY-PEERS activate: true - neighbors: - - ip_address: 100.70.0.5 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-LER1 - description: SITE1-LER1_Loopback0 - - ip_address: 100.70.0.6 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE1-LER2 - description: SITE1-LER2_Loopback0 - - ip_address: 100.70.0.7 - peer_group: MPLS-OVERLAY-PEERS - peer: SITE2-LER1 - description: SITE2-LER1_Loopback0 - - ip_address: 100.70.0.8 - peer_group: RR-OVERLAY-PEERS - peer: SITE1-RR1 - description: SITE1-RR1_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 10.30.30.109/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "management security\n password encryption-key common\n" -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 100.70.0.9/32 - ipv6_address: 2000:1234:ffff:ffff::9/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 109 - ipv6_index: 109 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.1000.7000.0009.00 router_id: 100.70.0.9 is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection + log_adjacency_changes: true mpls_ldp_sync_default: true timers: local_convergence: - delay: 15000 protected_prefixes: true + delay: 15000 advertise: passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection address_family_ipv6: enabled: true maximum_paths: 4 fast_reroute_ti_lfa: mode: link-protection segment_routing_mpls: - router_id: 100.70.0.9 enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true router_id: 100.70.0.9 - shutdown: false - transport_address_interface: Loopback0 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ethernet_interfaces: -- name: Ethernet4 - peer: SITE2-LSR1 - peer_interface: Ethernet4 - peer_type: p - switchport: - enabled: false - shutdown: false - mtu: 9178 - eos_cli: 'link-debounce time 1000 - - ' - ip_address: 100.64.48.13/31 - ipv6_enable: true - isis_enable: CORE - isis_metric: 60 - isis_network_point_to_point: true - isis_hello_padding: false - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: asdadjiwtelogkkdng - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_SITE2-LSR1_Ethernet4 - speed: forced 40gfull -metadata: - platform: 7280SR3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE3-LER1.yml b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE3-LER1.yml index 74fc1d6703f..1bb9049e55e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE3-LER1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/intended/structured_configs/SITE3-LER1.yml @@ -1,44 +1,16 @@ -hostname: SITE3-LER1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "management security\n password encryption-key common\n" +hostname: SITE3-LER1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:00 +ipv6_unicast_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -53,41 +25,69 @@ loopback_interfaces: node_segment: ipv4_index: 210 ipv6_index: 210 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280SR3 +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 100.70.0.10 + shutdown: false + transport_address_interface: Loopback0 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.1000.7000.0010.00 router_id: 100.70.0.10 is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection + log_adjacency_changes: true mpls_ldp_sync_default: true timers: local_convergence: - delay: 15000 protected_prefixes: true + delay: 15000 advertise: passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection address_family_ipv6: enabled: true maximum_paths: 4 fast_reroute_ti_lfa: mode: link-protection segment_routing_mpls: - router_id: 100.70.0.10 enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true router_id: 100.70.0.10 - shutdown: false - transport_address_interface: Loopback0 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:00 -metadata: - platform: 7280SR3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF1A.yml index 00fd42381d4..69650ec4f9c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF1A.yml @@ -1,75 +1,75 @@ -hostname: DC1-POD1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.110.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 8192 +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC1-POD1-LEAF1A_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-POD1-LEAF1A + peer_interface: Ethernet3 + peer_type: l3leaf +hostname: DC1-POD1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-L2LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-POD1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: L2_DC1-POD1-LEAF1A_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_DC1-POD1-LEAF1A_Port-Channel3 + shutdown: false + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: allowed_vlan: '4085' - shutdown: false - service_profile: QOS-PROFILE -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 4085 - tenant: system - name: L2LEAF_INBAND_MGMT +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-L2LEAF1A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 8192 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.110.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4085 description: L2LEAF_INBAND_MGMT shutdown: false ip_address: 172.21.110.4/24 type: inband_mgmt -metadata: - platform: vEOS-LAB +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4085 + name: L2LEAF_INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2A.yml index b5cb7d0856b..85f311d9303 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2A.yml @@ -1,52 +1,129 @@ -hostname: DC1-POD1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.110.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 8192 - no_spanning_tree_vlan: '4094' +eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under l2leaf node-group RACK2_MLAG\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-POD1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-POD1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1.POD1.LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet3 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-POD1-LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet3 + peer_type: l3leaf +hostname: DC1-POD1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true -eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under l2leaf node-group RACK2_MLAG\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: RACK2_MLAG + local_interface: Vlan4094 + peer_address: 172.20.110.3 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-POD1-L2LEAF2B_Port-Channel3 + shutdown: false + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_RACK2_MLAG_Port-Channel3 + shutdown: false + mlag: 1 + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-113,1100-1102,2500,2600-2601,4085 +service_routing_protocols_model: multi-agent snmp_server: location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-L2LEAF2A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 8192 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.110.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 172.20.110.2/31 + no_autostate: true +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT + shutdown: false + ip_address: 172.21.110.5/24 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 110 name: Tenant_A_OP_Zone_1 tenant: Tenant_A @@ -78,85 +155,8 @@ vlans: name: l2vlan_with_no_vxlan tenant: Tenant_A - id: 4085 - tenant: system name: L2LEAF_INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - ip_address: 172.20.110.2/31 -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT - shutdown: false - ip_address: 172.21.110.5/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-POD1-L2LEAF2B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - service_profile: QOS-PROFILE -- name: Port-Channel1 - description: L2_RACK2_MLAG_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-113,1100-1102,2500,2600-2601,4085 - shutdown: false - service_profile: QOS-PROFILE - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-POD1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-POD1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-POD1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-POD1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet3 - peer_type: l3leaf - description: L2_DC1.POD1.LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet3 - peer_type: l3leaf - description: L2_DC1-POD1-LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: RACK2_MLAG - local_interface: Vlan4094 - peer_address: 172.20.110.3 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2B.yml index d28ee65c325..7e76a0e3538 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-L2LEAF2B.yml @@ -1,60 +1,137 @@ -hostname: DC1-POD1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.110.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 8192 - no_spanning_tree_vlan: '4094' +eos_cli: "interface Loopback1003\n description Loopback created from raw_eos_cli under l2leaf node DC1-POD1-L2LEAF2B\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-POD1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-POD1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1.POD1.LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet4 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-POD1-LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet4 + peer_type: l3leaf +hostname: DC1-POD1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.1.12/24 - gateway: 192.168.1.254 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1003\n description Loopback created from raw_eos_cli under l2leaf node DC1-POD1-L2LEAF2B\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: RACK2_MLAG + local_interface: Vlan4094 + peer_address: 172.20.110.2 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-POD1-L2LEAF2A_Port-Channel3 + shutdown: false + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_RACK2_MLAG_Port-Channel3 + shutdown: false + mlag: 1 + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-113,1100-1102,2500,2600-2601,4085 +service_routing_protocols_model: multi-agent snmp_server: location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-L2LEAF2B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 8192 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.110.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 172.20.110.3/31 + no_autostate: true +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT + shutdown: false + ip_address: 172.21.110.6/24 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 110 name: Tenant_A_OP_Zone_1 tenant: Tenant_A @@ -86,85 +163,8 @@ vlans: name: l2vlan_with_no_vxlan tenant: Tenant_A - id: 4085 - tenant: system name: L2LEAF_INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - ip_address: 172.20.110.3/31 -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT - shutdown: false - ip_address: 172.21.110.6/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-POD1-L2LEAF2A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - service_profile: QOS-PROFILE -- name: Port-Channel1 - description: L2_RACK2_MLAG_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-113,1100-1102,2500,2600-2601,4085 - shutdown: false - service_profile: QOS-PROFILE - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-POD1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-POD1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-POD1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-POD1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet4 - peer_type: l3leaf - description: L2_DC1.POD1.LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet4 - peer_type: l3leaf - description: L2_DC1-POD1-LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: RACK2_MLAG - local_interface: Vlan4094 - peer_address: 172.20.110.2 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF1A.yml index ac1e286ee47..9c9d8d17bd1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF1A.yml @@ -1,44 +1,161 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under node DC1-POD1-LEAF1A\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-POD1-SPINE1_Ethernet3 + shutdown: false + ip_address: 172.17.110.1/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-POD1-SPINE2_Ethernet3 + shutdown: false + ip_address: 172.17.110.3/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: L2_DC1-POD1-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet4 + description: P2P_DC1-RS1_Ethernet3 + shutdown: false + ip_address: 172.17.10.4/31 + service_profile: QOS-PROFILE + peer: DC1-RS1 + peer_interface: Ethernet3 + peer_type: overlay-controller + switchport: + enabled: false hostname: DC1-POD1-LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.110.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 172.18.110.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: L2_DC1-POD1-L2LEAF1A_Port-Channel1 + shutdown: false + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '4085' +route_maps: +- name: RM-EVPN-FILTER-AS65200 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65200 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65201 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65201 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65210 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65210 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65211 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65211 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65111.100' router_id: 172.16.110.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - attached_host: - enabled: true updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.110.0 peer_group: IPv4-UNDERLAY-PEERS @@ -58,38 +175,43 @@ router_bgp: bfd: true - ip_address: 172.16.210.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65211' peer: DC2-POD1-LEAF1A description: DC2-POD1-LEAF1A_Loopback0 - remote_as: '65211' route_map_out: RM-EVPN-FILTER-AS65211 - ip_address: 172.16.210.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65210' peer: DC2-POD1-SPINE1 description: DC2-POD1-SPINE1_Loopback0 - remote_as: '65210' route_map_out: RM-EVPN-FILTER-AS65210 - ip_address: 172.16.20.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: DC2-RS1 description: DC2-RS1_Loopback0 - remote_as: '65201' route_map_out: RM-EVPN-FILTER-AS65201 - ip_address: 172.16.200.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: DC2-SUPER-SPINE1 description: DC2-SUPER-SPINE1_Loopback0 - remote_as: '65200' route_map_out: RM-EVPN-FILTER-AS65200 - ip_address: 172.16.110.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65112.100' peer: DC1-POD1-LEAF2B description: DC1-POD1-LEAF2B_Loopback0 - remote_as: '65112.100' - ip_address: 172.16.110.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65112.100' peer: DC1.POD1.LEAF2A description: DC1.POD1.LEAF2A_Loopback0 - remote_as: '65112.100' + redistribute: + attached_host: + enabled: true + connected: + enabled: true address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -102,169 +224,47 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-LEAF1A +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT + shutdown: false + ip_address: 172.21.110.2/24 + ip_virtual_router_addresses: + - 172.21.110.1 + ip_attached_host_route_export: + enabled: true + distance: 19 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true +vlans: +- id: 4085 + name: L2LEAF_INBAND_MGMT + tenant: system vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under node DC1-POD1-LEAF1A\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-POD1-SPINE1_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.1/31 -- name: Ethernet2 - peer: DC1-POD1-SPINE2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-POD1-SPINE2_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.3/31 -- name: Ethernet3 - peer: DC1-POD1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-POD1-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-RS1 - peer_interface: Ethernet3 - peer_type: overlay-controller - description: P2P_DC1-RS1_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.4/31 -port_channel_interfaces: -- name: Port-Channel3 - description: L2_DC1-POD1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '4085' - shutdown: false - service_profile: QOS-PROFILE -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.110.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 172.18.110.3/32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -route_maps: -- name: RM-EVPN-FILTER-AS65200 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65200 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65201 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65201 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65210 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65210 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65211 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65211 - - sequence: 20 - type: permit -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 vxlan_interface: vxlan1: description: DC1-POD1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -vlans: -- id: 4085 - tenant: system - name: L2LEAF_INBAND_MGMT -vlan_interfaces: -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT - shutdown: false - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.2/24 - ip_virtual_router_addresses: - - 172.21.110.1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF2B.yml index 216bf33c707..7ddfa1a464f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-LEAF2B.yml @@ -1,532 +1,291 @@ -hostname: DC1-POD1-LEAF2B -is_deployed: true -router_bgp: - as: '65112.100' - router_id: 172.16.110.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65112.100' - next_hop_self: true - description: DC1.POD1.LEAF2A - password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 5 - - name: EVPN-OVERLAY-CORE - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - neighbors: - - ip_address: 172.20.110.2 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: DC1.POD1.LEAF2A - description: DC1.POD1.LEAF2A_Vlan4094 - - ip_address: 172.17.110.16 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Ethernet5 - - ip_address: 172.17.110.18 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE2 - description: DC1-POD1-SPINE2_Ethernet5 - - ip_address: 172.17.110.20 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Ethernet8 - - ip_address: 172.17.110.22 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE2 - description: DC1-POD1-SPINE2_Ethernet8 - - ip_address: 172.16.110.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-POD1-LEAF1A - description: DC1-POD1-LEAF1A_Loopback0 - remote_as: '65111.100' - route_map_out: RM-EVPN-FILTER-AS65111.100 - - ip_address: 172.16.110.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Loopback0 - remote_as: '65110.100' - route_map_out: RM-EVPN-FILTER-AS65110.100 - - ip_address: 172.16.10.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-RS1 - description: DC1-RS1_Loopback0 - remote_as: '65101' - route_map_out: RM-EVPN-FILTER-AS65101 - - ip_address: 1.1.1.1 - peer_group: EVPN-OVERLAY-CORE - peer: HOSTNAME_NOT_IN_ANSIBLE - description: HOSTNAME_NOT_IN_ANSIBLE - remote_as: '1111' - - ip_address: 11.1.0.39 - remote_as: '65211' - peer: DC2-POD1-LEAF1A - description: DC2-POD1-LEAF1A - peer_group: IPv4-UNDERLAY-PEERS - bfd: true - local_as: '65120' - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: false - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - route: - import_match_failure_action: discard - address_family_rtc: - peer_groups: - - name: EVPN-OVERLAY-CORE - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: Common_VRF - eos_cli: 'comment - - Comment created from raw_eos_cli under BGP for VRF Common_VRF - - EOF - - ' - rd: 172.16.110.5:1025 - route_targets: - import: - - address_family: evpn - route_targets: - - 1025:1025 - export: - - address_family: evpn - route_targets: - - 1025:1025 - router_id: 172.16.110.5 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_dc1_pod1_only - rd: 172.16.110.5:1102 - route_targets: - import: - - address_family: evpn - route_targets: - - 1102:1102 - export: - - address_family: evpn - route_targets: - - 1102:1102 - router_id: 172.16.110.5 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_from_overlapping_pool - rd: 172.16.110.5:1100 - route_targets: - import: - - address_family: evpn - route_targets: - - 1100:1100 - export: - - address_family: evpn - route_targets: - - 1100:1100 - router_id: 172.16.110.5 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_from_pod_pools - rd: 172.16.110.5:1101 - route_targets: - import: - - address_family: evpn - route_targets: - - 1101:1101 - export: - - address_family: evpn - route_targets: - - 1101:1101 - router_id: 172.16.110.5 - redistribute: - connected: - enabled: true - vlans: - - id: 110 - tenant: Tenant_A - rd: 172.16.110.5:99110 - route_targets: - both: - - 99110:99110 - import_export_evpn_domains: - - domain: remote - route_target: 99110:99110 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment +aaa_root: + disabled: true +config_end: true +domain_list: +- structured-config.set.under.vrf.common-vrf +enable_password: + disabled: true +eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under l3leaf node-group RACK2_MLAG\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n description Loopback + created from raw_eos_cli under VRF Common_VRF\n" +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1.POD1.LEAF2A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1.POD1.LEAF2A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-POD1-SPINE1_Ethernet5 + shutdown: false + ip_address: 172.17.110.17/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-POD1-SPINE2_Ethernet5 + shutdown: false + ip_address: 172.17.110.19/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: L2_DC1-POD1-L2LEAF2A_Ethernet2 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet4 + description: L2_DC1-POD1-L2LEAF2B_Ethernet2 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet11 + description: P2P_DC1-POD1-SPINE1_Ethernet8 + shutdown: false + ip_address: 172.17.110.21/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 + peer_interface: Ethernet8 + peer_type: spine + switchport: + enabled: false +- name: Ethernet12 + description: P2P_DC1-POD1-SPINE2_Ethernet8 + shutdown: false + ip_address: 172.17.110.23/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 + peer_interface: Ethernet8 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC2-POD1-LEAF1A_Ethernet7 + shutdown: false + ip_address: 11.1.0.38/31 + ptp: + enable: true + peer: DC2-POD1-LEAF1A + peer_interface: Ethernet7 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet16 + description: SERVER_server-1_Eth2 + shutdown: false + channel_group: + id: 16 + mode: active + peer: server-1 + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp svis inherited from svi profile + Comment created from raw_eos_cli under profile TENANT_A - EOF + EOF - ' - rd_evpn_domain: - domain: remote - rd: 172.16.110.5:99110 - - id: 111 - tenant: Tenant_A - rd: 172.16.110.5:50111 - route_targets: - both: - - 50111:50111 - import_export_evpn_domains: - - domain: remote - route_target: 50111:50111 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment + ' +- name: Ethernet17 + description: Set using structured_config on server adapter + shutdown: false + channel_group: + id: 17 + mode: active + peer: server-1 + peer_interface: Eth4 + peer_type: server + port_profile: TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp svi 111 + Comment created from raw_eos_cli under adapter for switch Eth17 - EOF + EOF - ' - rd_evpn_domain: - domain: remote - rd: 172.16.110.5:50111 - - id: 112 - tenant: Tenant_A - rd: 172.16.110.5:20112 - route_targets: - both: - - 20112:20112 - import_export_evpn_domains: - - domain: remote - route_target: 20112:20112 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment + ' +- name: Ethernet18 + description: SERVER_server-1_Eth6 + shutdown: false + channel_group: + id: 18 + mode: active + peer: server-1 + peer_interface: Eth6 + peer_type: server + port_profile: NESTED_TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp svis inherited from svi parent profile + Comment created from raw_eos_cli under profile NESTED_TENANT_A - EOF + EOF - ' - rd_evpn_domain: - domain: remote - rd: 172.16.110.5:20112 - - id: 2500 - tenant: Tenant_A - rd: 172.16.110.5:2500 - route_targets: - both: - - 2500:2500 - import_export_evpn_domains: - - domain: remote - route_target: 2500:2500 - redistribute_routes: - - learned - rd_evpn_domain: - domain: remote - rd: 172.16.110.5:2500 - - id: 2600 - tenant: Tenant_A - rd: 172.16.110.5:32600 - route_targets: - both: - - 32600:32600 - import_export_evpn_domains: - - domain: remote - route_target: 32600:32600 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment + ' +- name: Ethernet19 + description: SERVER_server-1_Eth8 + shutdown: false + channel_group: + id: 19 + mode: active + peer: server-1 + peer_interface: Eth8 + peer_type: server + port_profile: NESTED_TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp l2vlan 2600 + Comment created from raw_eos_cli under profile NESTED_TENANT_A - EOF + EOF - ' - rd_evpn_domain: - domain: remote - rd: 172.16.110.5:32600 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent + ' +hostname: DC1-POD1-LEAF2B +ip_igmp_snooping: + globally_enabled: true ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false -- name: Common_VRF - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_dc1_pod1_only - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_from_overlapping_pool - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_from_pod_pools - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.9/16 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under l3leaf node-group RACK2_MLAG\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n description Loopback - created from raw_eos_cli under VRF Common_VRF\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-LEAF2B -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 113 - name: SVI_with_no_vxlan - tenant: Tenant_A -- id: 1102 - name: test_svi - tenant: Tenant_A -- id: 1100 - name: test_svi - tenant: Tenant_A -- id: 1101 - name: test_svi - tenant: Tenant_A -- id: 2500 - name: web-l2-vlan - tenant: Tenant_A -- id: 2600 - name: web-l2-vlan-2 - tenant: Tenant_A -- id: 2601 - name: l2vlan_with_no_vxlan - tenant: Tenant_A -- id: 4085 - tenant: system - name: L2LEAF_INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - ip_address: 172.20.110.3/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: set from structured_config on svi (was Tenant_A_OP_Zone_1) - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Common_VRF -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_2 - shutdown: true - ip_address_virtual: 10.1.11.1/24 - vrf: Common_VRF -- name: Vlan112 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_3 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - eos_cli: 'comment - - Comment created from raw_eos_cli under SVI 112 in VRF Common_VRF - - EOF - - ' - ip_address_virtual: 10.1.12.1/24 - vrf: Common_VRF -- name: Vlan113 - tenant: Tenant_A - tags: - - opzone - description: SVI_with_no_vxlan + ip_address: 172.16.110.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE shutdown: false - ip_address_virtual: 10.10.13.1/24 - vrf: Common_VRF -- name: Vlan1102 - tenant: Tenant_A - tags: - - opzone - - web - description: test_svi + ip_address: 172.18.110.4/32 +- name: Loopback102 + description: DIAG_VRF_vrf_with_loopbacks_dc1_pod1_only shutdown: false - ip_address_virtual: 10.102.100.1/24 vrf: vrf_with_loopbacks_dc1_pod1_only -- name: Vlan1100 - tenant: Tenant_A - tags: - - opzone - - web - description: test_svi + ip_address: 10.102.101.5/32 +- name: Loopback100 + description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool shutdown: false - ip_address_virtual: 10.100.100.1/24 vrf: vrf_with_loopbacks_from_overlapping_pool -- name: Vlan1101 - tenant: Tenant_A - tags: - - opzone - - web - description: test_svi + ip_address: 10.100.0.5/32 +- name: Loopback101 + description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools shutdown: false - ip_address_virtual: 10.101.100.1/24 vrf: vrf_with_loopbacks_from_pod_pools -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT + ip_address: 10.101.101.5/32 + ipv6_address: 2001:db8:1::3/128 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT shutdown: false - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.3/24 - ip_virtual_router_addresses: - - 172.21.110.1 + vrf: MGMT + ip_address: 192.168.1.9/16 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: RACK2_MLAG + local_interface: Vlan4094 + peer_address: 172.20.110.2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' port_channel_interfaces: - name: Port-Channel5 description: MLAG_DC1.POD1.LEAF2A_Port-Channel5 + shutdown: false + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - service_profile: QOS-PROFILE - name: Port-Channel3 description: L2_RACK2_MLAG_Port-Channel1 + shutdown: false + mlag: 3 + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-113,1100-1102,2500,2600-2601,4085 - shutdown: false - service_profile: QOS-PROFILE - mlag: 3 - name: Port-Channel16 description: PortChannel shutdown: false + mlag: 16 service_profile: bar switchport: enabled: true mode: access access_vlan: 110 - mlag: 16 - name: Port-Channel17 description: Set using structured_config on server adapter port-channel shutdown: false + mlag: 17 service_profile: foo switchport: enabled: true mode: access access_vlan: 110 - mlag: 17 - name: Port-Channel18 description: PortChannel shutdown: false + mlag: 18 service_profile: foo + switchport: + enabled: true + mode: access + access_vlan: 110 eos_cli: 'comment Comment created from raw_eos_cli under port_channel on profile NESTED_TENANT_A @@ -534,277 +293,530 @@ port_channel_interfaces: EOF ' - switchport: - enabled: true - mode: access - access_vlan: 110 - mlag: 18 - name: Port-Channel19 description: PortChannel shutdown: false + mlag: 19 service_profile: foo + switchport: + enabled: true + mode: access + access_vlan: 110 eos_cli: 'comment - Comment created from raw_eos_cli under adapter port_channel for switch Po19 + Comment created from raw_eos_cli under adapter port_channel for switch Po19 + + EOF + + ' +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-EVPN-FILTER-AS65101 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65101 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65110.100 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65110.100 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65111.100 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65111.100 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65112.100' + router_id: 172.16.110.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65112.100' + description: DC1.POD1.LEAF2A + next_hop_self: true + password: vnEaG8gMeQf3d3cN6PktXQ== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: AQQvKeimxJu+uGQ/yYvv9w== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 5 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + - name: EVPN-OVERLAY-CORE + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 15 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.20.110.2 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: DC1.POD1.LEAF2A + description: DC1.POD1.LEAF2A_Vlan4094 + - ip_address: 172.17.110.16 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Ethernet5 + - ip_address: 172.17.110.18 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE2 + description: DC1-POD1-SPINE2_Ethernet5 + - ip_address: 172.17.110.20 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Ethernet8 + - ip_address: 172.17.110.22 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE2 + description: DC1-POD1-SPINE2_Ethernet8 + - ip_address: 172.16.110.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111.100' + peer: DC1-POD1-LEAF1A + description: DC1-POD1-LEAF1A_Loopback0 + route_map_out: RM-EVPN-FILTER-AS65111.100 + - ip_address: 172.16.110.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Loopback0 + route_map_out: RM-EVPN-FILTER-AS65110.100 + - ip_address: 172.16.10.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-RS1 + description: DC1-RS1_Loopback0 + route_map_out: RM-EVPN-FILTER-AS65101 + - ip_address: 1.1.1.1 + peer_group: EVPN-OVERLAY-CORE + remote_as: '1111' + peer: HOSTNAME_NOT_IN_ANSIBLE + description: HOSTNAME_NOT_IN_ANSIBLE + - ip_address: 11.1.0.39 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65211' + local_as: '65120' + peer: DC2-POD1-LEAF1A + description: DC2-POD1-LEAF1A + bfd: true + redistribute: + attached_host: + enabled: true + connected: + enabled: true + vlans: + - id: 110 + tenant: Tenant_A + rd: 172.16.110.5:99110 + rd_evpn_domain: + domain: remote + rd: 172.16.110.5:99110 + route_targets: + both: + - 99110:99110 + import_export_evpn_domains: + - domain: remote + route_target: 99110:99110 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp svis inherited from svi profile + + EOF + + ' + - id: 111 + tenant: Tenant_A + rd: 172.16.110.5:50111 + rd_evpn_domain: + domain: remote + rd: 172.16.110.5:50111 + route_targets: + both: + - 50111:50111 + import_export_evpn_domains: + - domain: remote + route_target: 50111:50111 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp svi 111 + + EOF + + ' + - id: 112 + tenant: Tenant_A + rd: 172.16.110.5:20112 + rd_evpn_domain: + domain: remote + rd: 172.16.110.5:20112 + route_targets: + both: + - 20112:20112 + import_export_evpn_domains: + - domain: remote + route_target: 20112:20112 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp svis inherited from svi parent profile + + EOF + + ' + - id: 2500 + tenant: Tenant_A + rd: 172.16.110.5:2500 + rd_evpn_domain: + domain: remote + rd: 172.16.110.5:2500 + route_targets: + both: + - 2500:2500 + import_export_evpn_domains: + - domain: remote + route_target: 2500:2500 + redistribute_routes: + - learned + - id: 2600 + tenant: Tenant_A + rd: 172.16.110.5:32600 + rd_evpn_domain: + domain: remote + rd: 172.16.110.5:32600 + route_targets: + both: + - 32600:32600 + import_export_evpn_domains: + - domain: remote + route_target: 32600:32600 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp l2vlan 2600 - EOF + EOF - ' - switchport: - enabled: true - mode: access - access_vlan: 110 - mlag: 19 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1.POD1.LEAF2A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1.POD1.LEAF2A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-POD1-SPINE1_Ethernet5 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.17/31 -- name: Ethernet2 - peer: DC1-POD1-SPINE2 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-POD1-SPINE2_Ethernet5 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.19/31 -- name: Ethernet3 - peer: DC1-POD1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-POD1-L2LEAF2A_Ethernet2 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-POD1-L2LEAF2B - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-POD1-L2LEAF2B_Ethernet2 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet11 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet8 - peer_type: spine - description: P2P_DC1-POD1-SPINE1_Ethernet8 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.21/31 -- name: Ethernet12 - peer: DC1-POD1-SPINE2 - peer_interface: Ethernet8 - peer_type: spine - description: P2P_DC1-POD1-SPINE2_Ethernet8 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.23/31 -- name: Ethernet7 - peer: DC2-POD1-LEAF1A - peer_interface: Ethernet7 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - ip_address: 11.1.0.38/31 - ptp: - enable: true - description: P2P_DC2-POD1-LEAF1A_Ethernet7 -- name: Ethernet16 - peer: server-1 - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: SERVER_server-1_Eth2 - shutdown: false - eos_cli: 'comment + ' + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: false + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + route: + import_match_failure_action: discard + address_family_rtc: + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: Common_VRF + rd: 172.16.110.5:1025 + route_targets: + import: + - address_family: evpn + route_targets: + - 1025:1025 + export: + - address_family: evpn + route_targets: + - 1025:1025 + router_id: 172.16.110.5 + redistribute: + connected: + enabled: true + eos_cli: 'comment - Comment created from raw_eos_cli under profile TENANT_A + Comment created from raw_eos_cli under BGP for VRF Common_VRF - EOF + EOF - ' - channel_group: - id: 16 - mode: active -- name: Ethernet17 - peer: server-1 - peer_interface: Eth4 - peer_type: server - port_profile: TENANT_A - description: Set using structured_config on server adapter + ' + - name: vrf_with_loopbacks_dc1_pod1_only + rd: 172.16.110.5:1102 + route_targets: + import: + - address_family: evpn + route_targets: + - 1102:1102 + export: + - address_family: evpn + route_targets: + - 1102:1102 + router_id: 172.16.110.5 + redistribute: + connected: + enabled: true + - name: vrf_with_loopbacks_from_overlapping_pool + rd: 172.16.110.5:1100 + route_targets: + import: + - address_family: evpn + route_targets: + - 1100:1100 + export: + - address_family: evpn + route_targets: + - 1100:1100 + router_id: 172.16.110.5 + redistribute: + connected: + enabled: true + - name: vrf_with_loopbacks_from_pod_pools + rd: 172.16.110.5:1101 + route_targets: + import: + - address_family: evpn + route_targets: + - 1101:1101 + export: + - address_family: evpn + route_targets: + - 1101:1101 + router_id: 172.16.110.5 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-LEAF2B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: vrf_with_loopbacks_dc1_pod1_only + ip_address: 10.102.101.5 +- name: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.5 +- name: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.101.5 + ipv6_address: 2001:db8:1::3 +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - eos_cli: 'comment - - Comment created from raw_eos_cli under adapter for switch Eth17 - - EOF - - ' - channel_group: - id: 17 - mode: active -- name: Ethernet18 - peer: server-1 - peer_interface: Eth6 - peer_type: server - port_profile: NESTED_TENANT_A - description: SERVER_server-1_Eth6 + ip_address: 172.20.110.3/31 + no_autostate: true +- name: Vlan110 + description: set from structured_config on svi (was Tenant_A_OP_Zone_1) shutdown: false - eos_cli: 'comment - - Comment created from raw_eos_cli under profile NESTED_TENANT_A - - EOF - - ' - channel_group: - id: 18 - mode: active -- name: Ethernet19 - peer: server-1 - peer_interface: Eth8 - peer_type: server - port_profile: NESTED_TENANT_A - description: SERVER_server-1_Eth8 + vrf: Common_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: Tenant_A_OP_Zone_2 + shutdown: true + vrf: Common_VRF + ip_address_virtual: 10.1.11.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan112 + description: Tenant_A_OP_Zone_3 shutdown: false + vrf: Common_VRF + ip_address_virtual: 10.1.12.1/24 + tenant: Tenant_A + tags: + - opzone eos_cli: 'comment - Comment created from raw_eos_cli under profile NESTED_TENANT_A + Comment created from raw_eos_cli under SVI 112 in VRF Common_VRF EOF ' - channel_group: - id: 19 - mode: active -mlag_configuration: - domain_id: RACK2_MLAG - local_interface: Vlan4094 - peer_address: 172.20.110.2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-EVPN-FILTER-AS65101 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65101 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65110.100 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65110.100 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65111.100 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65111.100 - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.110.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE +- name: Vlan113 + description: SVI_with_no_vxlan shutdown: false - ip_address: 172.18.110.4/32 -- name: Loopback102 - description: DIAG_VRF_vrf_with_loopbacks_dc1_pod1_only + vrf: Common_VRF + ip_address_virtual: 10.10.13.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan1102 + description: test_svi shutdown: false vrf: vrf_with_loopbacks_dc1_pod1_only - ip_address: 10.102.101.5/32 -- name: Loopback100 - description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool + ip_address_virtual: 10.102.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +- name: Vlan1100 + description: test_svi shutdown: false vrf: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.5/32 -- name: Loopback101 - description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools + ip_address_virtual: 10.100.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +- name: Vlan1101 + description: test_svi shutdown: false vrf: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.101.5/32 - ipv6_address: 2001:db8:1::3/128 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 + ip_address_virtual: 10.101.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT + shutdown: false + ip_address: 172.21.110.3/24 + ip_virtual_router_addresses: + - 172.21.110.1 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 113 + name: SVI_with_no_vxlan + tenant: Tenant_A +- id: 1102 + name: test_svi + tenant: Tenant_A +- id: 1100 + name: test_svi + tenant: Tenant_A +- id: 1101 + name: test_svi + tenant: Tenant_A +- id: 2500 + name: web-l2-vlan + tenant: Tenant_A +- id: 2600 + name: web-l2-vlan-2 + tenant: Tenant_A +- id: 2601 + name: l2vlan_with_no_vxlan + tenant: Tenant_A +- id: 4085 + name: L2LEAF_INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: Common_VRF + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_dc1_pod1_only + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_from_overlapping_pool + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_from_pod_pools + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-POD1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 110 @@ -826,15 +838,3 @@ vxlan_interface: vni: 1100 - name: vrf_with_loopbacks_from_pod_pools vni: 1101 -virtual_source_nat_vrfs: -- name: vrf_with_loopbacks_dc1_pod1_only - ip_address: 10.102.101.5 -- name: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.5 -- name: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.101.5 - ipv6_address: 2001:db8:1::3 -metadata: - platform: vEOS-LAB -domain_list: -- structured-config.set.under.vrf.common-vrf diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE1.yml index 533eac9b64a..8b85a8bdd9a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE1.yml @@ -1,42 +1,204 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SUPER-SPINE1_Ethernet1 + shutdown: false + ip_address: 172.16.11.1/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE1 + peer_interface: Ethernet1 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SUPER-SPINE2_Ethernet1 + shutdown: false + ip_address: 172.16.11.65/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE2 + peer_interface: Ethernet1 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-POD1-LEAF1A_Ethernet1 + shutdown: false + ip_address: 172.17.110.0/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1.POD1.LEAF2A_Ethernet1 + shutdown: false + ip_address: 172.17.110.8/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-POD1-LEAF2B_Ethernet1 + shutdown: false + ip_address: 172.17.110.16/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_DC1-RS1_Ethernet2 + shutdown: false + ip_address: 172.17.10.2/31 + service_profile: QOS-PROFILE + peer: DC1-RS1 + peer_interface: Ethernet2 + peer_type: overlay-controller + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1.POD1.LEAF2A_Ethernet11 + shutdown: false + ip_address: 172.17.110.12/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet11 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet8 + description: P2P_DC1-POD1-LEAF2B_Ethernet11 + shutdown: false + ip_address: 172.17.110.20/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet11 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-POD1-SPINE1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.110.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB +route_maps: +- name: RM-EVPN-FILTER-AS65200 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65200 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65201 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65201 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65210 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65210 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65211 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65211 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65110.100' router_id: 172.16.110.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.16.11.0 peer_group: IPv4-UNDERLAY-PEERS @@ -81,38 +243,41 @@ router_bgp: description: DC1-POD1-LEAF2B_Ethernet11 - ip_address: 172.16.210.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65211' peer: DC2-POD1-LEAF1A description: DC2-POD1-LEAF1A_Loopback0 - remote_as: '65211' route_map_out: RM-EVPN-FILTER-AS65211 - ip_address: 172.16.210.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65210' peer: DC2-POD1-SPINE1 description: DC2-POD1-SPINE1_Loopback0 - remote_as: '65210' route_map_out: RM-EVPN-FILTER-AS65210 - ip_address: 172.16.20.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: DC2-RS1 description: DC2-RS1_Loopback0 - remote_as: '65201' route_map_out: RM-EVPN-FILTER-AS65201 - ip_address: 172.16.200.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: DC2-SUPER-SPINE1 description: DC2-SUPER-SPINE1_Loopback0 - remote_as: '65200' route_map_out: RM-EVPN-FILTER-AS65200 - ip_address: 172.16.110.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65112.100' peer: DC1-POD1-LEAF2B description: DC1-POD1-LEAF2B_Loopback0 - remote_as: '65112.100' - ip_address: 172.16.110.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65112.100' peer: DC1.POD1.LEAF2A description: DC1.POD1.LEAF2A_Loopback0 - remote_as: '65112.100' + redistribute: + connected: + enabled: true address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -123,192 +288,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-SPINE1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-SPINE1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SUPER-SPINE1 - peer_interface: Ethernet1 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE1_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.11.1/31 -- name: Ethernet2 - peer: DC1-SUPER-SPINE2 - peer_interface: Ethernet1 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE2_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.11.65/31 -- name: Ethernet3 - peer: DC1-POD1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-POD1-LEAF1A_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.0/31 -- name: Ethernet4 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1.POD1.LEAF2A_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.8/31 -- name: Ethernet5 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-POD1-LEAF2B_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.16/31 -- name: Ethernet6 - peer: DC1-RS1 - peer_interface: Ethernet2 - peer_type: overlay-controller - description: P2P_DC1-RS1_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.2/31 -- name: Ethernet7 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet11 - peer_type: l3leaf - description: P2P_DC1.POD1.LEAF2A_Ethernet11 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.12/31 -- name: Ethernet8 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet11 - peer_type: l3leaf - description: P2P_DC1-POD1-LEAF2B_Ethernet11 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.20/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.110.1/32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -route_maps: -- name: RM-EVPN-FILTER-AS65200 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65200 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65201 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65201 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65210 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65210 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65211 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65211 - - sequence: 20 - type: permit -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE2.yml index 3d8e5de8649..72ab30388b4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD1-SPINE2.yml @@ -1,214 +1,214 @@ -hostname: DC1-POD1-SPINE2 -is_deployed: true -serial_number: DEADBEEFC0FFEE -router_bgp: - as: '65110.100' - router_id: 172.16.110.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 172.16.11.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: DC1-SUPER-SPINE1 - description: DC1-SUPER-SPINE1_Ethernet2 - - ip_address: 172.16.11.66 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: DC1-SUPER-SPINE2 - description: DC1-SUPER-SPINE2_Ethernet2 - - ip_address: 172.17.110.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65111.100' - peer: DC1-POD1-LEAF1A - description: DC1-POD1-LEAF1A_Ethernet2 - - ip_address: 172.17.110.11 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65112.100' - peer: DC1.POD1.LEAF2A - description: DC1.POD1.LEAF2A_Ethernet2 - - ip_address: 172.17.110.19 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65112.100' - peer: DC1-POD1-LEAF2B - description: DC1-POD1-LEAF2B_Ethernet2 - - ip_address: 172.17.110.15 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65112.100' - peer: DC1.POD1.LEAF2A - description: DC1.POD1.LEAF2A_Ethernet12 - - ip_address: 172.17.110.23 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65112.100' - peer: DC1-POD1-LEAF2B - description: DC1-POD1-LEAF2B_Ethernet12 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.6/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-SPINE2 ethernet_interfaces: - name: Ethernet1 - peer: DC1-SUPER-SPINE1 - peer_interface: Ethernet2 - peer_type: super-spine description: P2P_DC1-SUPER-SPINE1_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.11.3/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.11.3/31 -- name: Ethernet2 - peer: DC1-SUPER-SPINE2 + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE1 peer_interface: Ethernet2 peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SUPER-SPINE2_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.11.67/31 mac_security: profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE2 + peer_interface: Ethernet2 + peer_type: super-spine switchport: enabled: false +- name: Ethernet3 + description: P2P_DC1-POD1-LEAF1A_Ethernet2 + shutdown: false + ip_address: 172.17.110.2/31 + mac_security: + profile: MACSEC_PROFILE ptp: enable: true - ip_address: 172.16.11.67/31 -- name: Ethernet3 + service_profile: QOS-PROFILE peer: DC1-POD1-LEAF1A peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_DC1-POD1-LEAF1A_Ethernet2 + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1.POD1.LEAF2A_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.17.110.10/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.17.110.2/31 -- name: Ethernet4 + service_profile: QOS-PROFILE peer: DC1.POD1.LEAF2A peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_DC1.POD1.LEAF2A_Ethernet2 + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-POD1-LEAF2B_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.17.110.18/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.17.110.10/31 -- name: Ethernet5 + service_profile: QOS-PROFILE peer: DC1-POD1-LEAF2B peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_DC1-POD1-LEAF2B_Ethernet2 + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1.POD1.LEAF2A_Ethernet12 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.17.110.14/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.17.110.18/31 -- name: Ethernet7 + service_profile: QOS-PROFILE peer: DC1.POD1.LEAF2A peer_interface: Ethernet12 peer_type: l3leaf - description: P2P_DC1.POD1.LEAF2A_Ethernet12 + switchport: + enabled: false +- name: Ethernet8 + description: P2P_DC1-POD1-LEAF2B_Ethernet12 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.17.110.22/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.17.110.14/31 -- name: Ethernet8 + service_profile: QOS-PROFILE peer: DC1-POD1-LEAF2B peer_interface: Ethernet12 peer_type: l3leaf - description: P2P_DC1-POD1-LEAF2B_Ethernet12 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE switchport: enabled: false - ptp: - enable: true - ip_address: 172.17.110.22/31 +hostname: DC1-POD1-SPINE2 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 172.16.110.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.6/24 + type: oob + gateway: 192.168.1.254 metadata: platform: vEOS-LAB +router_bgp: + as: '65110.100' + router_id: 172.16.110.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: AQQvKeimxJu+uGQ/yYvv9w== + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 172.16.11.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: DC1-SUPER-SPINE1 + description: DC1-SUPER-SPINE1_Ethernet2 + - ip_address: 172.16.11.66 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: DC1-SUPER-SPINE2 + description: DC1-SUPER-SPINE2_Ethernet2 + - ip_address: 172.17.110.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65111.100' + peer: DC1-POD1-LEAF1A + description: DC1-POD1-LEAF1A_Ethernet2 + - ip_address: 172.17.110.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65112.100' + peer: DC1.POD1.LEAF2A + description: DC1.POD1.LEAF2A_Ethernet2 + - ip_address: 172.17.110.19 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65112.100' + peer: DC1-POD1-LEAF2B + description: DC1-POD1-LEAF2B_Ethernet2 + - ip_address: 172.17.110.15 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65112.100' + peer: DC1.POD1.LEAF2A + description: DC1.POD1.LEAF2A_Ethernet12 + - ip_address: 172.17.110.23 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65112.100' + peer: DC1-POD1-LEAF2B + description: DC1-POD1-LEAF2B_Ethernet12 + redistribute: + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1-POD1-SPINE2 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +serial_number: DEADBEEFC0FFEE diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-LEAF1A.yml index b88f2869dd7..96883712216 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-LEAF1A.yml @@ -1,42 +1,150 @@ +aaa_root: + disabled: true +config_end: true +domain_list: +- structured-config.set.under.vrf.common-vrf +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n + \ description Loopback created from raw_eos_cli under VRF Common_VRF\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-POD2-SPINE1_Ethernet3 + shutdown: false + ip_address: 172.17.120.1/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-POD2-SPINE2_Ethernet3 + shutdown: false + ip_address: 172.17.120.3/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-RS2_Ethernet3 + shutdown: false + ip_address: 172.17.10.12/31 + service_profile: QOS-PROFILE + peer: DC1-RS2 + peer_interface: Ethernet3 + peer_type: overlay-controller + switchport: + enabled: false hostname: DC1-POD2-LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.120.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 172.18.120.3/32 +- name: Loopback100 + description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool + shutdown: false + vrf: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.3/32 +- name: Loopback101 + description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools + shutdown: false + vrf: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.102.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.15/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.120.0/24 eq 32 + - sequence: 20 + action: permit 172.18.120.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-EVPN-FILTER-AS65120 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65120 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65121' router_id: 172.16.120.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.120.0 peer_group: IPv4-UNDERLAY-PEERS @@ -56,94 +164,20 @@ router_bgp: bfd: true - ip_address: 172.16.120.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65120' peer: DC1-POD2-SPINE1 description: DC1-POD2-SPINE1_Loopback0 - remote_as: '65120' route_map_out: RM-EVPN-FILTER-AS65120 - ip_address: 172.16.120.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65120' peer: DC1-POD2-SPINE2 description: DC1-POD2-SPINE2_Loopback0 - remote_as: '65120' route_map_out: RM-EVPN-FILTER-AS65120 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - route: - import_match_failure_action: discard - address_family_rtc: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: Common_VRF - eos_cli: 'comment - - Comment created from raw_eos_cli under BGP for VRF Common_VRF - - EOF - - ' - rd: 172.16.120.3:1025 - route_targets: - import: - - address_family: evpn - route_targets: - - 1025:1025 - export: - - address_family: evpn - route_targets: - - 1025:1025 - router_id: 172.16.120.3 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_dc1_pod1_only - rd: 172.16.120.3:1102 - route_targets: - import: - - address_family: evpn - route_targets: - - 1102:1102 - export: - - address_family: evpn - route_targets: - - 1102:1102 - router_id: 172.16.120.3 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_from_overlapping_pool - rd: 172.16.120.3:1100 - route_targets: - import: - - address_family: evpn - route_targets: - - 1100:1100 - export: - - address_family: evpn - route_targets: - - 1100:1100 - router_id: 172.16.120.3 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_from_pod_pools - rd: 172.16.120.3:1101 - route_targets: - import: - - address_family: evpn - route_targets: - - 1101:1101 - export: - - address_family: evpn - route_targets: - - 1101:1101 - router_id: 172.16.120.3 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 110 tenant: Tenant_A @@ -217,204 +251,130 @@ router_bgp: EOF ' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -- name: Common_VRF - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_dc1_pod1_only - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_from_overlapping_pool - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_from_pod_pools - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.15/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n - \ description Loopback created from raw_eos_cli under VRF Common_VRF\n" + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + route: + import_match_failure_action: discard + address_family_rtc: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Common_VRF + rd: 172.16.120.3:1025 + route_targets: + import: + - address_family: evpn + route_targets: + - 1025:1025 + export: + - address_family: evpn + route_targets: + - 1025:1025 + router_id: 172.16.120.3 + redistribute: + connected: + enabled: true + eos_cli: 'comment + + Comment created from raw_eos_cli under BGP for VRF Common_VRF + + EOF + + ' + - name: vrf_with_loopbacks_dc1_pod1_only + rd: 172.16.120.3:1102 + route_targets: + import: + - address_family: evpn + route_targets: + - 1102:1102 + export: + - address_family: evpn + route_targets: + - 1102:1102 + router_id: 172.16.120.3 + redistribute: + connected: + enabled: true + - name: vrf_with_loopbacks_from_overlapping_pool + rd: 172.16.120.3:1100 + route_targets: + import: + - address_family: evpn + route_targets: + - 1100:1100 + export: + - address_family: evpn + route_targets: + - 1100:1100 + router_id: 172.16.120.3 + redistribute: + connected: + enabled: true + - name: vrf_with_loopbacks_from_pod_pools + rd: 172.16.120.3:1101 + route_targets: + import: + - address_family: evpn + route_targets: + - 1101:1101 + export: + - address_family: evpn + route_targets: + - 1101:1101 + router_id: 172.16.120.3 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent snmp_server: location: TWODC_5STAGE_CLOS DC1 DC1_POD2 DC1-POD2-LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-POD2-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-POD2-SPINE1_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.120.1/31 -- name: Ethernet2 - peer: DC1-POD2-SPINE2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-POD2-SPINE2_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.120.3/31 -- name: Ethernet3 - peer: DC1-RS2 - peer_interface: Ethernet3 - peer_type: overlay-controller - description: P2P_DC1-RS2_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.12/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.120.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 172.18.120.3/32 -- name: Loopback100 - description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool - shutdown: false - vrf: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.3/32 -- name: Loopback101 - description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools - shutdown: false - vrf: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.102.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.120.0/24 eq 32 - - sequence: 20 - action: permit 172.18.120.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-EVPN-FILTER-AS65120 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65120 - - sequence: 20 - type: permit -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 113 - name: SVI_with_no_vxlan - tenant: Tenant_A -- id: 1102 - name: test_svi - tenant: Tenant_A -- id: 1100 - name: test_svi - tenant: Tenant_A -- id: 1101 - name: test_svi - tenant: Tenant_A -- id: 2500 - name: web-l2-vlan - tenant: Tenant_A -- id: 2600 - name: web-l2-vlan-2 - tenant: Tenant_A -- id: 2601 - name: l2vlan_with_no_vxlan - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.3 +- name: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.102.3 vlan_interfaces: - name: Vlan110 - tenant: Tenant_A - tags: - - opzone description: set from structured_config on svi (was Tenant_A_OP_Zone_1) shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Common_VRF -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: true - ip_address_virtual: 10.1.11.1/24 vrf: Common_VRF -- name: Vlan112 + ip_address_virtual: 10.1.11.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan112 description: Tenant_A_OP_Zone_3 shutdown: false + vrf: Common_VRF + ip_address_virtual: 10.1.12.1/24 + tenant: Tenant_A + tags: + - opzone eos_cli: 'comment Comment created from raw_eos_cli under SVI 112 in VRF Common_VRF @@ -422,49 +382,98 @@ vlan_interfaces: EOF ' - ip_address_virtual: 10.1.12.1/24 - vrf: Common_VRF - name: Vlan113 - tenant: Tenant_A - tags: - - opzone description: SVI_with_no_vxlan shutdown: false - ip_address_virtual: 10.10.13.1/24 vrf: Common_VRF -- name: Vlan1102 + ip_address_virtual: 10.10.13.1/24 tenant: Tenant_A tags: - opzone - - web +- name: Vlan1102 description: test_svi shutdown: false - ip_address_virtual: 10.102.100.1/24 vrf: vrf_with_loopbacks_dc1_pod1_only -- name: Vlan1100 + ip_address_virtual: 10.102.100.1/24 tenant: Tenant_A tags: - opzone - web +- name: Vlan1100 description: test_svi shutdown: false - ip_address_virtual: 10.100.100.1/24 vrf: vrf_with_loopbacks_from_overlapping_pool -- name: Vlan1101 + ip_address_virtual: 10.100.100.1/24 tenant: Tenant_A tags: - opzone - web +- name: Vlan1101 description: test_svi shutdown: false - ip_address_virtual: 10.101.100.1/24 vrf: vrf_with_loopbacks_from_pod_pools + ip_address_virtual: 10.101.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 113 + name: SVI_with_no_vxlan + tenant: Tenant_A +- id: 1102 + name: test_svi + tenant: Tenant_A +- id: 1100 + name: test_svi + tenant: Tenant_A +- id: 1101 + name: test_svi + tenant: Tenant_A +- id: 2500 + name: web-l2-vlan + tenant: Tenant_A +- id: 2600 + name: web-l2-vlan-2 + tenant: Tenant_A +- id: 2601 + name: l2vlan_with_no_vxlan + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Common_VRF + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_dc1_pod1_only + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_from_overlapping_pool + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_from_pod_pools + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-POD2-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 110 vni: 10110 @@ -485,12 +494,3 @@ vxlan_interface: vni: 1100 - name: vrf_with_loopbacks_from_pod_pools vni: 1101 -virtual_source_nat_vrfs: -- name: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.3 -- name: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.102.3 -metadata: - platform: vEOS-LAB -domain_list: -- structured-config.set.under.vrf.common-vrf diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE1.yml index 7f51d23d5a7..9451f3a2a77 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE1.yml @@ -1,43 +1,144 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SUPER-SPINE1_Ethernet3 + shutdown: false + ip_address: 172.16.12.1/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE1 + peer_interface: Ethernet3 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SUPER-SPINE2_Ethernet3 + shutdown: false + ip_address: 172.16.12.65/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE2 + peer_interface: Ethernet3 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-POD2-LEAF1A_Ethernet1 + shutdown: false + ip_address: 172.17.120.0/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD2-LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-RS2_Ethernet2 + shutdown: false + ip_address: 172.17.10.10/31 + service_profile: QOS-PROFILE + peer: DC1-RS2 + peer_interface: Ethernet2 + peer_type: overlay-controller + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC2-POD1-SPINE1_Ethernet5 + shutdown: false + ip_address: 11.1.1.18/31 + peer: DC2-POD1-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false hostname: DC1-POD2-SPINE1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.120.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.13/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.120.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65120' router_id: 172.16.120.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.16.12.0 peer_group: IPv4-UNDERLAY-PEERS @@ -62,14 +163,18 @@ router_bgp: bfd: true - ip_address: 172.16.120.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65121' peer: DC1-POD2-LEAF1A description: DC1-POD2-LEAF1A_Loopback0 - remote_as: '65121' - ip_address: 11.1.1.19 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65210' peer: DC2-POD1-SPINE1 description: DC2-POD1-SPINE1 - peer_group: IPv4-UNDERLAY-PEERS + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -80,132 +185,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD2 DC1-POD2-SPINE1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.13/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD2 DC1-POD2-SPINE1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SUPER-SPINE1 - peer_interface: Ethernet3 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE1_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.12.1/31 -- name: Ethernet2 - peer: DC1-SUPER-SPINE2 - peer_interface: Ethernet3 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE2_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.12.65/31 -- name: Ethernet3 - peer: DC1-POD2-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-POD2-LEAF1A_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.120.0/31 -- name: Ethernet4 - peer: DC1-RS2 - peer_interface: Ethernet2 - peer_type: overlay-controller - description: P2P_DC1-RS2_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.10/31 -- name: Ethernet5 - peer: DC2-POD1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - switchport: - enabled: false - shutdown: false - ip_address: 11.1.1.18/31 - description: P2P_DC2-POD1-SPINE1_Ethernet5 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.120.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.120.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE2.yml index 24dbb6ca8fd..c80582564e2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-POD2-SPINE2.yml @@ -1,43 +1,136 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SUPER-SPINE1_Ethernet4 + shutdown: false + ip_address: 172.16.12.3/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE1 + peer_interface: Ethernet4 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SUPER-SPINE2_Ethernet4 + shutdown: false + ip_address: 172.16.12.67/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE2 + peer_interface: Ethernet4 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-POD2-LEAF1A_Ethernet2 + shutdown: false + ip_address: 172.17.120.2/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD2-LEAF1A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC2-POD1-SPINE2_Ethernet5 + shutdown: false + ip_address: 200.200.200.101/24 + ptp: + enable: true + peer: DC2-POD1-SPINE2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false hostname: DC1-POD2-SPINE2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.120.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.14/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.120.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65120' router_id: 172.16.120.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.16.12.2 peer_group: IPv4-UNDERLAY-PEERS @@ -56,16 +149,20 @@ router_bgp: description: DC1-POD2-LEAF1A_Ethernet2 - ip_address: 172.16.120.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65121' peer: DC1-POD2-LEAF1A description: DC1-POD2-LEAF1A_Loopback0 - remote_as: '65121' - ip_address: 200.200.200.201 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65210' + local_as: '65112' peer: DC2-POD1-SPINE2 description: DC2-POD1-SPINE2 - peer_group: IPv4-UNDERLAY-PEERS bfd: false - local_as: '65112' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -76,124 +173,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD2 DC1-POD2-SPINE2 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.14/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD2 DC1-POD2-SPINE2 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SUPER-SPINE1 - peer_interface: Ethernet4 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE1_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.12.3/31 -- name: Ethernet2 - peer: DC1-SUPER-SPINE2 - peer_interface: Ethernet4 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE2_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.12.67/31 -- name: Ethernet3 - peer: DC1-POD2-LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_DC1-POD2-LEAF1A_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.120.2/31 -- name: Ethernet4 - peer: DC2-POD1-SPINE2 - peer_interface: Ethernet5 - peer_type: spine - switchport: - enabled: false - shutdown: false - ip_address: 200.200.200.101/24 - ptp: - enable: true - description: P2P_DC2-POD1-SPINE2_Ethernet5 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.120.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.120.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS1.yml index 222c5c9f0e2..3d9f93daa32 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS1.yml @@ -1,43 +1,137 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SUPER-SPINE1_Ethernet5 + shutdown: false + ip_address: 172.17.10.1/31 + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE1 + peer_interface: Ethernet5 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-POD1-SPINE1_Ethernet6 + shutdown: false + ip_address: 172.17.10.3/31 + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-POD1-LEAF1A_Ethernet4 + shutdown: false + ip_address: 172.17.10.5/31 + service_profile: QOS-PROFILE + peer: DC1-POD1-LEAF1A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-RS1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.10.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.10.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-EVPN-FILTER-AS65200 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65200 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65201 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65201 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65210 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65210 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65211 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65211 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 172.16.10.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.10.0 peer_group: IPv4-UNDERLAY-PEERS @@ -59,38 +153,42 @@ router_bgp: bfd: true - ip_address: 172.16.210.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65211' peer: DC2-POD1-LEAF1A description: DC2-POD1-LEAF1A_Loopback0 - remote_as: '65211' route_map_out: RM-EVPN-FILTER-AS65211 - ip_address: 172.16.210.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65210' peer: DC2-POD1-SPINE1 description: DC2-POD1-SPINE1_Loopback0 - remote_as: '65210' route_map_out: RM-EVPN-FILTER-AS65210 - ip_address: 172.16.20.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: DC2-RS1 description: DC2-RS1_Loopback0 - remote_as: '65201' route_map_out: RM-EVPN-FILTER-AS65201 - ip_address: 172.16.200.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: DC2-SUPER-SPINE1 description: DC2-SUPER-SPINE1_Loopback0 - remote_as: '65200' route_map_out: RM-EVPN-FILTER-AS65200 - ip_address: 172.16.110.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65112.100' peer: DC1-POD1-LEAF2B description: DC1-POD1-LEAF2B_Loopback0 - remote_as: '65112.100' - ip_address: 172.16.110.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65112.100' peer: DC1.POD1.LEAF2A description: DC1.POD1.LEAF2A_Loopback0 - remote_as: '65112.100' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -101,125 +199,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1-RS1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1-RS1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SUPER-SPINE1 - peer_interface: Ethernet5 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE1_Ethernet5 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.1/31 -- name: Ethernet2 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-POD1-SPINE1_Ethernet6 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.3/31 -- name: Ethernet3 - peer: DC1-POD1-LEAF1A - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_DC1-POD1-LEAF1A_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.5/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.10.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.10.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-EVPN-FILTER-AS65200 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65200 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65201 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65201 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65210 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65210 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65211 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65211 - - sequence: 20 - type: permit -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS2.yml index d3169fe1001..6ea8aec19be 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-RS2.yml @@ -1,43 +1,145 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SUPER-SPINE2_Ethernet5 + shutdown: false + ip_address: 172.17.10.9/31 + service_profile: QOS-PROFILE + peer: DC1-SUPER-SPINE2 + peer_interface: Ethernet5 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-POD2-SPINE1_Ethernet4 + shutdown: false + ip_address: 172.17.10.11/31 + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-POD2-LEAF1A_Ethernet3 + shutdown: false + ip_address: 172.17.10.13/31 + service_profile: QOS-PROFILE + peer: DC1-POD2-LEAF1A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-RS2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.10.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.4/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.10.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-EVPN-FILTER-AS65200 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65200 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65201 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65201 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65210 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65210 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65211 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65211 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 172.16.10.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.10.8 peer_group: IPv4-UNDERLAY-PEERS @@ -59,28 +161,32 @@ router_bgp: bfd: true - ip_address: 172.16.210.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65211' peer: DC2-POD1-LEAF1A description: DC2-POD1-LEAF1A_Loopback0 - remote_as: '65211' route_map_out: RM-EVPN-FILTER-AS65211 - ip_address: 172.16.210.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65210' peer: DC2-POD1-SPINE1 description: DC2-POD1-SPINE1_Loopback0 - remote_as: '65210' route_map_out: RM-EVPN-FILTER-AS65210 - ip_address: 172.16.20.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: DC2-RS1 description: DC2-RS1_Loopback0 - remote_as: '65201' route_map_out: RM-EVPN-FILTER-AS65201 - ip_address: 172.16.200.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: DC2-SUPER-SPINE1 description: DC2-SUPER-SPINE1_Loopback0 - remote_as: '65200' route_map_out: RM-EVPN-FILTER-AS65200 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -91,133 +197,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1-RS2 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.4/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1-RS2 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SUPER-SPINE2 - peer_interface: Ethernet5 - peer_type: super-spine - description: P2P_DC1-SUPER-SPINE2_Ethernet5 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.9/31 -- name: Ethernet2 - peer: DC1-POD2-SPINE1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-POD2-SPINE1_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.11/31 -- name: Ethernet3 - peer: DC1-POD2-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_DC1-POD2-LEAF1A_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.10.13/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.10.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.10.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-EVPN-FILTER-AS65200 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65200 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65201 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65201 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65210 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65210 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65211 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65211 - - sequence: 20 - type: permit -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE1.yml index bad6a3c60ea..05689406030 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE1.yml @@ -1,185 +1,109 @@ -hostname: DC1-SUPER-SPINE1 -is_deployed: true -router_bgp: - as: '65100' - router_id: 172.16.100.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 172.16.11.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Ethernet1 - - ip_address: 172.16.11.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE2 - description: DC1-POD1-SPINE2_Ethernet1 - - ip_address: 172.16.12.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65120' - peer: DC1-POD2-SPINE1 - description: DC1-POD2-SPINE1_Ethernet1 - - ip_address: 172.16.12.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65120' - peer: DC1-POD2-SPINE2 - description: DC1-POD2-SPINE2_Ethernet1 - - ip_address: 172.17.10.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: DC1-RS1 - description: DC1-RS1_Ethernet1 - bfd: true - - ip_address: 11.1.2.1 - remote_as: '65200' - peer: DC2-SUPER-SPINE1 - description: DC2-SUPER-SPINE1 - peer_group: IPv4-UNDERLAY-PEERS - bfd: false -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1-SUPER-SPINE1 ethernet_interfaces: - name: Ethernet1 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_DC1-POD1-SPINE1_Ethernet1 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.11.0/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.11.0/31 -- name: Ethernet2 - peer: DC1-POD1-SPINE2 + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-POD1-SPINE2_Ethernet1 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.11.2/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.11.2/31 -- name: Ethernet3 - peer: DC1-POD2-SPINE1 + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-POD2-SPINE1_Ethernet1 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.12.0/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.12.0/31 -- name: Ethernet4 - peer: DC1-POD2-SPINE2 + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-POD2-SPINE2_Ethernet1 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.12.2/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.12.2/31 -- name: Ethernet5 - peer: DC1-RS1 + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE2 peer_interface: Ethernet1 - peer_type: overlay-controller + peer_type: spine + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-RS1_Ethernet1 shutdown: false + ip_address: 172.17.10.0/31 service_profile: QOS-PROFILE + peer: DC1-RS1 + peer_interface: Ethernet1 + peer_type: overlay-controller switchport: enabled: false - ip_address: 172.17.10.0/31 - name: Ethernet6 + description: P2P_DC2-SUPER-SPINE1_Ethernet4 + shutdown: false + ip_address: 11.1.2.0/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true peer: DC2-SUPER-SPINE1 peer_interface: Ethernet4 peer_type: super-spine switchport: enabled: false - shutdown: false - ip_address: 11.1.2.0/31 - ptp: - enable: true - mac_security: - profile: MACSEC_PROFILE - description: P2P_DC2-SUPER-SPINE1_Ethernet4 +hostname: DC1-SUPER-SPINE1 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 172.16.100.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -192,5 +116,81 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -metadata: - platform: vEOS-LAB +router_bgp: + as: '65100' + router_id: 172.16.100.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: AQQvKeimxJu+uGQ/yYvv9w== + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 172.16.11.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Ethernet1 + - ip_address: 172.16.11.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE2 + description: DC1-POD1-SPINE2_Ethernet1 + - ip_address: 172.16.12.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65120' + peer: DC1-POD2-SPINE1 + description: DC1-POD2-SPINE1_Ethernet1 + - ip_address: 172.16.12.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65120' + peer: DC1-POD2-SPINE2 + description: DC1-POD2-SPINE2_Ethernet1 + - ip_address: 172.17.10.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: DC1-RS1 + description: DC1-RS1_Ethernet1 + bfd: true + - ip_address: 11.1.2.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: DC2-SUPER-SPINE1 + description: DC2-SUPER-SPINE1 + bfd: false + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1-SUPER-SPINE1 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE2.yml index dc9e12c6343..69359bcdaec 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1-SUPER-SPINE2.yml @@ -1,188 +1,113 @@ -hostname: DC1-SUPER-SPINE2 -is_deployed: true -router_bgp: - as: '65100' - router_id: 172.16.100.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 172.16.11.65 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Ethernet2 - - ip_address: 172.16.11.67 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE2 - description: DC1-POD1-SPINE2_Ethernet2 - - ip_address: 172.16.12.65 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65120' - peer: DC1-POD2-SPINE1 - description: DC1-POD2-SPINE1_Ethernet2 - - ip_address: 172.16.12.67 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65120' - peer: DC1-POD2-SPINE2 - description: DC1-POD2-SPINE2_Ethernet2 - - ip_address: 172.17.10.9 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-RS2 - description: DC1-RS2_Ethernet1 - bfd: true - - ip_address: 11.1.2.3 - remote_as: '65200' - peer: DC2-SUPER-SPINE2 - description: DC2-SUPER-SPINE2 - peer_group: IPv4-UNDERLAY-PEERS -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.2/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1-SUPER-SPINE2 ethernet_interfaces: - name: Ethernet1 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine description: P2P_DC1-POD1-SPINE1_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.11.64/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.11.64/31 -- name: Ethernet2 - peer: DC1-POD1-SPINE2 + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-POD1-SPINE2_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.11.66/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.11.66/31 -- name: Ethernet3 - peer: DC1-POD2-SPINE1 + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-POD2-SPINE1_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.12.64/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.12.64/31 -- name: Ethernet4 - peer: DC1-POD2-SPINE2 + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE1 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-POD2-SPINE2_Ethernet2 shutdown: false - service_profile: QOS-PROFILE + ip_address: 172.16.12.66/31 mac_security: profile: MACSEC_PROFILE - switchport: - enabled: false ptp: enable: true - ip_address: 172.16.12.66/31 + service_profile: QOS-PROFILE + peer: DC1-POD2-SPINE2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false - name: Ethernet5 - peer: DC1-RS2 - peer_interface: Ethernet1 - peer_type: overlay-controller description: P2P_DC1-RS2_Ethernet1 shutdown: false + ip_address: 172.17.10.8/31 service_profile: QOS-PROFILE + peer: DC1-RS2 + peer_interface: Ethernet1 + peer_type: overlay-controller switchport: enabled: false - ip_address: 172.17.10.8/31 - name: Ethernet6 + description: P2P_DC2-SUPER-SPINE2_Ethernet4 + shutdown: false + ip_address: 11.1.2.2/31 peer: DC2-SUPER-SPINE2 peer_interface: Ethernet4 peer_type: super-spine switchport: enabled: false - shutdown: false - ip_address: 11.1.2.2/31 - description: P2P_DC2-SUPER-SPINE2_Ethernet4 +hostname: DC1-SUPER-SPINE2 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 172.16.100.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.2/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -195,5 +120,80 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -metadata: - platform: vEOS-LAB +router_bgp: + as: '65100' + router_id: 172.16.100.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: AQQvKeimxJu+uGQ/yYvv9w== + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 172.16.11.65 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Ethernet2 + - ip_address: 172.16.11.67 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE2 + description: DC1-POD1-SPINE2_Ethernet2 + - ip_address: 172.16.12.65 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65120' + peer: DC1-POD2-SPINE1 + description: DC1-POD2-SPINE1_Ethernet2 + - ip_address: 172.16.12.67 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65120' + peer: DC1-POD2-SPINE2 + description: DC1-POD2-SPINE2_Ethernet2 + - ip_address: 172.17.10.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-RS2 + description: DC1-RS2_Ethernet1 + bfd: true + - ip_address: 11.1.2.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: DC2-SUPER-SPINE2 + description: DC2-SUPER-SPINE2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1-SUPER-SPINE2 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1.POD1.LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1.POD1.LEAF2A.yml index 89de4f7ba60..4bcfd733e6f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1.POD1.LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC1.POD1.LEAF2A.yml @@ -1,492 +1,286 @@ -hostname: DC1.POD1.LEAF2A -is_deployed: true -router_bgp: - as: '65112.100' - router_id: 172.16.110.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65112.100' - next_hop_self: true - description: DC1-POD1-LEAF2B - password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: AQQvKeimxJu+uGQ/yYvv9w== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 5 - - name: EVPN-OVERLAY-CORE - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - neighbors: - - ip_address: 172.20.110.3 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: DC1-POD1-LEAF2B - description: DC1-POD1-LEAF2B_Vlan4094 - - ip_address: 172.17.110.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Ethernet4 - - ip_address: 172.17.110.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE2 - description: DC1-POD1-SPINE2_Ethernet4 - - ip_address: 172.17.110.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Ethernet7 - - ip_address: 172.17.110.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65110.100' - peer: DC1-POD1-SPINE2 - description: DC1-POD1-SPINE2_Ethernet7 - - ip_address: 172.16.110.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-POD1-LEAF1A - description: DC1-POD1-LEAF1A_Loopback0 - remote_as: '65111.100' - route_map_out: RM-EVPN-FILTER-AS65111.100 - - ip_address: 172.16.110.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-POD1-SPINE1 - description: DC1-POD1-SPINE1_Loopback0 - remote_as: '65110.100' - route_map_out: RM-EVPN-FILTER-AS65110.100 - - ip_address: 172.16.10.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-RS1 - description: DC1-RS1_Loopback0 - remote_as: '65101' - route_map_out: RM-EVPN-FILTER-AS65101 - - ip_address: 172.16.120.3 - peer_group: EVPN-OVERLAY-CORE - peer: DC1-POD2-LEAF1A - description: DC1-POD2-LEAF1A_Loopback0 - remote_as: '65121' - - ip_address: 100.100.100.201 - remote_as: '65211' - peer: DC2-POD1-LEAF1A - description: DC2-POD1-LEAF1A - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - route: - import_match_failure_action: discard - address_family_rtc: - peer_groups: - - name: EVPN-OVERLAY-CORE - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: Common_VRF - eos_cli: 'comment - - Comment created from raw_eos_cli under BGP for VRF Common_VRF - - EOF - - ' - rd: 172.16.110.4:1025 - route_targets: - import: - - address_family: evpn - route_targets: - - 1025:1025 - export: - - address_family: evpn - route_targets: - - 1025:1025 - router_id: 172.16.110.4 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_dc1_pod1_only - rd: 172.16.110.4:1102 - route_targets: - import: - - address_family: evpn - route_targets: - - 1102:1102 - export: - - address_family: evpn - route_targets: - - 1102:1102 - router_id: 172.16.110.4 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_from_overlapping_pool - rd: 172.16.110.4:1100 - route_targets: - import: - - address_family: evpn - route_targets: - - 1100:1100 - export: - - address_family: evpn - route_targets: - - 1100:1100 - router_id: 172.16.110.4 - redistribute: - connected: - enabled: true - - name: vrf_with_loopbacks_from_pod_pools - rd: 172.16.110.4:1101 - route_targets: - import: - - address_family: evpn - route_targets: - - 1101:1101 - export: - - address_family: evpn - route_targets: - - 1101:1101 - router_id: 172.16.110.4 - redistribute: - connected: - enabled: true - vlans: - - id: 110 - tenant: Tenant_A - rd: 172.16.110.4:99110 - route_targets: - both: - - 99110:99110 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment - - comment created from raw_eos_cli under router bgp svis inherited from svi profile - - EOF - - ' - - id: 111 - tenant: Tenant_A - rd: 172.16.110.4:50111 - route_targets: - both: - - 50111:50111 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment +aaa_root: + disabled: true +config_end: true +domain_list: +- structured-config.set.on.node +- structured-config.set.under.vrf.common-vrf +enable_password: + disabled: true +eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under l3leaf node-group RACK2_MLAG\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n description Loopback + created from raw_eos_cli under VRF Common_VRF\n" +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-POD1-LEAF2B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-POD1-LEAF2B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-POD1-SPINE1_Ethernet4 + shutdown: false + ip_address: 172.17.110.9/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-POD1-SPINE2_Ethernet4 + shutdown: false + ip_address: 172.17.110.11/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: L2_DC1-POD1-L2LEAF2A_Ethernet1 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet4 + description: L2_DC1-POD1-L2LEAF2B_Ethernet1 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-POD1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet11 + description: P2P_DC1-POD1-SPINE1_Ethernet7 + shutdown: false + ip_address: 172.17.110.13/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE1 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet12 + description: P2P_DC1-POD1-SPINE2_Ethernet7 + shutdown: false + ip_address: 172.17.110.15/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC1-POD1-SPINE2 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC2-POD1-LEAF1A_Ethernet6 + shutdown: false + ip_address: 100.100.100.101/24 + peer: DC2-POD1-LEAF1A + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet16 + description: SERVER_server-1_Eth1 + shutdown: false + channel_group: + id: 16 + mode: active + peer: server-1 + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp svi 111 + Comment created from raw_eos_cli under profile TENANT_A - EOF + EOF - ' - - id: 112 - tenant: Tenant_A - rd: 172.16.110.4:20112 - route_targets: - both: - - 20112:20112 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment + ' +- name: Ethernet17 + description: Set using structured_config on server adapter + shutdown: false + channel_group: + id: 17 + mode: active + peer: server-1 + peer_interface: Eth3 + peer_type: server + port_profile: TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp svis inherited from svi parent profile + Comment created from raw_eos_cli under adapter for switch Eth17 - EOF + EOF - ' - - id: 2500 - tenant: Tenant_A - rd: 172.16.110.4:2500 - route_targets: - both: - - 2500:2500 - redistribute_routes: - - learned - - id: 2600 - tenant: Tenant_A - rd: 172.16.110.4:32600 - route_targets: - both: - - 32600:32600 - redistribute_routes: - - learned - - router-mac system - eos_cli: 'comment + ' +- name: Ethernet18 + description: SERVER_server-1_Eth5 + shutdown: false + channel_group: + id: 18 + mode: active + peer: server-1 + peer_interface: Eth5 + peer_type: server + port_profile: NESTED_TENANT_A + eos_cli: 'comment - comment created from raw_eos_cli under router bgp l2vlan 2600 + Comment created from raw_eos_cli under profile NESTED_TENANT_A - EOF + EOF - ' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent + ' +- name: Ethernet19 + description: SERVER_server-1_Eth7 + shutdown: false + channel_group: + id: 19 + mode: active + peer: server-1 + peer_interface: Eth7 + peer_type: server + port_profile: NESTED_TENANT_A + eos_cli: 'comment + + Comment created from raw_eos_cli under profile NESTED_TENANT_A + + EOF + + ' +hostname: DC1.POD1.LEAF2A +ip_igmp_snooping: + globally_enabled: true ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false -- name: Common_VRF - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_dc1_pod1_only - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_from_overlapping_pool - tenant: Tenant_A - ip_routing: true -- name: vrf_with_loopbacks_from_pod_pools - tenant: Tenant_A - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1002\n description Loopback created from raw_eos_cli under l3leaf node-group RACK2_MLAG\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n description Loopback - created from raw_eos_cli under VRF Common_VRF\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1.POD1.LEAF2A -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 113 - name: SVI_with_no_vxlan - tenant: Tenant_A -- id: 1102 - name: test_svi - tenant: Tenant_A -- id: 1100 - name: test_svi - tenant: Tenant_A -- id: 1101 - name: test_svi - tenant: Tenant_A -- id: 2500 - name: web-l2-vlan - tenant: Tenant_A -- id: 2600 - name: web-l2-vlan-2 - tenant: Tenant_A -- id: 2601 - name: l2vlan_with_no_vxlan - tenant: Tenant_A -- id: 4085 - tenant: system - name: L2LEAF_INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - ip_address: 172.20.110.2/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: set from structured_config on svi for DC1.POD1.LEAF2A (was Tenant_A_OP_Zone_1) - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Common_VRF -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_2 - shutdown: true - ip_address_virtual: 10.1.11.1/24 - vrf: Common_VRF -- name: Vlan112 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_3 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - eos_cli: 'comment - - Comment created from raw_eos_cli under SVI 112 in VRF Common_VRF - - EOF - - ' - ip_address_virtual: 10.1.12.1/24 - vrf: Common_VRF -- name: Vlan113 - tenant: Tenant_A - tags: - - opzone - description: SVI_with_no_vxlan + ip_address: 172.16.110.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE shutdown: false - ip_address_virtual: 10.10.13.1/24 - vrf: Common_VRF -- name: Vlan1102 - tenant: Tenant_A - tags: - - opzone - - web - description: test_svi + ip_address: 172.18.110.4/32 +- name: Loopback102 + description: DIAG_VRF_vrf_with_loopbacks_dc1_pod1_only shutdown: false - ip_address_virtual: 10.102.100.1/24 vrf: vrf_with_loopbacks_dc1_pod1_only -- name: Vlan1100 - tenant: Tenant_A - tags: - - opzone - - web - description: test_svi - shutdown: false - ip_address_virtual: 10.100.100.1/24 - vrf: vrf_with_loopbacks_from_overlapping_pool -- name: Vlan1101 - tenant: Tenant_A - tags: - - opzone - - web - description: test_svi + ip_address: 10.102.101.4/32 +- name: Loopback100 + description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool shutdown: false - ip_address_virtual: 10.101.100.1/24 - vrf: vrf_with_loopbacks_from_pod_pools -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT + vrf: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.4/32 +- name: Loopback101 + description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools shutdown: false - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.2/24 - ip_virtual_router_addresses: - - 172.21.110.1 + vrf: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.101.4/32 + ipv6_address: 2001:db8:1::2/128 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: RACK2_MLAG + local_interface: Vlan4094 + peer_address: 172.20.110.3 + peer_address_heartbeat: + peer_ip: 192.168.1.9 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' port_channel_interfaces: - name: Port-Channel5 description: MLAG_DC1-POD1-LEAF2B_Port-Channel5 + shutdown: false + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - service_profile: QOS-PROFILE - name: Port-Channel3 description: L2_RACK2_MLAG_Port-Channel1 + shutdown: false + mlag: 3 + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-113,1100-1102,2500,2600-2601,4085 - shutdown: false - service_profile: QOS-PROFILE - mlag: 3 - name: Port-Channel16 description: PortChannel shutdown: false + mlag: 16 service_profile: bar switchport: enabled: true mode: access access_vlan: 110 - mlag: 16 - name: Port-Channel17 description: Set using structured_config on server adapter port-channel shutdown: false + mlag: 17 service_profile: foo switchport: enabled: true mode: access access_vlan: 110 - mlag: 17 - name: Port-Channel18 description: PortChannel shutdown: false + mlag: 18 service_profile: foo + switchport: + enabled: true + mode: access + access_vlan: 110 eos_cli: 'comment Comment created from raw_eos_cli under port_channel on profile NESTED_TENANT_A @@ -494,279 +288,498 @@ port_channel_interfaces: EOF ' - switchport: - enabled: true - mode: access - access_vlan: 110 - mlag: 18 - name: Port-Channel19 description: PortChannel shutdown: false + mlag: 19 service_profile: foo + switchport: + enabled: true + mode: access + access_vlan: 110 eos_cli: 'comment - Comment created from raw_eos_cli under adapter port_channel for switch Po19 + Comment created from raw_eos_cli under adapter port_channel for switch Po19 + + EOF + + ' +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-EVPN-FILTER-AS65101 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65101 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65110.100 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65110.100 + - sequence: 20 + type: permit +- name: RM-EVPN-FILTER-AS65111.100 + sequence_numbers: + - sequence: 10 + type: deny + match: + - as 65111.100 + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65112.100' + router_id: 172.16.110.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65112.100' + description: DC1-POD1-LEAF2B + next_hop_self: true + password: vnEaG8gMeQf3d3cN6PktXQ== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: AQQvKeimxJu+uGQ/yYvv9w== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 5 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + - name: EVPN-OVERLAY-CORE + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 15 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.20.110.3 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: DC1-POD1-LEAF2B + description: DC1-POD1-LEAF2B_Vlan4094 + - ip_address: 172.17.110.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Ethernet4 + - ip_address: 172.17.110.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE2 + description: DC1-POD1-SPINE2_Ethernet4 + - ip_address: 172.17.110.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Ethernet7 + - ip_address: 172.17.110.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE2 + description: DC1-POD1-SPINE2_Ethernet7 + - ip_address: 172.16.110.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111.100' + peer: DC1-POD1-LEAF1A + description: DC1-POD1-LEAF1A_Loopback0 + route_map_out: RM-EVPN-FILTER-AS65111.100 + - ip_address: 172.16.110.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110.100' + peer: DC1-POD1-SPINE1 + description: DC1-POD1-SPINE1_Loopback0 + route_map_out: RM-EVPN-FILTER-AS65110.100 + - ip_address: 172.16.10.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-RS1 + description: DC1-RS1_Loopback0 + route_map_out: RM-EVPN-FILTER-AS65101 + - ip_address: 172.16.120.3 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65121' + peer: DC1-POD2-LEAF1A + description: DC1-POD2-LEAF1A_Loopback0 + - ip_address: 100.100.100.201 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65211' + peer: DC2-POD1-LEAF1A + description: DC2-POD1-LEAF1A + redistribute: + attached_host: + enabled: true + connected: + enabled: true + vlans: + - id: 110 + tenant: Tenant_A + rd: 172.16.110.4:99110 + route_targets: + both: + - 99110:99110 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp svis inherited from svi profile + + EOF + + ' + - id: 111 + tenant: Tenant_A + rd: 172.16.110.4:50111 + route_targets: + both: + - 50111:50111 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp svi 111 + + EOF + + ' + - id: 112 + tenant: Tenant_A + rd: 172.16.110.4:20112 + route_targets: + both: + - 20112:20112 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp svis inherited from svi parent profile + + EOF + + ' + - id: 2500 + tenant: Tenant_A + rd: 172.16.110.4:2500 + route_targets: + both: + - 2500:2500 + redistribute_routes: + - learned + - id: 2600 + tenant: Tenant_A + rd: 172.16.110.4:32600 + route_targets: + both: + - 32600:32600 + redistribute_routes: + - learned + - router-mac system + eos_cli: 'comment + + comment created from raw_eos_cli under router bgp l2vlan 2600 - EOF + EOF - ' - switchport: - enabled: true - mode: access - access_vlan: 110 - mlag: 19 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-POD1-LEAF2B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-POD1-LEAF2B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-POD1-SPINE1_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.9/31 -- name: Ethernet2 - peer: DC1-POD1-SPINE2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-POD1-SPINE2_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.11/31 -- name: Ethernet3 - peer: DC1-POD1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-POD1-L2LEAF2A_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-POD1-L2LEAF2B - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-POD1-L2LEAF2B_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet11 - peer: DC1-POD1-SPINE1 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-POD1-SPINE1_Ethernet7 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.13/31 -- name: Ethernet12 - peer: DC1-POD1-SPINE2 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-POD1-SPINE2_Ethernet7 - shutdown: false - service_profile: QOS-PROFILE - mac_security: - profile: MACSEC_PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.110.15/31 -- name: Ethernet7 - peer: DC2-POD1-LEAF1A - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - ip_address: 100.100.100.101/24 - description: P2P_DC2-POD1-LEAF1A_Ethernet6 -- name: Ethernet16 - peer: server-1 - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: SERVER_server-1_Eth1 - shutdown: false - eos_cli: 'comment + ' + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + route: + import_match_failure_action: discard + address_family_rtc: + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: Common_VRF + rd: 172.16.110.4:1025 + route_targets: + import: + - address_family: evpn + route_targets: + - 1025:1025 + export: + - address_family: evpn + route_targets: + - 1025:1025 + router_id: 172.16.110.4 + redistribute: + connected: + enabled: true + eos_cli: 'comment - Comment created from raw_eos_cli under profile TENANT_A + Comment created from raw_eos_cli under BGP for VRF Common_VRF - EOF + EOF - ' - channel_group: - id: 16 - mode: active -- name: Ethernet17 - peer: server-1 - peer_interface: Eth3 - peer_type: server - port_profile: TENANT_A - description: Set using structured_config on server adapter + ' + - name: vrf_with_loopbacks_dc1_pod1_only + rd: 172.16.110.4:1102 + route_targets: + import: + - address_family: evpn + route_targets: + - 1102:1102 + export: + - address_family: evpn + route_targets: + - 1102:1102 + router_id: 172.16.110.4 + redistribute: + connected: + enabled: true + - name: vrf_with_loopbacks_from_overlapping_pool + rd: 172.16.110.4:1100 + route_targets: + import: + - address_family: evpn + route_targets: + - 1100:1100 + export: + - address_family: evpn + route_targets: + - 1100:1100 + router_id: 172.16.110.4 + redistribute: + connected: + enabled: true + - name: vrf_with_loopbacks_from_pod_pools + rd: 172.16.110.4:1101 + route_targets: + import: + - address_family: evpn + route_targets: + - 1101:1101 + export: + - address_family: evpn + route_targets: + - 1101:1101 + router_id: 172.16.110.4 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC1 DC1_POD1 DC1.POD1.LEAF2A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: vrf_with_loopbacks_dc1_pod1_only + ip_address: 10.102.101.4 +- name: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.4 +- name: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.101.4 + ipv6_address: 2001:db8:1::2 +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - eos_cli: 'comment - - Comment created from raw_eos_cli under adapter for switch Eth17 - - EOF - - ' - channel_group: - id: 17 - mode: active -- name: Ethernet18 - peer: server-1 - peer_interface: Eth5 - peer_type: server - port_profile: NESTED_TENANT_A - description: SERVER_server-1_Eth5 + ip_address: 172.20.110.2/31 + no_autostate: true +- name: Vlan110 + description: set from structured_config on svi for DC1.POD1.LEAF2A (was Tenant_A_OP_Zone_1) shutdown: false - eos_cli: 'comment - - Comment created from raw_eos_cli under profile NESTED_TENANT_A - - EOF - - ' - channel_group: - id: 18 - mode: active -- name: Ethernet19 - peer: server-1 - peer_interface: Eth7 - peer_type: server - port_profile: NESTED_TENANT_A - description: SERVER_server-1_Eth7 + vrf: Common_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: Tenant_A_OP_Zone_2 + shutdown: true + vrf: Common_VRF + ip_address_virtual: 10.1.11.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan112 + description: Tenant_A_OP_Zone_3 shutdown: false + vrf: Common_VRF + ip_address_virtual: 10.1.12.1/24 + tenant: Tenant_A + tags: + - opzone eos_cli: 'comment - Comment created from raw_eos_cli under profile NESTED_TENANT_A + Comment created from raw_eos_cli under SVI 112 in VRF Common_VRF EOF ' - channel_group: - id: 19 - mode: active -mlag_configuration: - domain_id: RACK2_MLAG - local_interface: Vlan4094 - peer_address: 172.20.110.3 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.1.9 - vrf: MGMT - dual_primary_detection_delay: 5 -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-EVPN-FILTER-AS65101 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65101 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65110.100 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65110.100 - - sequence: 20 - type: permit -- name: RM-EVPN-FILTER-AS65111.100 - sequence_numbers: - - sequence: 10 - type: deny - match: - - as 65111.100 - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.110.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE +- name: Vlan113 + description: SVI_with_no_vxlan shutdown: false - ip_address: 172.18.110.4/32 -- name: Loopback102 - description: DIAG_VRF_vrf_with_loopbacks_dc1_pod1_only + vrf: Common_VRF + ip_address_virtual: 10.10.13.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan1102 + description: test_svi shutdown: false vrf: vrf_with_loopbacks_dc1_pod1_only - ip_address: 10.102.101.4/32 -- name: Loopback100 - description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool + ip_address_virtual: 10.102.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +- name: Vlan1100 + description: test_svi shutdown: false vrf: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.4/32 -- name: Loopback101 - description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools + ip_address_virtual: 10.100.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +- name: Vlan1101 + description: test_svi shutdown: false vrf: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.101.4/32 - ipv6_address: 2001:db8:1::2/128 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 + ip_address_virtual: 10.101.100.1/24 + tenant: Tenant_A + tags: + - opzone + - web +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT + shutdown: false + ip_address: 172.21.110.2/24 + ip_virtual_router_addresses: + - 172.21.110.1 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 113 + name: SVI_with_no_vxlan + tenant: Tenant_A +- id: 1102 + name: test_svi + tenant: Tenant_A +- id: 1100 + name: test_svi + tenant: Tenant_A +- id: 1101 + name: test_svi + tenant: Tenant_A +- id: 2500 + name: web-l2-vlan + tenant: Tenant_A +- id: 2600 + name: web-l2-vlan-2 + tenant: Tenant_A +- id: 2601 + name: l2vlan_with_no_vxlan + tenant: Tenant_A +- id: 4085 + name: L2LEAF_INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: Common_VRF + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_dc1_pod1_only + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_from_overlapping_pool + ip_routing: true + tenant: Tenant_A +- name: vrf_with_loopbacks_from_pod_pools + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1.POD1.LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 110 @@ -788,16 +801,3 @@ vxlan_interface: vni: 1100 - name: vrf_with_loopbacks_from_pod_pools vni: 1101 -virtual_source_nat_vrfs: -- name: vrf_with_loopbacks_dc1_pod1_only - ip_address: 10.102.101.4 -- name: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.4 -- name: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.101.4 - ipv6_address: 2001:db8:1::2 -metadata: - platform: vEOS-LAB -domain_list: -- structured-config.set.on.node -- structured-config.set.under.vrf.common-vrf diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF1A.yml index ecd7da5f31f..a9ebd982112 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF1A.yml @@ -1,84 +1,84 @@ -hostname: DC2-POD1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.210.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 8192 +eos_cli: "interface Loopback1011\n description Loopback created from raw_eos_cli under l2leaf defaults in DC2 POD1\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC2-POD1-LEAF1A_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC2-POD1-LEAF1A + peer_interface: Ethernet3 + peer_type: l3leaf +hostname: DC2-POD1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.1.23/24 - gateway: 192.168.1.254 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1011\n description Loopback created from raw_eos_cli under l2leaf defaults in DC2 POD1\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-L2LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-POD1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: L2_DC2-POD1-LEAF1A_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_DC2-POD1-LEAF1A_Port-Channel3 + shutdown: false + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: allowed_vlan: '4092' - shutdown: false - service_profile: QOS-PROFILE -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-L2LEAF1A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 8192 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.210.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4092 description: Inband Management shutdown: false ip_address: 172.21.210.4/24 type: inband_mgmt -metadata: - platform: vEOS-LAB +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF2A.yml index b95c098c919..7bf770242f1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-L2LEAF2A.yml @@ -1,84 +1,84 @@ -hostname: DC2-POD1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.210.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 8192 +eos_cli: "interface Loopback1011\n description Loopback created from raw_eos_cli under l2leaf defaults in DC2 POD1\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC2-POD1-LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC2-POD1-LEAF2A + peer_interface: Ethernet3 + peer_type: l3leaf +hostname: DC2-POD1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true local_users: - name: admin privilege: 15 role: network-admin sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ no_password: true -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.1.25/24 - gateway: 192.168.1.254 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1011\n description Loopback created from raw_eos_cli under l2leaf defaults in DC2 POD1\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-L2LEAF2A -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-POD1-LEAF2A - peer_interface: Ethernet3 - peer_type: l3leaf - description: L2_DC2-POD1-LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 1 - mode: active + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_DC2-POD1-LEAF2A_Port-Channel3 + shutdown: false + service_profile: QOS-PROFILE switchport: enabled: true mode: trunk trunk: allowed_vlan: '4092' - shutdown: false - service_profile: QOS-PROFILE -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-L2LEAF2A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 8192 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +- destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.210.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4092 description: Inband Management shutdown: false ip_address: 172.21.210.5/24 type: inband_mgmt -metadata: - platform: vEOS-LAB +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF1A.yml index 467398a46d3..19922bfa6e6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF1A.yml @@ -1,43 +1,175 @@ +aaa_root: + disabled: true +config_end: true +domain_list: +- structured-config.set.under.vrf.common-vrf +enable_password: + disabled: true +eos_cli: "interface Loopback1010\n description Loopback created from raw_eos_cli under l3leaf defaults in DC2 POD1\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n description Loopback + created from raw_eos_cli under VRF Common_VRF\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC2-POD1-SPINE1_Ethernet3 + shutdown: false + ip_address: 172.17.210.1/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-POD1-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC2-POD1-SPINE2_Ethernet3 + shutdown: false + ip_address: 172.17.210.3/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-POD1-SPINE2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: L2_DC2-POD1-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC2-POD1-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_DC1.POD1.LEAF2A_Ethernet7 + shutdown: false + ip_address: 100.100.100.201/24 + peer: DC1.POD1.LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC1-POD1-LEAF2B_Ethernet7 + shutdown: false + ip_address: 11.1.0.39/31 + ptp: + enable: true + peer: DC1-POD1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf + switchport: + enabled: false hostname: DC2-POD1-LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.210.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 172.18.210.3/32 +- name: Loopback100 + description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool + shutdown: false + vrf: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.3/32 +- name: Loopback101 + description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools + shutdown: false + vrf: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.201.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.22/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: L2_DC2-POD1-L2LEAF1A_Port-Channel1 + shutdown: false + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '4092' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.210.0/24 eq 32 + - sequence: 20 + action: permit 172.18.210.0/24 eq 32 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 172.21.210.0/24 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65211' router_id: 172.16.210.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.210.0 peer_group: IPv4-UNDERLAY-PEERS @@ -51,40 +183,46 @@ router_bgp: description: DC2-POD1-SPINE2_Ethernet3 - ip_address: 172.16.110.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111.100' peer: DC1-POD1-LEAF1A description: DC1-POD1-LEAF1A_Loopback0 - remote_as: '65111.100' - ip_address: 172.16.110.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110.100' peer: DC1-POD1-SPINE1 description: DC1-POD1-SPINE1_Loopback0 - remote_as: '65110.100' - ip_address: 172.16.10.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-RS1 description: DC1-RS1_Loopback0 - remote_as: '65101' - ip_address: 172.16.10.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-RS2 description: DC1-RS2_Loopback0 - remote_as: '65102' - ip_address: 172.16.210.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65212' peer: DC2-POD1-LEAF2A description: DC2-POD1-LEAF2A_Loopback0 - remote_as: '65212' - ip_address: 100.100.100.101 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65112.100' peer: DC1.POD1.LEAF2A description: DC1.POD1.LEAF2A - peer_group: IPv4-UNDERLAY-PEERS - ip_address: 11.1.0.38 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65120' peer: DC1-POD1-LEAF2B description: DC1-POD1-LEAF2B - peer_group: IPv4-UNDERLAY-PEERS bfd: true + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -95,15 +233,14 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Common_VRF - eos_cli: 'comment - - Comment created from raw_eos_cli under BGP for VRF Common_VRF - - EOF - - ' rd: 172.16.210.3:1025 route_targets: import: @@ -118,6 +255,13 @@ router_bgp: redistribute: connected: enabled: true + eos_cli: 'comment + + Comment created from raw_eos_cli under BGP for VRF Common_VRF + + EOF + + ' - name: vrf_with_loopbacks_dc1_pod1_only rd: 172.16.210.3:1102 route_targets: @@ -163,183 +307,62 @@ router_bgp: redistribute: connected: enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-LEAF1A +spanning_tree: + mode: rstp + rstp_priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: vrf_with_loopbacks_from_overlapping_pool + ip_address: 10.100.0.3 +- name: vrf_with_loopbacks_from_pod_pools + ip_address: 10.101.201.3 +vlan_interfaces: +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 172.21.210.2/24 + ip_virtual_router_addresses: + - 172.21.210.1 + ip_attached_host_route_export: + enabled: true + distance: 19 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: rstp - rstp_priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system vrfs: - name: MGMT ip_routing: false - name: Common_VRF - tenant: Tenant_A ip_routing: true -- name: vrf_with_loopbacks_dc1_pod1_only tenant: Tenant_A +- name: vrf_with_loopbacks_dc1_pod1_only ip_routing: true -- name: vrf_with_loopbacks_from_overlapping_pool tenant: Tenant_A +- name: vrf_with_loopbacks_from_overlapping_pool ip_routing: true -- name: vrf_with_loopbacks_from_pod_pools tenant: Tenant_A +- name: vrf_with_loopbacks_from_pod_pools ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.22/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1010\n description Loopback created from raw_eos_cli under l3leaf defaults in DC2 POD1\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n\ninterface Loopback1000\n description Loopback - created from raw_eos_cli under VRF Common_VRF\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-POD1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC2-POD1-SPINE1_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.210.1/31 -- name: Ethernet2 - peer: DC2-POD1-SPINE2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC2-POD1-SPINE2_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.210.3/31 -- name: Ethernet3 - peer: DC2-POD1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC2-POD1-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet6 - peer: DC1.POD1.LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - ip_address: 100.100.100.201/24 - description: P2P_DC1.POD1.LEAF2A_Ethernet7 -- name: Ethernet7 - peer: DC1-POD1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - ip_address: 11.1.0.39/31 - ptp: - enable: true - description: P2P_DC1-POD1-LEAF2B_Ethernet7 -port_channel_interfaces: -- name: Port-Channel3 - description: L2_DC2-POD1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '4092' - shutdown: false - service_profile: QOS-PROFILE -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.210.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 172.18.210.3/32 -- name: Loopback100 - description: DIAG_VRF_vrf_with_loopbacks_from_overlapping_pool - shutdown: false - vrf: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.3/32 -- name: Loopback101 - description: DIAG_VRF_vrf_with_loopbacks_from_pod_pools - shutdown: false - vrf: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.201.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.210.0/24 eq 32 - - sequence: 20 - action: permit 172.18.210.0/24 eq 32 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 172.21.210.0/24 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 + tenant: Tenant_A vxlan_interface: vxlan1: description: DC2-POD1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vrfs: - name: Common_VRF vni: 1025 @@ -349,26 +372,3 @@ vxlan_interface: vni: 1100 - name: vrf_with_loopbacks_from_pod_pools vni: 1101 -virtual_source_nat_vrfs: -- name: vrf_with_loopbacks_from_overlapping_pool - ip_address: 10.100.0.3 -- name: vrf_with_loopbacks_from_pod_pools - ip_address: 10.101.201.3 -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.210.2/24 - ip_virtual_router_addresses: - - 172.21.210.1 -metadata: - platform: vEOS-LAB -domain_list: -- structured-config.set.under.vrf.common-vrf diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF2A.yml index 6591e25ff08..06912e56ad2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-LEAF2A.yml @@ -1,155 +1,56 @@ -hostname: DC2-POD1-LEAF2A -is_deployed: true -router_bgp: - as: '65212' - router_id: 172.16.210.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 5 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.17.210.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65210' - peer: DC2-POD1-SPINE1 - description: DC2-POD1-SPINE1_Ethernet4 - - ip_address: 172.17.210.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65210' - peer: DC2-POD1-SPINE2 - description: DC2-POD1-SPINE2_Ethernet4 - - ip_address: 172.16.210.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC2-POD1-LEAF1A - description: DC2-POD1-LEAF1A_Loopback0 - remote_as: '65211' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_rtc: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: rstp - rstp_priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.24/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "interface Loopback1010\n description Loopback created from raw_eos_cli under l3leaf defaults in DC2 POD1\n\ninterface Loopback1111\n \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-LEAF2A ethernet_interfaces: - name: Ethernet1 - peer: DC2-POD1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine description: P2P_DC2-POD1-SPINE1_Ethernet4 shutdown: false + ip_address: 172.17.210.5/31 + ptp: + enable: true service_profile: QOS-PROFILE + peer: DC2-POD1-SPINE1 + peer_interface: Ethernet4 + peer_type: spine switchport: enabled: false +- name: Ethernet2 + description: P2P_DC2-POD1-SPINE2_Ethernet4 + shutdown: false + ip_address: 172.17.210.7/31 ptp: enable: true - ip_address: 172.17.210.5/31 -- name: Ethernet2 + service_profile: QOS-PROFILE peer: DC2-POD1-SPINE2 peer_interface: Ethernet4 peer_type: spine - description: P2P_DC2-POD1-SPINE2_Ethernet4 - shutdown: false - service_profile: QOS-PROFILE switchport: enabled: false - ptp: - enable: true - ip_address: 172.17.210.7/31 - name: Ethernet3 - peer: DC2-POD1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_DC2-POD1-L2LEAF2A_Ethernet1 shutdown: false channel_group: id: 3 mode: active -port_channel_interfaces: -- name: Port-Channel3 - description: L2_DC2-POD1-L2LEAF2A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '4092' - shutdown: false - service_profile: QOS-PROFILE + peer: DC2-POD1-L2LEAF2A + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: DC2-POD1-LEAF2A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -159,6 +60,30 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 172.18.210.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.24/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: L2_DC2-POD1-L2LEAF2A_Port-Channel1 + shutdown: false + service_profile: QOS-PROFILE + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '4092' prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -186,28 +111,103 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -vxlan_interface: - vxlan1: - description: DC2-POD1-LEAF2A_VTEP - vxlan: - udp_port: 4789 - source_interface: Loopback1 -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT +router_bgp: + as: '65212' + router_id: 172.16.210.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 5 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.17.210.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65210' + peer: DC2-POD1-SPINE1 + description: DC2-POD1-SPINE1_Ethernet4 + - ip_address: 172.17.210.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65210' + peer: DC2-POD1-SPINE2 + description: DC2-POD1-SPINE2_Ethernet4 + - ip_address: 172.16.210.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65211' + peer: DC2-POD1-LEAF1A + description: DC2-POD1-LEAF1A_Loopback0 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_rtc: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-LEAF2A +spanning_tree: + mode: rstp + rstp_priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4092 description: Inband Management shutdown: false - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 172.21.210.2/24 ip_virtual_router_addresses: - 172.21.210.1 -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 -metadata: - platform: vEOS-LAB + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: DC2-POD1-LEAF2A_VTEP + vxlan: + source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE1.yml index 1515112b1f9..f9c7728f944 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE1.yml @@ -1,41 +1,139 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1009\n description Loopback created from raw_eos_cli under spine defaults in DC2 POD1\n\ninterface Loopback1111\n + \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC2-SUPER-SPINE1_Ethernet1 + shutdown: false + ip_address: 172.16.21.1/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE1 + peer_interface: Ethernet1 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC2-SUPER-SPINE2_Ethernet1 + shutdown: false + ip_address: 172.16.21.65/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE2 + peer_interface: Ethernet1 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC2-POD1-LEAF1A_Ethernet1 + shutdown: false + ip_address: 172.17.210.0/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-POD1-LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC2-POD1-LEAF2A_Ethernet1 + shutdown: false + ip_address: 172.17.210.4/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-POD1-LEAF2A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC1-POD2-SPINE1_Ethernet5 + shutdown: false + ip_address: 11.1.1.19/31 + peer: DC1-POD2-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false hostname: DC2-POD1-SPINE1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.210.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.20/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.210.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65210' router_id: 172.16.210.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.16.21.0 peer_group: IPv4-UNDERLAY-PEERS @@ -59,29 +157,33 @@ router_bgp: description: DC2-POD1-LEAF2A_Ethernet1 - ip_address: 172.16.110.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111.100' peer: DC1-POD1-LEAF1A description: DC1-POD1-LEAF1A_Loopback0 - remote_as: '65111.100' - ip_address: 172.16.110.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110.100' peer: DC1-POD1-SPINE1 description: DC1-POD1-SPINE1_Loopback0 - remote_as: '65110.100' - ip_address: 172.16.10.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-RS1 description: DC1-RS1_Loopback0 - remote_as: '65101' - ip_address: 172.16.10.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-RS2 description: DC1-RS2_Loopback0 - remote_as: '65102' - ip_address: 11.1.1.18 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65120' peer: DC1-POD2-SPINE1 description: DC1-POD2-SPINE1 - peer_group: IPv4-UNDERLAY-PEERS + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -92,129 +194,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-SPINE1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.20/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1009\n description Loopback created from raw_eos_cli under spine defaults in DC2 POD1\n\ninterface Loopback1111\n - \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-SPINE1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-SUPER-SPINE1 - peer_interface: Ethernet1 - peer_type: super-spine - description: P2P_DC2-SUPER-SPINE1_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.21.1/31 -- name: Ethernet2 - peer: DC2-SUPER-SPINE2 - peer_interface: Ethernet1 - peer_type: super-spine - description: P2P_DC2-SUPER-SPINE2_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.21.65/31 -- name: Ethernet3 - peer: DC2-POD1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC2-POD1-LEAF1A_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.210.0/31 -- name: Ethernet4 - peer: DC2-POD1-LEAF2A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC2-POD1-LEAF2A_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.17.210.4/31 -- name: Ethernet5 - peer: DC1-POD2-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - switchport: - enabled: false - shutdown: false - ip_address: 11.1.1.19/31 - description: P2P_DC1-POD2-SPINE1_Ethernet5 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.210.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.210.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE2.yml index 3b860b45e9d..ef1247b0351 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-POD1-SPINE2.yml @@ -1,167 +1,98 @@ -hostname: DC2-POD1-SPINE2 -is_deployed: true -router_bgp: - as: '65210' - router_id: 172.16.210.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 172.16.21.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: DC2-SUPER-SPINE1 - description: DC2-SUPER-SPINE1_Ethernet2 - - ip_address: 172.16.21.66 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: DC2-SUPER-SPINE2 - description: DC2-SUPER-SPINE2_Ethernet2 - - ip_address: 172.17.210.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65211' - peer: DC2-POD1-LEAF1A - description: DC2-POD1-LEAF1A_Ethernet2 - - ip_address: 172.17.210.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65212' - peer: DC2-POD1-LEAF2A - description: DC2-POD1-LEAF2A_Ethernet2 - - ip_address: 200.200.200.101 - remote_as: '65112' - peer: DC1-POD2-SPINE2 - description: DC1-POD2-SPINE2 - peer_group: IPv4-UNDERLAY-PEERS - bfd: false -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.21/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "interface Loopback1009\n description Loopback created from raw_eos_cli under spine defaults in DC2 POD1\n\ninterface Loopback1111\n \ description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-SPINE2 ethernet_interfaces: - name: Ethernet1 - peer: DC2-SUPER-SPINE1 - peer_interface: Ethernet2 - peer_type: super-spine description: P2P_DC2-SUPER-SPINE1_Ethernet2 shutdown: false + ip_address: 172.16.21.3/31 + ptp: + enable: true service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE1 + peer_interface: Ethernet2 + peer_type: super-spine switchport: enabled: false +- name: Ethernet2 + description: P2P_DC2-SUPER-SPINE2_Ethernet2 + shutdown: false + ip_address: 172.16.21.67/31 ptp: enable: true - ip_address: 172.16.21.3/31 -- name: Ethernet2 + service_profile: QOS-PROFILE peer: DC2-SUPER-SPINE2 peer_interface: Ethernet2 peer_type: super-spine - description: P2P_DC2-SUPER-SPINE2_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE switchport: enabled: false +- name: Ethernet3 + description: P2P_DC2-POD1-LEAF1A_Ethernet2 + shutdown: false + ip_address: 172.17.210.2/31 ptp: enable: true - ip_address: 172.16.21.67/31 -- name: Ethernet3 + service_profile: QOS-PROFILE peer: DC2-POD1-LEAF1A peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_DC2-POD1-LEAF1A_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE switchport: enabled: false +- name: Ethernet4 + description: P2P_DC2-POD1-LEAF2A_Ethernet2 + shutdown: false + ip_address: 172.17.210.6/31 ptp: enable: true - ip_address: 172.17.210.2/31 -- name: Ethernet4 + service_profile: QOS-PROFILE peer: DC2-POD1-LEAF2A peer_interface: Ethernet2 peer_type: l3leaf - description: P2P_DC2-POD1-LEAF2A_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE switchport: enabled: false +- name: Ethernet5 + description: P2P_DC1-POD2-SPINE2_Ethernet4 + shutdown: false + ip_address: 200.200.200.201/24 ptp: enable: true - ip_address: 172.17.210.6/31 -- name: Ethernet5 peer: DC1-POD2-SPINE2 peer_interface: Ethernet4 peer_type: spine switchport: enabled: false - shutdown: false - ip_address: 200.200.200.201/24 - ptp: - enable: true - description: P2P_DC1-POD2-SPINE2_Ethernet4 +hostname: DC2-POD1-SPINE2 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 172.16.210.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.21/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -174,5 +105,74 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -metadata: - platform: vEOS-LAB +router_bgp: + as: '65210' + router_id: 172.16.210.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 172.16.21.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: DC2-SUPER-SPINE1 + description: DC2-SUPER-SPINE1_Ethernet2 + - ip_address: 172.16.21.66 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: DC2-SUPER-SPINE2 + description: DC2-SUPER-SPINE2_Ethernet2 + - ip_address: 172.17.210.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65211' + peer: DC2-POD1-LEAF1A + description: DC2-POD1-LEAF1A_Ethernet2 + - ip_address: 172.17.210.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65212' + peer: DC2-POD1-LEAF2A + description: DC2-POD1-LEAF2A_Ethernet2 + - ip_address: 200.200.200.101 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65112' + peer: DC1-POD2-SPINE2 + description: DC1-POD2-SPINE2 + bfd: false + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2_POD1 DC2-POD1-SPINE2 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS1.yml index 43382a0b3d1..b061847e6cd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS1.yml @@ -1,41 +1,101 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC2-SUPER-SPINE1_Ethernet3 + shutdown: false + ip_address: 172.17.20.1/31 + service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE1 + peer_interface: Ethernet3 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC2-SUPER-SPINE1_Ethernet6 + shutdown: false + ip_address: 172.17.20.3/31 + service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE1 + peer_interface: Ethernet6 + peer_type: super-spine + switchport: + enabled: false hostname: DC2-RS1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.20.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.18/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.20.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65201' router_id: 172.16.20.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.20.0 peer_group: IPv4-UNDERLAY-PEERS @@ -49,24 +109,28 @@ router_bgp: description: DC2-SUPER-SPINE1_Ethernet6 - ip_address: 172.16.110.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111.100' peer: DC1-POD1-LEAF1A description: DC1-POD1-LEAF1A_Loopback0 - remote_as: '65111.100' - ip_address: 172.16.110.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110.100' peer: DC1-POD1-SPINE1 description: DC1-POD1-SPINE1_Loopback0 - remote_as: '65110.100' - ip_address: 172.16.10.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-RS1 description: DC1-RS1_Loopback0 - remote_as: '65101' - ip_address: 172.16.10.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-RS2 description: DC1-RS2_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -77,91 +141,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2-RS1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.18/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2-RS1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-SUPER-SPINE1 - peer_interface: Ethernet3 - peer_type: super-spine - description: P2P_DC2-SUPER-SPINE1_Ethernet3 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.1/31 -- name: Ethernet2 - peer: DC2-SUPER-SPINE1 - peer_interface: Ethernet6 - peer_type: super-spine - description: P2P_DC2-SUPER-SPINE1_Ethernet6 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.3/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.20.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.20.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS2.yml index c6d07a51ac9..1a7bf696763 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-RS2.yml @@ -1,31 +1,88 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC2-SUPER-SPINE1_Ethernet5 + shutdown: false + ip_address: 172.17.20.9/31 + service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE1 + peer_interface: Ethernet5 + peer_type: super-spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC2-SUPER-SPINE1_Ethernet7 + shutdown: false + ip_address: 172.17.20.11/31 + service_profile: QOS-PROFILE + peer: DC2-SUPER-SPINE1 + peer_interface: Ethernet7 + peer_type: super-spine + switchport: + enabled: false hostname: DC2-RS2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.20.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.19/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.20.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY router_bgp: as: '65201' router_id: 172.16.20.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 172.17.20.8 peer_group: IPv4-UNDERLAY-PEERS @@ -37,86 +94,29 @@ router_bgp: remote_as: '65200' peer: DC2-SUPER-SPINE1 description: DC2-SUPER-SPINE1_Ethernet7 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2-RS2 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.19/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2-RS2 -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-SUPER-SPINE1 - peer_interface: Ethernet5 - peer_type: super-spine - description: P2P_DC2-SUPER-SPINE1_Ethernet5 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.9/31 -- name: Ethernet2 - peer: DC2-SUPER-SPINE1 - peer_interface: Ethernet7 - peer_type: super-spine - description: P2P_DC2-SUPER-SPINE1_Ethernet7 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.11/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.20.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.20.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE1.yml index b16baa75a0b..80f78924e5b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE1.yml @@ -1,41 +1,158 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC2-POD1-SPINE1_Ethernet1 + shutdown: false + ip_address: 172.16.21.0/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-POD1-SPINE1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC2-POD1-SPINE2_Ethernet1 + shutdown: false + ip_address: 172.16.21.2/31 + ptp: + enable: true + service_profile: QOS-PROFILE + peer: DC2-POD1-SPINE2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC2-RS1_Ethernet1 + shutdown: false + ip_address: 172.17.20.0/31 + service_profile: QOS-PROFILE + peer: DC2-RS1 + peer_interface: Ethernet1 + peer_type: overlay-controller + switchport: + enabled: false +- name: Ethernet5 + description: P2P_DC2-RS2_Ethernet1 + shutdown: false + ip_address: 172.17.20.8/31 + service_profile: QOS-PROFILE + peer: DC2-RS2 + peer_interface: Ethernet1 + peer_type: overlay-controller + switchport: + enabled: false +- name: Ethernet6 + description: P2P_DC2-RS1_Ethernet2 + shutdown: false + ip_address: 172.17.20.2/31 + service_profile: QOS-PROFILE + peer: DC2-RS1 + peer_interface: Ethernet2 + peer_type: overlay-controller + switchport: + enabled: false +- name: Ethernet7 + description: P2P_DC2-RS2_Ethernet2 + shutdown: false + ip_address: 172.17.20.10/31 + service_profile: QOS-PROFILE + peer: DC2-RS2 + peer_interface: Ethernet2 + peer_type: overlay-controller + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SUPER-SPINE1_Ethernet6 + shutdown: false + ip_address: 11.1.2.1/31 + mac_security: + profile: MACSEC_PROFILE + ptp: + enable: true + peer: DC1-SUPER-SPINE1 + peer_interface: Ethernet6 + peer_type: super-spine + switchport: + enabled: false hostname: DC2-SUPER-SPINE1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.16.200.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.16/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 172.16.200.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65200' router_id: 172.16.200.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 5 send_community: all maximum_routes: 0 - ebgp_multihop: 5 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.16.21.1 peer_group: IPv4-UNDERLAY-PEERS @@ -69,30 +186,34 @@ router_bgp: description: DC2-RS2_Ethernet2 - ip_address: 172.16.110.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111.100' peer: DC1-POD1-LEAF1A description: DC1-POD1-LEAF1A_Loopback0 - remote_as: '65111.100' - ip_address: 172.16.110.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110.100' peer: DC1-POD1-SPINE1 description: DC1-POD1-SPINE1_Loopback0 - remote_as: '65110.100' - ip_address: 172.16.10.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-RS1 description: DC1-RS1_Loopback0 - remote_as: '65101' - ip_address: 172.16.10.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-RS2 description: DC1-RS2_Loopback0 - remote_as: '65102' - ip_address: 11.1.2.0 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65100' peer: DC1-SUPER-SPINE1 description: DC1-SUPER-SPINE1 - peer_group: IPv4-UNDERLAY-PEERS bfd: false + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS @@ -103,148 +224,27 @@ router_bgp: activate: true default_route_target: only: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2-SUPER-SPINE1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.16/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2-SUPER-SPINE1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC2-POD1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC2-POD1-SPINE1_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.21.0/31 -- name: Ethernet2 - peer: DC2-POD1-SPINE2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC2-POD1-SPINE2_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ptp: - enable: true - ip_address: 172.16.21.2/31 -- name: Ethernet3 - peer: DC2-RS1 - peer_interface: Ethernet1 - peer_type: overlay-controller - description: P2P_DC2-RS1_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.0/31 -- name: Ethernet5 - peer: DC2-RS2 - peer_interface: Ethernet1 - peer_type: overlay-controller - description: P2P_DC2-RS2_Ethernet1 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.8/31 -- name: Ethernet6 - peer: DC2-RS1 - peer_interface: Ethernet2 - peer_type: overlay-controller - description: P2P_DC2-RS1_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.2/31 -- name: Ethernet7 - peer: DC2-RS2 - peer_interface: Ethernet2 - peer_type: overlay-controller - description: P2P_DC2-RS2_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE - switchport: - enabled: false - ip_address: 172.17.20.10/31 -- name: Ethernet4 - peer: DC1-SUPER-SPINE1 - peer_interface: Ethernet6 - peer_type: super-spine - switchport: - enabled: false - shutdown: false - ip_address: 11.1.2.1/31 - ptp: - enable: true - mac_security: - profile: MACSEC_PROFILE - description: P2P_DC1-SUPER-SPINE1_Ethernet6 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.16.200.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 172.16.200.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE2.yml index 8cd0c2534c7..0fbac3d307b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs-twodc-5stage-clos/intended/structured_configs/DC2-SUPER-SPINE2.yml @@ -1,129 +1,71 @@ -hostname: DC2-SUPER-SPINE2 -is_deployed: true -router_bgp: - as: '65200' - router_id: 172.16.200.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 172.16.21.65 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65210' - peer: DC2-POD1-SPINE1 - description: DC2-POD1-SPINE1_Ethernet2 - - ip_address: 172.16.21.67 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65210' - peer: DC2-POD1-SPINE2 - description: DC2-POD1-SPINE2_Ethernet2 - - ip_address: 11.1.2.2 - remote_as: '65100' - peer: DC1-SUPER-SPINE2 - description: DC1-SUPER-SPINE2 - peer_group: IPv4-UNDERLAY-PEERS -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.254 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ - no_password: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.1.17/24 - gateway: 192.168.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true eos_cli: "interface Loopback1111\n description Loopback created from raw_eos_cli under platform_settings vEOS-LAB\n" -snmp_server: - location: TWODC_5STAGE_CLOS DC2 DC2-SUPER-SPINE2 ethernet_interfaces: - name: Ethernet1 - peer: DC2-POD1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine description: P2P_DC2-POD1-SPINE1_Ethernet2 shutdown: false + ip_address: 172.16.21.64/31 + ptp: + enable: true service_profile: QOS-PROFILE + peer: DC2-POD1-SPINE1 + peer_interface: Ethernet2 + peer_type: spine switchport: enabled: false +- name: Ethernet2 + description: P2P_DC2-POD1-SPINE2_Ethernet2 + shutdown: false + ip_address: 172.16.21.66/31 ptp: enable: true - ip_address: 172.16.21.64/31 -- name: Ethernet2 + service_profile: QOS-PROFILE peer: DC2-POD1-SPINE2 peer_interface: Ethernet2 peer_type: spine - description: P2P_DC2-POD1-SPINE2_Ethernet2 - shutdown: false - service_profile: QOS-PROFILE switchport: enabled: false - ptp: - enable: true - ip_address: 172.16.21.66/31 - name: Ethernet4 + description: P2P_DC1-SUPER-SPINE2_Ethernet6 + shutdown: false + ip_address: 11.1.2.3/31 peer: DC1-SUPER-SPINE2 peer_interface: Ethernet6 peer_type: super-spine switchport: enabled: false - shutdown: false - ip_address: 11.1.2.3/31 - description: P2P_DC1-SUPER-SPINE2_Ethernet6 +hostname: DC2-SUPER-SPINE2 +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + sha512_password: $6$eJ5TvI8oru5i9e8G$R1X/SbtGTk9xoEHEBQASc7SC2nHYmi.crVgp2pXuCXwxsXEA81e4E0cXgQ6kX08fIeQzauqhv2kS.RGJFCon5/ + no_password: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 172.16.200.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.1.17/24 + type: oob + gateway: 192.168.1.254 +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -136,5 +78,63 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -metadata: - platform: vEOS-LAB +router_bgp: + as: '65200' + router_id: 172.16.200.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 172.16.21.65 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65210' + peer: DC2-POD1-SPINE1 + description: DC2-POD1-SPINE1_Ethernet2 + - ip_address: 172.16.21.67 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65210' + peer: DC2-POD1-SPINE2 + description: DC2-POD1-SPINE2_Ethernet2 + - ip_address: 11.1.2.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: DC1-SUPER-SPINE2 + description: DC1-SUPER-SPINE2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +snmp_server: + location: TWODC_5STAGE_CLOS DC2 DC2-SUPER-SPINE2 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.254 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host1.yml b/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host1.yml index df2428710de..394dcdd522f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host1.yml @@ -1,136 +1,136 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: SERVER_OLD_SW-1/2_Endpoint_port1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: OLD_SW-1/2 + peer_interface: Endpoint_port1 + peer_type: server +- name: Ethernet2 + description: SERVER_OLD_SW-1/2_ENDPOINT_PORT2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: OLD_SW-1/2 + peer_interface: ENDPOINT_PORT2 + peer_type: server hostname: host1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_ROUTER_ID + shutdown: false + ip_address: 192.168.255.101/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.101/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.103/24 + type: oob +port_channel_interfaces: +- name: Port-Channel1 + description: SERVER_OLD_SW-1/2_ENDPOINT_PORT_CHANNEL + shutdown: false + ptp: + enable: true + announce: + interval: 0 + timeout: 3 + delay_req: -3 + sync_message: + interval: -3 + transport: ipv4 + switchport: + enabled: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '101' router_id: 192.168.255.101 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.103/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_ROUTER_ID - shutdown: false - ip_address: 192.168.255.101/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.101/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: host1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -ethernet_interfaces: -- name: Ethernet1 - peer: OLD_SW-1/2 - peer_interface: Endpoint_port1 - peer_type: server - description: SERVER_OLD_SW-1/2_Endpoint_port1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: OLD_SW-1/2 - peer_interface: ENDPOINT_PORT2 - peer_type: server - description: SERVER_OLD_SW-1/2_ENDPOINT_PORT2 - shutdown: false - channel_group: - id: 1 - mode: active -port_channel_interfaces: -- name: Port-Channel1 - description: SERVER_OLD_SW-1/2_ENDPOINT_PORT_CHANNEL - shutdown: false - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true - switchport: - enabled: true + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host2.yml b/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host2.yml index 031cde096d5..1b71f01fae4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_deprecated_vars/intended/structured_configs/host2.yml @@ -1,84 +1,84 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: host2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: MY_OVERLAY_LOOPBACK + shutdown: false + ip_address: 10.42.0.102/32 + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 102 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '102' router_id: 10.42.0.102 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '102' update_source: Loopback0 bfd: true send_community: all maximum_routes: 0 - remote_as: '102' address_family_ipv4: peer_groups: - name: MPLS-OVERLAY-PEERS activate: false address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 peer_groups: - name: MPLS-OVERLAY-PEERS activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: MY_OVERLAY_LOOPBACK - shutdown: false - ip_address: 10.42.0.102/32 - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 102 + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.0100.4200.0102.00 router_id: 10.42.0.102 is_type: level-2 + log_adjacency_changes: true + advertise: + passive_only: false address_family_ipv4: enabled: true maximum_paths: 4 - advertise: - passive_only: false segment_routing_mpls: - router_id: 10.42.0.102 enabled: true -mpls: - ip: true -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 + router_id: 10.42.0.102 +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/bgp-peer-groups-1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/bgp-peer-groups-1.cfg index 58efe2b5b17..721ceb249ea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/bgp-peer-groups-1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/bgp-peer-groups-1.cfg @@ -136,7 +136,5 @@ router bgp 65001 no neighbor EVPN-OVERLAY-PEERS activate neighbor IPv4-UNDERLAY-PEERS activate neighbor MLAG-IPv4-UNDERLAY-PEER activate - ! - address-family vpn-ipv4 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF1.yml index b7308aee46a..bb054d69db7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF1.yml @@ -1,186 +1,186 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_7010TX-LEAF2_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: 7010TX-LEAF2 + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_7010TX-LEAF2_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: 7010TX-LEAF2 + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: 7010TX-LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.35/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.116/24 + type: oob +metadata: + platform: 7010TX +mlag_configuration: + domain_id: MLAG_PER_MTU_INTERFACE + local_interface: Vlan4094 + peer_address: 10.10.255.5 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_7010TX-LEAF2_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.35 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: 7010TX-LEAF2 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.5 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: 7010TX-LEAF2 description: 7010TX-LEAF2_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.4/31 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.4/31 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.116/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - ip_address: 10.10.224.4/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - ip_address: 10.10.255.4/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_7010TX-LEAF2_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: 7010TX-LEAF2 - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_7010TX-LEAF2_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: 7010TX-LEAF2 - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_7010TX-LEAF2_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_PER_MTU_INTERFACE - local_interface: Vlan4094 - peer_address: 10.10.255.5 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.35/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: 7010TX-LEAF1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: 7010TX diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF2.yml index 66da0a099c9..0e804827ce9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/7010TX-LEAF2.yml @@ -1,173 +1,173 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_7010TX-LEAF1_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: 7010TX-LEAF1 + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_7010TX-LEAF1_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: 7010TX-LEAF1 + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: 7010TX-LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.36/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.117/24 + type: oob +metadata: + platform: 7010TX +mlag_configuration: + domain_id: MLAG_PER_MTU_INTERFACE + local_interface: Vlan4094 + peer_address: 10.10.255.4 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_7010TX-LEAF1_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.36 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: 7010TX-LEAF1 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.4 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: 7010TX-LEAF1 description: 7010TX-LEAF1_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.5/31 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.5/31 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.117/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - ip_address: 10.10.224.5/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - ip_address: 10.10.255.5/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_7010TX-LEAF1_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: 7010TX-LEAF1 - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_7010TX-LEAF1_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: 7010TX-LEAF1 - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_7010TX-LEAF1_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_PER_MTU_INTERFACE - local_interface: Vlan4094 - peer_address: 10.10.255.4 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.36/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: 7010TX + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1A.yml index 4b29b8054e6..ff4bb6c5d23 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1A.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_ASN_LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.105/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.105/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1B.yml index 28c2c13c1b4..0b00d54f78d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF1B.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_ASN_LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.106/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.106/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF2.yml index 0ab874a5856..9859b1e9cba 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF2.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_ASN_LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.107/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.107/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3A.yml index 2c7144223d2..1b1dd08a638 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3A.yml @@ -1,199 +1,199 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_AUTO_BGP_ASN_LEAF3B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF3B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_AUTO_BGP_ASN_LEAF3B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF3B + peer_interface: Ethernet4 + peer_type: mlag_peer hostname: AUTO_BGP_ASN_LEAF3A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.7/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.109/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: AUTO_BGP_ASN_LEAF3_MLAG + local_interface: Vlan4094 + peer_address: 10.255.252.9 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_AUTO_BGP_ASN_LEAF3B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65105' router_id: 192.168.255.7 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65105' - next_hop_self: true description: AUTO_BGP_ASN_LEAF3B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.9 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: AUTO_BGP_ASN_LEAF3B description: AUTO_BGP_ASN_LEAF3B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.8/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.8/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.109/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.8/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.8/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_AUTO_BGP_ASN_LEAF3B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: AUTO_BGP_ASN_LEAF3B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF3B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: AUTO_BGP_ASN_LEAF3B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF3B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: AUTO_BGP_ASN_LEAF3_MLAG - local_interface: Vlan4094 - peer_address: 10.255.252.9 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.7/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.7/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3B.yml index 58fedca6a0e..7a447e5014a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF3B.yml @@ -1,199 +1,199 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_AUTO_BGP_ASN_LEAF3A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF3A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_AUTO_BGP_ASN_LEAF3A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF3A + peer_interface: Ethernet4 + peer_type: mlag_peer hostname: AUTO_BGP_ASN_LEAF3B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.8/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.110/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: AUTO_BGP_ASN_LEAF3_MLAG + local_interface: Vlan4094 + peer_address: 10.255.252.8 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_AUTO_BGP_ASN_LEAF3A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65105' router_id: 192.168.255.8 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65105' - next_hop_self: true description: AUTO_BGP_ASN_LEAF3A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.8 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: AUTO_BGP_ASN_LEAF3A description: AUTO_BGP_ASN_LEAF3A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.9/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.9/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.110/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.9/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.9/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_AUTO_BGP_ASN_LEAF3A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: AUTO_BGP_ASN_LEAF3A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF3A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: AUTO_BGP_ASN_LEAF3A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF3A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: AUTO_BGP_ASN_LEAF3_MLAG - local_interface: Vlan4094 - peer_address: 10.255.252.8 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.8/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.7/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4A.yml index 179dcddb729..881aa7bc16a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4A.yml @@ -1,199 +1,199 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_AUTO_BGP_ASN_LEAF4B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF4B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_AUTO_BGP_ASN_LEAF4B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF4B + peer_interface: Ethernet4 + peer_type: mlag_peer hostname: AUTO_BGP_ASN_LEAF4A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.9/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.111/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: AUTO_BGP_ASN_LEAF4_MLAG_OVERRIDE + local_interface: Vlan4094 + peer_address: 10.255.252.13 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_AUTO_BGP_ASN_LEAF4B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65222' router_id: 192.168.255.9 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65222' - next_hop_self: true description: AUTO_BGP_ASN_LEAF4B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.13 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: AUTO_BGP_ASN_LEAF4B description: AUTO_BGP_ASN_LEAF4B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.12/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.12/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.111/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.12/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.12/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_AUTO_BGP_ASN_LEAF4B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: AUTO_BGP_ASN_LEAF4B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF4B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: AUTO_BGP_ASN_LEAF4B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF4B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: AUTO_BGP_ASN_LEAF4_MLAG_OVERRIDE - local_interface: Vlan4094 - peer_address: 10.255.252.13 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.9/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF4A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4B.yml index c50755914cd..bbd57bec1c1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF4B.yml @@ -1,199 +1,199 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_AUTO_BGP_ASN_LEAF4A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF4A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_AUTO_BGP_ASN_LEAF4A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF4A + peer_interface: Ethernet4 + peer_type: mlag_peer hostname: AUTO_BGP_ASN_LEAF4B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.112/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: AUTO_BGP_ASN_LEAF4_MLAG_OVERRIDE + local_interface: Vlan4094 + peer_address: 10.255.252.12 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_AUTO_BGP_ASN_LEAF4A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65222' router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65222' - next_hop_self: true description: AUTO_BGP_ASN_LEAF4A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.12 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: AUTO_BGP_ASN_LEAF4A description: AUTO_BGP_ASN_LEAF4A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.13/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.13/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.112/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.13/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.13/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_AUTO_BGP_ASN_LEAF4A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: AUTO_BGP_ASN_LEAF4A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF4A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: AUTO_BGP_ASN_LEAF4A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF4A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: AUTO_BGP_ASN_LEAF4_MLAG_OVERRIDE - local_interface: Vlan4094 - peer_address: 10.255.252.12 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF4B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF5A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF5A.yml index 29fea485d4e..9cab0806850 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF5A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF5A.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_ASN_LEAF5A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.11/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.113/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65333' router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.113/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.11/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF5A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7A.yml index 2d2405d0056..703a81f03e6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7A.yml @@ -1,199 +1,199 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_AUTO_BGP_ASN_LEAF7B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF7B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_AUTO_BGP_ASN_LEAF7B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF7B + peer_interface: Ethernet4 + peer_type: mlag_peer hostname: AUTO_BGP_ASN_LEAF7A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.13/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.13/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.115/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: AUTO_BGP_ASN_LEAF5_4BYTE_DOTZERO + local_interface: Vlan4094 + peer_address: 10.255.252.21 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_AUTO_BGP_ASN_LEAF7B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65222.0' router_id: 192.168.255.13 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65222.0' - next_hop_self: true description: AUTO_BGP_ASN_LEAF7B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.21 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: AUTO_BGP_ASN_LEAF7B description: AUTO_BGP_ASN_LEAF7B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.20/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.20/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.115/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.20/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.20/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_AUTO_BGP_ASN_LEAF7B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: AUTO_BGP_ASN_LEAF7B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF7B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: AUTO_BGP_ASN_LEAF7B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF7B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: AUTO_BGP_ASN_LEAF5_4BYTE_DOTZERO - local_interface: Vlan4094 - peer_address: 10.255.252.21 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.13/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF7A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7B.yml index 731de8da28a..a900b69cf6c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF7B.yml @@ -1,199 +1,199 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_AUTO_BGP_ASN_LEAF7A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF7A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_AUTO_BGP_ASN_LEAF7A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: AUTO_BGP_ASN_LEAF7A + peer_interface: Ethernet4 + peer_type: mlag_peer hostname: AUTO_BGP_ASN_LEAF7B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.14/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.13/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.116/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: AUTO_BGP_ASN_LEAF5_4BYTE_DOTZERO + local_interface: Vlan4094 + peer_address: 10.255.252.20 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_AUTO_BGP_ASN_LEAF7A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65222.0' router_id: 192.168.255.14 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65222.0' - next_hop_self: true description: AUTO_BGP_ASN_LEAF7A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.20 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: AUTO_BGP_ASN_LEAF7A description: AUTO_BGP_ASN_LEAF7A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.21/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.21/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.116/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.21/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.21/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_AUTO_BGP_ASN_LEAF7A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: AUTO_BGP_ASN_LEAF7A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF7A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: AUTO_BGP_ASN_LEAF7A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_AUTO_BGP_ASN_LEAF7A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: AUTO_BGP_ASN_LEAF5_4BYTE_DOTZERO - local_interface: Vlan4094 - peer_address: 10.255.252.20 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.14/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF7B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8A.yml index 7bb57015475..7dd0dd41fc9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8A.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_ASN_LEAF8A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.15/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.15/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.117/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65222.12' router_id: 192.168.255.15 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.117/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.15/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.15/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF8A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8B.yml index 796759f4d22..f147985b434 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_ASN_LEAF8B.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_ASN_LEAF8B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.16/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.16/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.118/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65222.13' router_id: 192.168.255.16 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.118/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.16/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.16/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_ASN_LEAF8B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_UNGROUPED_LEAF6.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_UNGROUPED_LEAF6.yml index aa4c157447a..f80298c16da 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_UNGROUPED_LEAF6.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_BGP_UNGROUPED_LEAF6.yml @@ -1,116 +1,116 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: AUTO_BGP_UNGROUPED_LEAF6 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.12/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.12/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.202.114/24 + type: oob + gateway: 192.168.202.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65110' router_id: 192.168.255.12 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.202.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.202.114/24 - gateway: 192.168.202.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.12/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.12/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_BGP_UNGROUPED_LEAF6_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_LEAF01.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_LEAF01.yml index 2004f33d0a1..c26fc355f02 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_LEAF01.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_LEAF01.yml @@ -1,40 +1,101 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_AUTO_NODE_TYPE_SPINE01_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.1/31 + peer: AUTO_NODE_TYPE_SPINE01 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_AUTO_NODE_TYPE_SPINE02_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.3/31 + peer: AUTO_NODE_TYPE_SPINE02 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false hostname: AUTO_NODE_TYPE_LEAF01 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.203.12/24 + type: oob + gateway: 192.168.203.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.0 peer_group: IPv4-UNDERLAY-PEERS @@ -48,111 +109,50 @@ router_bgp: description: AUTO_NODE_TYPE_SPINE02_Ethernet1 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: AUTO_NODE_TYPE_SPINE01 description: AUTO_NODE_TYPE_SPINE01_Loopback0 - remote_as: '65100' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: AUTO_NODE_TYPE_SPINE02 description: AUTO_NODE_TYPE_SPINE02_Loopback0 - remote_as: '65100' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.203.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.203.12/24 - gateway: 192.168.203.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: AUTO_NODE_TYPE_SPINE01 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_AUTO_NODE_TYPE_SPINE01_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.1/31 -- name: Ethernet2 - peer: AUTO_NODE_TYPE_SPINE02 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_AUTO_NODE_TYPE_SPINE02_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.3/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_NODE_TYPE_LEAF01_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE01.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE01.yml index e2f798063b5..d0391136587 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE01.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE01.yml @@ -1,41 +1,94 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_AUTO_NODE_TYPE_LEAF01_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.0/31 + peer: AUTO_NODE_TYPE_LEAF01 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_AUTO_NODE_TYPE_UNGROUPED_LEAF02_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.4/31 + peer: AUTO_NODE_TYPE_UNGROUPED_LEAF02 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: AUTO_NODE_TYPE_SPINE01 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.203.10 + type: oob + gateway: 192.168.203.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -49,94 +102,41 @@ router_bgp: description: AUTO_NODE_TYPE_UNGROUPED_LEAF02_Ethernet1 - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: AUTO_NODE_TYPE_LEAF01 description: AUTO_NODE_TYPE_LEAF01_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: AUTO_NODE_TYPE_UNGROUPED_LEAF02 description: AUTO_NODE_TYPE_UNGROUPED_LEAF02_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.203.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.203.10 - gateway: 192.168.203.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: AUTO_NODE_TYPE_LEAF01 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_AUTO_NODE_TYPE_LEAF01_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.0/31 -- name: Ethernet2 - peer: AUTO_NODE_TYPE_UNGROUPED_LEAF02 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_AUTO_NODE_TYPE_UNGROUPED_LEAF02_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.4/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE02.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE02.yml index dc1c8773a34..040f650c407 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE02.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_SPINE02.yml @@ -1,41 +1,94 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_AUTO_NODE_TYPE_LEAF01_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.2/31 + peer: AUTO_NODE_TYPE_LEAF01 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_AUTO_NODE_TYPE_UNGROUPED_LEAF02_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.6/31 + peer: AUTO_NODE_TYPE_UNGROUPED_LEAF02 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: AUTO_NODE_TYPE_SPINE02 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.203.11 + type: oob + gateway: 192.168.203.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 192.168.255.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.3 peer_group: IPv4-UNDERLAY-PEERS @@ -49,94 +102,41 @@ router_bgp: description: AUTO_NODE_TYPE_UNGROUPED_LEAF02_Ethernet2 - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: AUTO_NODE_TYPE_LEAF01 description: AUTO_NODE_TYPE_LEAF01_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: AUTO_NODE_TYPE_UNGROUPED_LEAF02 description: AUTO_NODE_TYPE_UNGROUPED_LEAF02_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.203.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.203.11 - gateway: 192.168.203.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: AUTO_NODE_TYPE_LEAF01 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_AUTO_NODE_TYPE_LEAF01_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.2/31 -- name: Ethernet2 - peer: AUTO_NODE_TYPE_UNGROUPED_LEAF02 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_AUTO_NODE_TYPE_UNGROUPED_LEAF02_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.6/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_UNGROUPED_LEAF02.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_UNGROUPED_LEAF02.yml index 908988e11a2..1757edb6f63 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_UNGROUPED_LEAF02.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/AUTO_NODE_TYPE_UNGROUPED_LEAF02.yml @@ -1,40 +1,101 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_AUTO_NODE_TYPE_SPINE01_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.5/31 + peer: AUTO_NODE_TYPE_SPINE01 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_AUTO_NODE_TYPE_SPINE02_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.7/31 + peer: AUTO_NODE_TYPE_SPINE02 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false hostname: AUTO_NODE_TYPE_UNGROUPED_LEAF02 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.203.13/24 + type: oob + gateway: 192.168.203.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.4 peer_group: IPv4-UNDERLAY-PEERS @@ -48,111 +109,50 @@ router_bgp: description: AUTO_NODE_TYPE_SPINE02_Ethernet2 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: AUTO_NODE_TYPE_SPINE01 description: AUTO_NODE_TYPE_SPINE01_Loopback0 - remote_as: '65100' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: AUTO_NODE_TYPE_SPINE02 description: AUTO_NODE_TYPE_SPINE02_Loopback0 - remote_as: '65100' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.203.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.203.13/24 - gateway: 192.168.203.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: AUTO_NODE_TYPE_SPINE01 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_AUTO_NODE_TYPE_SPINE01_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.5/31 -- name: Ethernet2 - peer: AUTO_NODE_TYPE_SPINE02 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_AUTO_NODE_TYPE_SPINE02_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.7/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: AUTO_NODE_TYPE_UNGROUPED_LEAF02_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1A.yml index bbfec4e24c8..4782f5e0b75 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1A.yml @@ -1,48 +1,167 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.24/31 + channel_group: + id: 3 + mode: active + peer: CUSTOM-PYTHON_MODULES-L3LEAF2 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-PYTHON_MODULES-L3LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-SPINE1_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.21/31 + peer: CUSTOM-PYTHON_MODULES-SPINE1 + peer_interface: Ethernet1 + peer_type: custom_spine + switchport: + enabled: false +- name: Ethernet3.1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1.1 VRF TEST_VRF + shutdown: false + mtu: 9214 + vrf: TEST_VRF + encapsulation_dot1q: + vlan: 1 + ip_address: 172.16.0.24/31 + peer: CUSTOM-PYTHON_MODULES-L3LEAF2 + peer_interface: Ethernet1.1 + peer_type: l3leaf hostname: CUSTOM-PYTHON_MODULES-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.21/32 +- name: Loopback1 + description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.21/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: CUSTOM_PYTHON_MODULES_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.11 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1B_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.240.10/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.21 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: CUSTOM-PYTHON_MODULES-L3LEAF1B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.11 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -60,20 +179,36 @@ router_bgp: description: CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: CUSTOM-PYTHON_MODULES-SPINE1 description: CUSTOM-PYTHON_MODULES-SPINE1_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 110 + tenant: CUSTOM_PYTHON_MODULES_TENANT + rd: 192.168.255.21:11110 + route_targets: + both: + - 11110:11110 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST_VRF - router_id: 192.168.255.21 - neighbors: - - ip_address: 172.16.0.25 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65103' - description: CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1.1_vrf_TEST_VRF - - ip_address: 10.255.240.11 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: CUSTOM-PYTHON_MODULES-L3LEAF1B_Vlan3000 rd: 192.168.255.21:1 route_targets: import: @@ -84,73 +219,73 @@ router_bgp: - address_family: evpn route_targets: - '1:1' + router_id: 192.168.255.21 + updates: + wait_install: true + neighbors: + - ip_address: 172.16.0.25 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65103' + description: CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1.1_vrf_TEST_VRF + - ip_address: 10.255.240.11 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: CUSTOM-PYTHON_MODULES-L3LEAF1B_Vlan3000 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - updates: - wait_install: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 110 - tenant: CUSTOM_PYTHON_MODULES_TENANT - rd: 192.168.255.21:11110 - route_targets: - both: - - 11110:11110 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_PEER_L3_PEERING + shutdown: false + ip_address: 10.255.251.10/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.10/31 + mtu: 9214 + no_autostate: true +- name: Vlan110 + description: Tenant_A_OP_Zone_1 + shutdown: false + vrf: TEST_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: CUSTOM_PYTHON_MODULES_TENANT + tags: + - opzone +- name: Vlan3000 + description: 'MLAG_PEER_L3_iBGP: vrf TEST_VRF' + shutdown: false + vrf: TEST_VRF + ip_address: 10.255.240.10/31 + mtu: 9214 + tenant: CUSTOM_PYTHON_MODULES_TENANT + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST_VRF - tenant: CUSTOM_PYTHON_MODULES_TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 110 name: Tenant_A_OP_Zone_1 tenant: CUSTOM_PYTHON_MODULES_TENANT @@ -159,151 +294,18 @@ vlans: trunk_groups: - MLAG tenant: CUSTOM_PYTHON_MODULES_TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_PEER_L3_PEERING - shutdown: false - mtu: 9214 - ip_address: 10.255.251.10/31 -- name: Vlan4094 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.10/31 -- name: Vlan110 - tenant: CUSTOM_PYTHON_MODULES_TENANT - tags: - - opzone - description: Tenant_A_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: TEST_VRF -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST_VRF + ip_routing: true tenant: CUSTOM_PYTHON_MODULES_TENANT - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf TEST_VRF' - vrf: TEST_VRF - mtu: 9214 - ip_address: 10.255.240.10/31 -port_channel_interfaces: -- name: Port-Channel3 - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1B_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: CUSTOM-PYTHON_MODULES-L3LEAF2 - peer_interface: Ethernet1 - peer_type: l3leaf - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1 - shutdown: false - channel_group: - id: 3 - mode: active - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.24/31 -- name: Ethernet4 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: CUSTOM-PYTHON_MODULES-SPINE1 - peer_interface: Ethernet1 - peer_type: custom_spine - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-SPINE1_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.21/31 -- name: Ethernet3.1 - peer: CUSTOM-PYTHON_MODULES-L3LEAF2 - peer_interface: Ethernet1.1 - peer_type: l3leaf - vrf: TEST_VRF - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF2_Ethernet1.1 VRF TEST_VRF - shutdown: false - encapsulation_dot1q: - vlan: 1 - mtu: 9214 - ip_address: 172.16.0.24/31 -mlag_configuration: - domain_id: CUSTOM_PYTHON_MODULES_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.11 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.21/32 -- name: Loopback1 - description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.21/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.240.10/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: CUSTOM-PYTHON_MODULES-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 110 @@ -311,5 +313,3 @@ vxlan_interface: vrfs: - name: TEST_VRF vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1B.yml index 53e30e79cc2..c4b1bc64a49 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF1B.yml @@ -1,48 +1,152 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-PYTHON_MODULES-L3LEAF1A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-PYTHON_MODULES-L3LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-SPINE1_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.23/31 + peer: CUSTOM-PYTHON_MODULES-SPINE1 + peer_interface: Ethernet2 + peer_type: custom_spine + switchport: + enabled: false hostname: CUSTOM-PYTHON_MODULES-L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.22/32 +- name: Loopback1 + description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.21/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: CUSTOM_PYTHON_MODULES_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.10 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1A_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.240.10/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.22 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: CUSTOM-PYTHON_MODULES-L3LEAF1A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.10 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -55,13 +159,34 @@ router_bgp: description: CUSTOM-PYTHON_MODULES-SPINE1_Ethernet2 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: CUSTOM-PYTHON_MODULES-SPINE1 description: CUSTOM-PYTHON_MODULES-SPINE1_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 110 + tenant: CUSTOM_PYTHON_MODULES_TENANT + rd: 192.168.255.22:11110 + route_targets: + both: + - 11110:11110 + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST_VRF rd: 192.168.255.22:1 @@ -75,73 +200,68 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.240.10 peer_group: MLAG-IPv4-UNDERLAY-PEER description: CUSTOM-PYTHON_MODULES-L3LEAF1A_Vlan3000 - updates: - wait_install: true - vlans: - - id: 110 - tenant: CUSTOM_PYTHON_MODULES_TENANT - rd: 192.168.255.22:11110 - route_targets: - both: - - 11110:11110 - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_PEER_L3_PEERING + shutdown: false + ip_address: 10.255.251.11/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.11/31 + mtu: 9214 + no_autostate: true +- name: Vlan110 + description: Tenant_A_OP_Zone_1 + shutdown: false + vrf: TEST_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: CUSTOM_PYTHON_MODULES_TENANT + tags: + - opzone +- name: Vlan3000 + description: 'MLAG_PEER_L3_iBGP: vrf TEST_VRF' + shutdown: false + vrf: TEST_VRF + ip_address: 10.255.240.11/31 + mtu: 9214 + tenant: CUSTOM_PYTHON_MODULES_TENANT + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST_VRF - tenant: CUSTOM_PYTHON_MODULES_TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 110 name: Tenant_A_OP_Zone_1 tenant: CUSTOM_PYTHON_MODULES_TENANT @@ -150,136 +270,18 @@ vlans: trunk_groups: - MLAG tenant: CUSTOM_PYTHON_MODULES_TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_PEER_L3_PEERING - shutdown: false - mtu: 9214 - ip_address: 10.255.251.11/31 -- name: Vlan4094 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.11/31 -- name: Vlan110 - tenant: CUSTOM_PYTHON_MODULES_TENANT - tags: - - opzone - description: Tenant_A_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: TEST_VRF -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST_VRF + ip_routing: true tenant: CUSTOM_PYTHON_MODULES_TENANT - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf TEST_VRF' - vrf: TEST_VRF - mtu: 9214 - ip_address: 10.255.240.11/31 -port_channel_interfaces: -- name: Port-Channel3 - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1A_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: CUSTOM-PYTHON_MODULES-SPINE1 - peer_interface: Ethernet2 - peer_type: custom_spine - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-SPINE1_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.23/31 -mlag_configuration: - domain_id: CUSTOM_PYTHON_MODULES_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.10 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.22/32 -- name: Loopback1 - description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.21/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.240.10/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: CUSTOM-PYTHON_MODULES-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 110 @@ -287,5 +289,3 @@ vxlan_interface: vrfs: - name: TEST_VRF vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF2.yml index f25fbd25408..48dd4168f12 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-L3LEAF2.yml @@ -1,52 +1,124 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.25/31 + peer: CUSTOM-PYTHON_MODULES-L3LEAF1A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1.1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3.1 VRF TEST_VRF + shutdown: false + mtu: 9214 + vrf: TEST_VRF + encapsulation_dot1q: + vlan: 1 + ip_address: 172.16.0.25/31 + peer: CUSTOM-PYTHON_MODULES-L3LEAF1A + peer_interface: Ethernet3.1 + peer_type: l3leaf hostname: CUSTOM-PYTHON_MODULES-L3LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.23/32 +- name: Loopback1 + description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.23/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.23 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.24 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65101' peer: CUSTOM-PYTHON_MODULES-L3LEAF1A description: CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 110 + tenant: CUSTOM_PYTHON_MODULES_TENANT + rd: 192.168.255.23:11110 + route_targets: + both: + - 11110:11110 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST_VRF - router_id: 192.168.255.23 - neighbors: - - ip_address: 172.16.0.24 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - description: CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3.1_vrf_TEST_VRF rd: 192.168.255.23:1 route_targets: import: @@ -57,126 +129,54 @@ router_bgp: - address_family: evpn route_targets: - '1:1' + router_id: 192.168.255.23 + neighbors: + - ip_address: 172.16.0.24 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + description: CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3.1_vrf_TEST_VRF redistribute: connected: enabled: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 110 - tenant: CUSTOM_PYTHON_MODULES_TENANT - rd: 192.168.255.23:11110 - route_targets: - both: - - 11110:11110 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan110 + description: Tenant_A_OP_Zone_1 + shutdown: false + vrf: TEST_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: CUSTOM_PYTHON_MODULES_TENANT + tags: + - opzone vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true +vlans: +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: CUSTOM_PYTHON_MODULES_TENANT vrfs: - name: MGMT ip_routing: false - name: TEST_VRF - tenant: CUSTOM_PYTHON_MODULES_TENANT ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.25/31 -- name: Ethernet1.1 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1A - peer_interface: Ethernet3.1 - peer_type: l3leaf - vrf: TEST_VRF - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet3.1 VRF TEST_VRF - shutdown: false - encapsulation_dot1q: - vlan: 1 - mtu: 9214 - ip_address: 172.16.0.25/31 -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.23/32 -- name: Loopback1 - description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.23/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: CUSTOM_PYTHON_MODULES_TENANT -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan110 tenant: CUSTOM_PYTHON_MODULES_TENANT - tags: - - opzone - description: Tenant_A_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: TEST_VRF vxlan_interface: vxlan1: description: CUSTOM-PYTHON_MODULES-L3LEAF2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 110 vni: 11110 vrfs: - name: TEST_VRF vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-SPINE1.yml index 43f46123913..780dbc26e5b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-PYTHON_MODULES-SPINE1.yml @@ -1,39 +1,92 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.20/31 + peer: CUSTOM-PYTHON_MODULES-L3LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.22/31 + peer: CUSTOM-PYTHON_MODULES-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: CUSTOM-PYTHON_MODULES-SPINE1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_CUSTOM_SPINE + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.21 peer_group: IPv4-UNDERLAY-PEERS @@ -47,94 +100,41 @@ router_bgp: description: CUSTOM-PYTHON_MODULES-L3LEAF1B_Ethernet1 - ip_address: 192.168.255.21 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: CUSTOM-PYTHON_MODULES-L3LEAF1A description: CUSTOM-PYTHON_MODULES-L3LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.22 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: CUSTOM-PYTHON_MODULES-L3LEAF1B description: CUSTOM-PYTHON_MODULES-L3LEAF1B_Loopback0 - remote_as: '65101' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.20/31 -- name: Ethernet2 - peer: CUSTOM-PYTHON_MODULES-L3LEAF1B - peer_interface: Ethernet1 - peer_type: l3leaf - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-PYTHON_MODULES-L3LEAF1B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.22/31 -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_CUSTOM_SPINE - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1A.yml index 63fcfd4a9c5..f35bb2cac40 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1A.yml @@ -1,107 +1,63 @@ -hostname: CUSTOM-TEMPLATES-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_CUSTOM-TEMPLATES-L2LEAF1B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1A_Po1_To_Po5_ - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 1 ethernet_interfaces: - name: Ethernet3 - peer: CUSTOM-TEMPLATES-L2LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_CUSTOM-TEMPLATES-L2LEAF1B_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: CUSTOM-TEMPLATES-L2LEAF1B - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_CUSTOM-TEMPLATES-L2LEAF1B_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: CUSTOM-TEMPLATES-L2LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: CUSTOM-TEMPLATES-L3LEAF1A - peer_interface: Ethernet5 - peer_type: l3leaf description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet5 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: CUSTOM-TEMPLATES-L3LEAF1B + peer: CUSTOM-TEMPLATES-L3LEAF1A peer_interface: Ethernet5 peer_type: l3leaf +- name: Ethernet2 description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet5 shutdown: false channel_group: id: 1 mode: active + peer: CUSTOM-TEMPLATES-L3LEAF1B + peer_interface: Ethernet5 + peer_type: l3leaf +hostname: CUSTOM-TEMPLATES-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: CUSTOM_TEMPLATES_L2LEAF1 local_interface: Vlan4094 @@ -109,7 +65,51 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_CUSTOM-TEMPLATES-L2LEAF1B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1A_Po1_To_Po5_ + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1B.yml index 547df696c02..13f18e3b8d7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L2LEAF1B.yml @@ -1,107 +1,63 @@ -hostname: CUSTOM-TEMPLATES-L2LEAF1B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_CUSTOM-TEMPLATES-L2LEAF1A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1A_Po1_To_Po5_ - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 1 ethernet_interfaces: - name: Ethernet3 - peer: CUSTOM-TEMPLATES-L2LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_CUSTOM-TEMPLATES-L2LEAF1A_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: CUSTOM-TEMPLATES-L2LEAF1A - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_CUSTOM-TEMPLATES-L2LEAF1A_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: CUSTOM-TEMPLATES-L2LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: CUSTOM-TEMPLATES-L3LEAF1A - peer_interface: Ethernet6 - peer_type: l3leaf description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet6 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: CUSTOM-TEMPLATES-L3LEAF1B + peer: CUSTOM-TEMPLATES-L3LEAF1A peer_interface: Ethernet6 peer_type: l3leaf +- name: Ethernet2 description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet6 shutdown: false channel_group: id: 1 mode: active + peer: CUSTOM-TEMPLATES-L3LEAF1B + peer_interface: Ethernet6 + peer_type: l3leaf +hostname: CUSTOM-TEMPLATES-L2LEAF1B +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: CUSTOM_TEMPLATES_L2LEAF1 local_interface: Vlan4094 @@ -109,7 +65,51 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_CUSTOM-TEMPLATES-L2LEAF1A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L3LEAF1A_Po1_To_Po5_ + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1A.yml index 88ce471721f..d3ce07a05eb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1A.yml @@ -1,48 +1,188 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-TEMPLATES-L3LEAF1B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-TEMPLATES-L3LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-SPINE1_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.21/31 + peer: CUSTOM-TEMPLATES-SPINE1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet5 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: CUSTOM-TEMPLATES-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet6 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1B_Ethernet1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: CUSTOM-TEMPLATES-L2LEAF1B + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet11 + description: TEST_CUSTOM_PREFIX_SERVER-1_Nic1_management + shutdown: false + peer: SERVER-1 + peer_interface: Nic1 + peer_type: server + switchport: + enabled: true + mode: trunk hostname: CUSTOM-TEMPLATES-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.21/32 +- name: Loopback1 + description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.21/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: CUSTOM_TEMPLATES_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.11 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1B_Eth3_Eth4_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel5 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Po5_To_Po1_ + shutdown: false + mlag: 5 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.240.10/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.21 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: CUSTOM-TEMPLATES-L3LEAF1B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.11 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -55,13 +195,34 @@ router_bgp: description: CUSTOM-TEMPLATES-SPINE1_Ethernet1 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: CUSTOM-TEMPLATES-SPINE1 description: CUSTOM-TEMPLATES-SPINE1_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 110 + tenant: CUSTOM_TEMPLATES_TENANT + rd: 192.168.255.21:11110 + route_targets: + both: + - 11110:11110 + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST_VRF rd: 192.168.255.21:1 @@ -75,73 +236,68 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.240.11 peer_group: MLAG-IPv4-UNDERLAY-PEER description: CUSTOM-TEMPLATES-L3LEAF1B_Vlan3000 - updates: - wait_install: true - vlans: - - id: 110 - tenant: CUSTOM_TEMPLATES_TENANT - rd: 192.168.255.21:11110 - route_targets: - both: - - 11110:11110 - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.10/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.10/31 + mtu: 9214 + no_autostate: true +- name: Vlan110 + description: Tenant_A_OP_Zone_1 + shutdown: false + vrf: TEST_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: CUSTOM_TEMPLATES_TENANT + tags: + - opzone +- name: Vlan3000 + description: MLAG_L3_VRF_TEST_VRF + shutdown: false + vrf: TEST_VRF + ip_address: 10.255.240.10/31 + mtu: 9214 + tenant: CUSTOM_TEMPLATES_TENANT + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST_VRF - tenant: CUSTOM_TEMPLATES_TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 110 name: Tenant_A_OP_Zone_1 tenant: CUSTOM_TEMPLATES_TENANT @@ -150,172 +306,18 @@ vlans: trunk_groups: - MLAG tenant: CUSTOM_TEMPLATES_TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.10/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.10/31 -- name: Vlan110 - tenant: CUSTOM_TEMPLATES_TENANT - tags: - - opzone - description: Tenant_A_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: TEST_VRF -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST_VRF + ip_routing: true tenant: CUSTOM_TEMPLATES_TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST_VRF - vrf: TEST_VRF - mtu: 9214 - ip_address: 10.255.240.10/31 -port_channel_interfaces: -- name: Port-Channel3 - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1B_Eth3_Eth4_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel5 - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Po5_To_Po1_ - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: CUSTOM-TEMPLATES-L3LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: CUSTOM-TEMPLATES-L3LEAF1B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: CUSTOM-TEMPLATES-SPINE1 - peer_interface: Ethernet1 - peer_type: spine - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-SPINE1_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.21/31 -- name: Ethernet5 - peer: CUSTOM-TEMPLATES-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: CUSTOM-TEMPLATES-L2LEAF1B - peer_interface: Ethernet1 - peer_type: l2leaf - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1B_Ethernet1 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet11 - peer: SERVER-1 - peer_interface: Nic1 - peer_type: server - description: TEST_CUSTOM_PREFIX_SERVER-1_Nic1_management - shutdown: false - switchport: - enabled: true - mode: trunk -mlag_configuration: - domain_id: CUSTOM_TEMPLATES_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.11 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.21/32 -- name: Loopback1 - description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.21/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.240.10/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: CUSTOM-TEMPLATES-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 110 @@ -323,5 +325,3 @@ vxlan_interface: vrfs: - name: TEST_VRF vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1B.yml index 786b5ad5ed1..888dd159365 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-L3LEAF1B.yml @@ -1,48 +1,203 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-TEMPLATES-L3LEAF1A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: CUSTOM-TEMPLATES-L3LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-SPINE1_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.23/31 + peer: CUSTOM-TEMPLATES-SPINE1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet5 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Ethernet2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: CUSTOM-TEMPLATES-L2LEAF1A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet6 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1B_Ethernet2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: CUSTOM-TEMPLATES-L2LEAF1B + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet12 + description: TEST_CUSTOM_PREFIX_SERVER-2_Nic1_data + shutdown: false + channel_group: + id: 12 + mode: active + peer: SERVER-2 + peer_interface: Nic1 + peer_type: server +- name: Ethernet13 + description: TEST_CUSTOM_PREFIX_SERVER-2_Nic2_data + shutdown: false + channel_group: + id: 12 + mode: active + peer: SERVER-2 + peer_interface: Nic2 + peer_type: server hostname: CUSTOM-TEMPLATES-L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.22/32 +- name: Loopback1 + description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.21/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: CUSTOM_TEMPLATES_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.10 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1A_Eth3_Eth4_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel5 + description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Po5_To_Po1_ + shutdown: false + mlag: 5 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +- name: Port-Channel12 + description: TEST_CUSTOM_PREFIX_SERVER-2_data_portchannel_12 + shutdown: false + switchport: + enabled: true + mode: trunk +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.240.10/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.22 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: CUSTOM-TEMPLATES-L3LEAF1A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.10 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -55,13 +210,34 @@ router_bgp: description: CUSTOM-TEMPLATES-SPINE1_Ethernet2 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: CUSTOM-TEMPLATES-SPINE1 description: CUSTOM-TEMPLATES-SPINE1_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 110 + tenant: CUSTOM_TEMPLATES_TENANT + rd: 192.168.255.22:11110 + route_targets: + both: + - 11110:11110 + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST_VRF rd: 192.168.255.22:1 @@ -75,73 +251,68 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.240.10 peer_group: MLAG-IPv4-UNDERLAY-PEER description: CUSTOM-TEMPLATES-L3LEAF1A_Vlan3000 - updates: - wait_install: true - vlans: - - id: 110 - tenant: CUSTOM_TEMPLATES_TENANT - rd: 192.168.255.22:11110 - route_targets: - both: - - 11110:11110 - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.11/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.11/31 + mtu: 9214 + no_autostate: true +- name: Vlan110 + description: Tenant_A_OP_Zone_1 + shutdown: false + vrf: TEST_VRF + ip_address_virtual: 10.1.10.1/24 + tenant: CUSTOM_TEMPLATES_TENANT + tags: + - opzone +- name: Vlan3000 + description: MLAG_L3_VRF_TEST_VRF + shutdown: false + vrf: TEST_VRF + ip_address: 10.255.240.11/31 + mtu: 9214 + tenant: CUSTOM_TEMPLATES_TENANT + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST_VRF - tenant: CUSTOM_TEMPLATES_TENANT - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 110 name: Tenant_A_OP_Zone_1 tenant: CUSTOM_TEMPLATES_TENANT @@ -150,187 +321,18 @@ vlans: trunk_groups: - MLAG tenant: CUSTOM_TEMPLATES_TENANT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.11/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.11/31 -- name: Vlan110 - tenant: CUSTOM_TEMPLATES_TENANT - tags: - - opzone - description: Tenant_A_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: TEST_VRF -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST_VRF + ip_routing: true tenant: CUSTOM_TEMPLATES_TENANT - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST_VRF - vrf: TEST_VRF - mtu: 9214 - ip_address: 10.255.240.11/31 -port_channel_interfaces: -- name: Port-Channel3 - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1A_Eth3_Eth4_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel5 - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Po5_To_Po1_ - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 5 -- name: Port-Channel12 - description: TEST_CUSTOM_PREFIX_SERVER-2_data_portchannel_12 - shutdown: false - switchport: - enabled: true - mode: trunk -ethernet_interfaces: -- name: Ethernet3 - peer: CUSTOM-TEMPLATES-L3LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: CUSTOM-TEMPLATES-L3LEAF1A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: TEST_CUSTOM_PREFIX_MLAG_PEER_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: CUSTOM-TEMPLATES-SPINE1 - peer_interface: Ethernet2 - peer_type: spine - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-SPINE1_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.23/31 -- name: Ethernet5 - peer: CUSTOM-TEMPLATES-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1A_Ethernet2 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: CUSTOM-TEMPLATES-L2LEAF1B - peer_interface: Ethernet2 - peer_type: l2leaf - description: TEST_CUSTOM_PREFIX_CUSTOM-TEMPLATES-L2LEAF1B_Ethernet2 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet12 - peer: SERVER-2 - peer_interface: Nic1 - peer_type: server - description: TEST_CUSTOM_PREFIX_SERVER-2_Nic1_data - shutdown: false - channel_group: - id: 12 - mode: active -- name: Ethernet13 - peer: SERVER-2 - peer_interface: Nic2 - peer_type: server - description: TEST_CUSTOM_PREFIX_SERVER-2_Nic2_data - shutdown: false - channel_group: - id: 12 - mode: active -mlag_configuration: - domain_id: CUSTOM_TEMPLATES_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.10 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.22/32 -- name: Loopback1 - description: TEST_CUSTOM_PREFIX_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.21/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.240.10/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: CUSTOM-TEMPLATES-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 110 @@ -338,5 +340,3 @@ vxlan_interface: vrfs: - name: TEST_VRF vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-SPINE1.yml index 6acec3076f4..952c26d1005 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/CUSTOM-TEMPLATES-SPINE1.yml @@ -1,39 +1,92 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.20/31 + peer: CUSTOM-TEMPLATES-L3LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.22/31 + peer: CUSTOM-TEMPLATES-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: CUSTOM-TEMPLATES-SPINE1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_SPINE + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.21 peer_group: IPv4-UNDERLAY-PEERS @@ -47,94 +100,41 @@ router_bgp: description: CUSTOM-TEMPLATES-L3LEAF1B_Ethernet1 - ip_address: 192.168.255.21 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: CUSTOM-TEMPLATES-L3LEAF1A description: CUSTOM-TEMPLATES-L3LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.22 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: CUSTOM-TEMPLATES-L3LEAF1B description: CUSTOM-TEMPLATES-L3LEAF1B_Loopback0 - remote_as: '65101' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: CUSTOM-TEMPLATES-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-L3LEAF1A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.20/31 -- name: Ethernet2 - peer: CUSTOM-TEMPLATES-L3LEAF1B - peer_interface: Ethernet1 - peer_type: l3leaf - description: TEST_CUSTOM_PREFIX_P2P_LINK_TO_CUSTOM-TEMPLATES-L3LEAF1B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.22/31 -loopback_interfaces: -- name: Loopback0 - description: TEST_CUSTOM_PREFIX_EVPN_Overlay_Peering_SPINE - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1A.yml index bf34edaab87..b253a23284e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1A.yml @@ -1,567 +1,131 @@ -hostname: DC1-BL1A -is_deployed: true -router_bgp: - as: '65104' - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - - name: EVPN-OVERLAY-CORE - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - neighbors: - - ip_address: 172.31.254.160 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet22 - - ip_address: 172.31.254.162 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet22 - - ip_address: 172.31.254.164 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet22 - - ip_address: 172.31.254.166 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet22 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - - ip_address: 192.168.255.16 - peer_group: EVPN-OVERLAY-CORE - peer: DC1-BL2A - description: DC1-BL2A - remote_as: '65106' - - ip_address: 192.168.42.42 - peer_group: EVPN-OVERLAY-CORE - peer: DC1-BL2B - description: DC1-BL2B - remote_as: '65042' - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - address_family_rtc: - peer_groups: - - name: EVPN-OVERLAY-CORE - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: Tenant_A_L3_VRF_Zone - rd: 192.168.254.14:15 - route_targets: - import: - - address_family: evpn - route_targets: - - '65104:15' - export: - - address_family: evpn - route_targets: - - '65104:15' - redistribute: - connected: - enabled: true - - name: Tenant_A_WAN_Zone - rd: 192.168.254.14:14 - route_targets: - import: - - address_family: evpn - route_targets: - - '65104:14' - - 65000:456 - - address_family: vpn-ipv4 - route_targets: - - 65000:123 - export: - - address_family: evpn - route_targets: - - '65104:14' - - 65000:789 - - address_family: vpn-ipv4 - route_targets: - - 65000:123 - redistribute: - connected: - enabled: true - static: - enabled: true - ospf: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 123.1.1.10 - activate: true - - ip_address: 123.1.1.11 - activate: true - prefix_list_in: PL-TEST-IN-AF4 - prefix_list_out: PL-TEST-OUT-AF4 - neighbors: - - ip_address: 123.1.1.10 - remote_as: '1234' - description: External IPv4 BGP peer - password: oBztv71m2uhR7hh58/OCNA== - send_community: standard extended - maximum_routes: 0 - maximum_routes_warning_only: true - default_originate: - always: false - route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - route_map_in: RM-123-1-1-10-IN - local_as: '123' - shutdown: true - - ip_address: 123.1.1.11 - remote_as: '65000.100' - description: External IPv4 BGP peer - password: oBztv71m2uhR7hh58/OCNA== - send_community: standard extended - maximum_routes: 0 - default_originate: - always: false - update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-123-1-1-11-OUT - route_map_in: RM-123-1-1-11-IN - local_as: '123' - bfd: true - - ip_address: fd5a:fe45:8831:06c5::a - remote_as: '12345' - send_community: all - route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - - ip_address: fd5a:fe45:8831:06c5::b - remote_as: '12345' - address_family_ipv6: - neighbors: - - ip_address: fd5a:fe45:8831:06c5::a - activate: true - prefix_list_in: PL-TEST-IN-AF6 - prefix_list_out: PL-TEST-OUT-AF6 - - ip_address: fd5a:fe45:8831:06c5::b - activate: true - updates: - wait_install: true - - name: Tenant_B_OP_Zone - rd: 192.168.254.14:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '65104:20' - export: - - address_family: evpn - route_targets: - - '65104:20' - redistribute: - connected: - enabled: true - - name: Tenant_B_WAN_Zone - rd: 192.168.254.14:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '65104:21' - export: - - address_family: evpn - route_targets: - - '65104:21' - redistribute: - connected: - enabled: true - - name: Tenant_C_WAN_Zone - rd: 192.168.254.14:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '65104:31' - export: - - address_family: evpn - route_targets: - - '65104:31' - redistribute: - connected: - enabled: true - - name: TENANT_D_WAN_ZONE - rd: 192.168.254.14:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '65104:42' - export: - - address_family: evpn - route_targets: - - '65104:42' - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.254.14:14 - route_targets: - both: - - '65104:14' - import_export_evpn_domains: - - domain: remote - route_target: '65104:14' - redistribute_routes: - - learned - vlan: '150' - rd_evpn_domain: - domain: remote - rd: 192.168.254.14:14 - - name: Tenant_B_WAN_Zone - rd: 192.168.254.14:21 - route_targets: - both: - - '65104:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.254.14:31 - route_targets: - both: - - '65104:31' - redistribute_routes: - - learned - vlan: '350' - - name: TENANT_D_WAN_ZONE - rd: 192.168.254.14:42 - route_targets: - both: - - '65104:42' - import_export_evpn_domains: - - domain: remote - route_target: '65104:42' - redistribute_routes: - - learned - vlan: '453' - rd_evpn_domain: - domain: remote - rd: 192.168.254.14:42 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.4.0/24 - gateway: 1.2.3.4 - vrf: Tenant_A_WAN_Zone -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G - - speed_group: 5/1 - serdes: 25G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: '' - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -event_handlers: -- name: evpn-blacklist-recovery - actions: - bash_command: FastCli -p 15 -c "clear bgp evpn host-flap" - delay: 300 - trigger: on-logging - trigger_on_logging: - regex: EVPN-3-BLACKLISTED_DUPLICATE_MAC - asynchronous: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -- ip_address: 1.1.1.1 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -clock: - timezone: correctly_templated_timezone -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_L3_VRF_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -- name: TENANT_D_WAN_ZONE - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management99 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -mac_address_table: - aging_time: 42 - notification_host_flap: - logging: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: null -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-BL1A -router_general: - router_id: - ipv4: 192.168.255.14 +aaa_root: + disabled: true +clock: + timezone: correctly_templated_timezone +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: '' + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet22 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet22 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.161/31 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet22 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_LINK_TO_DC1-SPINE2_Ethernet22 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.163/31 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet22 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_LINK_TO_DC1-SPINE3_Ethernet22 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.165/31 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet22 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_LINK_TO_DC1-SPINE4_Ethernet22 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.167/31 + peer: DC1-SPINE4 + peer_interface: Ethernet22 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.167/31 - name: Ethernet8 - peer_type: l3_interface - ip_address: 10.10.10.10/24 - mtu: 9000 - shutdown: false description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.10.10/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet9 - peer_type: l3_interface - ip_address: 10.10.20.20/24 - mtu: 9000 - shutdown: false description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.20.20/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet10 - peer_type: l3_interface - ip_address: 10.10.30.10/24 - mtu: 9000 - shutdown: false description: test-DC1-BL1A + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.30.10/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet11 - peer_type: l3_interface - ip_address: 10.10.30.10/24 - mtu: 9000 - shutdown: false description: DC1-BL1A descriptions preferred over single description + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.30.10/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet12 - peer_type: l3_interface - ip_address: 10.10.40.10/24 - mtu: 9000 - shutdown: false description: test l3 interfaces acls + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.40.10/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet12 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet12 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet13.10 - peer_type: l3_interface - ip_address: 10.10.40.20/24 - mtu: 9000 - shutdown: false description: test l3 interfaces acls - access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 - access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone encapsulation_dot1q: vlan: 10 - vrf: Tenant_A_L3_VRF_Zone -- name: Ethernet7 + ip_address: 10.10.40.20/24 + access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 + access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 peer_type: l3_interface - ip_address: 10.10.10.10/24 - mtu: 9000 - shutdown: false +- name: Ethernet7 description: test - switchport: - enabled: false + shutdown: false + mtu: 9000 vrf: Tenant_A_WAN_Zone - ospf_area: 0.0.0.0 + ip_address: 10.10.10.10/24 ospf_network_point_to_point: true + ospf_area: 0.0.0.0 ospf_cost: 100 ospf_authentication: message-digest ospf_message_digest_keys: @@ -571,11 +135,14 @@ ethernet_interfaces: - id: 2 hash_algorithm: sha512 key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Ethernet13 + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface +- name: Ethernet13 shutdown: false + peer_type: l3_interface + switchport: + enabled: false - name: Ethernet4000 description: My test shutdown: false @@ -586,6 +153,87 @@ ethernet_interfaces: peer_type: my_precious switchport: enabled: false +event_handlers: +- name: evpn-blacklist-recovery + actions: + bash_command: FastCli -p 15 -c "clear bgp evpn host-flap" + delay: 300 + trigger: on-logging + trigger_on_logging: + regex: EVPN-3-BLACKLISTED_DUPLICATE_MAC + asynchronous: true +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G + - speed_group: 5/1 + serdes: 25G +hostname: DC1-BL1A +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet12 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.10.40.10 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.10.40.20 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet12 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.10.40.10 + destination: any +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.10.40.20 + destination: any +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +- ip_address: 1.1.1.1 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: MY_ROUTER_ID_LOOPBACK @@ -597,6 +245,38 @@ loopback_interfaces: ip_address: 192.168.254.14/32 ip_address_secondaries: - 192.168.255.255/32 +mac_address_table: + aging_time: 42 + notification_host_flap: + logging: true +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management99 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R + cv_tags: + device_tags: + - name: topology_hint_fabric + value: EOS_DESIGNS_UNIT_TESTS + - name: topology_hint_type + value: leaf + - name: topology_hint_rack + value: DC1_BL1 +ntp: null +platform: + sand: + lag: + hardware_only: true prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -630,112 +310,449 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 453 - name: Tenant_D_WAN_Zone_1 - tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet12 - entries: - - source: any - destination: 10.10.40.10 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 - entries: - - source: any - destination: 10.10.40.20 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet12 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.10.40.10 - destination: any - action: permit - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.10.40.20 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65104' + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + - name: EVPN-OVERLAY-CORE + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 15 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.160 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet22 + - ip_address: 172.31.254.162 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet22 + - ip_address: 172.31.254.164 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet22 + - ip_address: 172.31.254.166 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet22 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + - ip_address: 192.168.255.16 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A + - ip_address: 192.168.42.42 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65042' + peer: DC1-BL2B + description: DC1-BL2B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.254.14:14 + rd_evpn_domain: + domain: remote + rd: 192.168.254.14:14 + route_targets: + both: + - '65104:14' + import_export_evpn_domains: + - domain: remote + route_target: '65104:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.254.14:21 + route_targets: + both: + - '65104:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.254.14:31 + route_targets: + both: + - '65104:31' + redistribute_routes: + - learned + vlan: '350' + - name: TENANT_D_WAN_ZONE + rd: 192.168.254.14:42 + rd_evpn_domain: + domain: remote + rd: 192.168.254.14:42 + route_targets: + both: + - '65104:42' + import_export_evpn_domains: + - domain: remote + route_target: '65104:42' + redistribute_routes: + - learned + vlan: '453' + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_rtc: + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: Tenant_A_L3_VRF_Zone + rd: 192.168.254.14:15 + route_targets: + import: + - address_family: evpn + route_targets: + - '65104:15' + export: + - address_family: evpn + route_targets: + - '65104:15' + redistribute: + connected: + enabled: true + - name: Tenant_A_WAN_Zone + rd: 192.168.254.14:14 + route_targets: + import: + - address_family: evpn + route_targets: + - '65104:14' + - 65000:456 + - address_family: vpn-ipv4 + route_targets: + - 65000:123 + export: + - address_family: evpn + route_targets: + - '65104:14' + - 65000:789 + - address_family: vpn-ipv4 + route_targets: + - 65000:123 + updates: + wait_install: true + neighbors: + - ip_address: 123.1.1.10 + remote_as: '1234' + password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 + shutdown: true + send_community: standard extended + maximum_routes: 0 + maximum_routes_warning_only: true + default_originate: + always: false + route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + update_source: Loopback123 + route_map_in: RM-123-1-1-10-IN + route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + - ip_address: 123.1.1.11 + remote_as: '65000.100' + password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 + bfd: true + send_community: standard extended + maximum_routes: 0 + default_originate: + always: false + update_source: Loopback123 + route_map_in: RM-123-1-1-11-IN + route_map_out: RM-123-1-1-11-OUT + - ip_address: fd5a:fe45:8831:06c5::a + remote_as: '12345' + send_community: all + route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT + - ip_address: fd5a:fe45:8831:06c5::b + remote_as: '12345' + redistribute: + connected: + enabled: true + ospf: + enabled: true + static: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 123.1.1.10 + activate: true + - ip_address: 123.1.1.11 + activate: true + prefix_list_in: PL-TEST-IN-AF4 + prefix_list_out: PL-TEST-OUT-AF4 + address_family_ipv6: + neighbors: + - ip_address: fd5a:fe45:8831:06c5::a + activate: true + prefix_list_in: PL-TEST-IN-AF6 + prefix_list_out: PL-TEST-OUT-AF6 + - ip_address: fd5a:fe45:8831:06c5::b + activate: true + - name: Tenant_B_OP_Zone + rd: 192.168.254.14:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '65104:20' + export: + - address_family: evpn + route_targets: + - '65104:20' + redistribute: + connected: + enabled: true + - name: Tenant_B_WAN_Zone + rd: 192.168.254.14:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '65104:21' + export: + - address_family: evpn + route_targets: + - '65104:21' + redistribute: + connected: + enabled: true + - name: Tenant_C_WAN_Zone + rd: 192.168.254.14:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '65104:31' + export: + - address_family: evpn + route_targets: + - '65104:31' + redistribute: + connected: + enabled: true + - name: TENANT_D_WAN_ZONE + rd: 192.168.254.14:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '65104:42' + export: + - address_family: evpn + route_targets: + - '65104:42' +router_general: + router_id: + ipv4: 192.168.255.14 +router_ospf: + process_ids: + - id: 14 + vrf: Tenant_A_WAN_Zone + passive_interface_default: true + no_passive_interfaces: + - Ethernet7 + - Vlan150 + max_lsa: 15000 + redistribute: + connected: + enabled: true + route_map: RM_TEST + bgp: + enabled: true +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: OOB + destinations: + - destination: 192.168.200.10 + - destination: 10.0.200.90 + source_interface: Management99 +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-BL1A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.4.0/24 + gateway: 1.2.3.4 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan150 - tenant: Tenant_A - tags: - - wan description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan250 - tenant: Tenant_B + tenant: Tenant_A tags: - wan +- name: Vlan250 description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan350 - tenant: Tenant_C + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B tags: - wan +- name: Vlan350 description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.3.50.1/24 vrf: Tenant_C_WAN_Zone -- name: Vlan453 - tenant: Tenant_D + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C tags: - wan +- name: Vlan453 description: Tenant_D_WAN_Zone_1 shutdown: false + vrf: TENANT_D_WAN_ZONE ipv6_enable: true ipv6_address_virtuals: - 10.0.10.1/24 - vrf: TENANT_D_WAN_ZONE -router_ospf: - process_ids: - - id: 14 - vrf: Tenant_A_WAN_Zone - passive_interface_default: true - no_passive_interfaces: - - Ethernet7 - - Vlan150 - max_lsa: 15000 - redistribute: - bgp: - enabled: true - connected: - enabled: true - route_map: RM_TEST + tenant: Tenant_D + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 453 + name: Tenant_D_WAN_Zone_1 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_L3_VRF_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C +- name: TENANT_D_WAN_ZONE + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-BL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -758,20 +775,3 @@ vxlan_interface: vni: 31 - name: TENANT_D_WAN_ZONE vni: 42 -metadata: - platform: 7280R - cv_tags: - device_tags: - - name: topology_hint_fabric - value: EOS_DESIGNS_UNIT_TESTS - - name: topology_hint_type - value: leaf - - name: topology_hint_rack - value: DC1_BL1 -sflow: - vrfs: - - name: OOB - destinations: - - destination: 192.168.200.10 - - destination: 10.0.200.90 - source_interface: Management99 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1B.yml index 76f7fe9657a..e1184ffd32a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL1B.yml @@ -1,345 +1,6 @@ -hostname: DC1-BL1B -is_deployed: true -router_bgp: - as: '65105' - router_id: 192.168.255.15 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - - name: EVPN-OVERLAY-CORE - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - neighbors: - - ip_address: 172.31.254.192 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet23 - - ip_address: 172.31.254.194 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet23 - - ip_address: 172.31.254.196 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet23 - - ip_address: 172.31.254.198 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet23 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - - ip_address: 1.1.1.1 - peer_group: EVPN-OVERLAY-CORE - peer: MY_EVPN_GW1_USER_DEFINED - description: MY_EVPN_GW1_USER_DEFINED - remote_as: '65555' - - ip_address: 2.2.2.2 - peer_group: EVPN-OVERLAY-CORE - peer: MY_EVPN_GW2_USER_DEFINED - description: MY_EVPN_GW2_USER_DEFINED - remote_as: '65555' - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: false - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - address_family_rtc: - peer_groups: - - name: EVPN-OVERLAY-CORE - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: Tenant_A_L3_VRF_Zone - rd: 192.168.254.15:15 - route_targets: - import: - - address_family: evpn - route_targets: - - '65105:15' - export: - - address_family: evpn - route_targets: - - '65105:15' - router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - - name: Tenant_A_WAN_Zone - rd: 192.168.254.15:14 - route_targets: - import: - - address_family: evpn - route_targets: - - '65105:14' - - 65000:456 - - address_family: vpn-ipv4 - route_targets: - - 65000:123 - export: - - address_family: evpn - route_targets: - - '65105:14' - - 65000:789 - - address_family: vpn-ipv4 - route_targets: - - 65000:123 - router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - static: - enabled: true - ospf: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 123.1.1.10 - activate: true - - ip_address: 123.1.1.11 - activate: true - prefix_list_in: PL-TEST-IN-AF4 - prefix_list_out: PL-TEST-OUT-AF4 - neighbors: - - ip_address: 123.1.1.10 - remote_as: '1234' - description: External IPv4 BGP peer - password: oBztv71m2uhR7hh58/OCNA== - send_community: standard extended - maximum_routes: 0 - maximum_routes_warning_only: true - default_originate: - always: false - route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - route_map_in: RM-123-1-1-10-IN - local_as: '123' - shutdown: true - - ip_address: 123.1.1.11 - remote_as: '65000.100' - description: External IPv4 BGP peer - password: oBztv71m2uhR7hh58/OCNA== - send_community: standard extended - maximum_routes: 0 - default_originate: - always: false - update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-123-1-1-11-OUT - route_map_in: RM-123-1-1-11-IN - local_as: '123' - bfd: true - - ip_address: fd5a:fe45:8831:06c5::a - remote_as: '12345' - send_community: all - route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - - ip_address: fd5a:fe45:8831:06c5::b - remote_as: '12345' - address_family_ipv6: - neighbors: - - ip_address: fd5a:fe45:8831:06c5::a - activate: true - prefix_list_in: PL-TEST-IN-AF6 - prefix_list_out: PL-TEST-OUT-AF6 - - ip_address: fd5a:fe45:8831:06c5::b - activate: true - updates: - wait_install: true - - name: Tenant_B_OP_Zone - rd: 192.168.254.15:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '65105:20' - export: - - address_family: evpn - route_targets: - - '65105:20' - router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - - name: Tenant_B_WAN_Zone - rd: 192.168.254.15:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '65105:21' - export: - - address_family: evpn - route_targets: - - '65105:21' - router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - - name: Tenant_C_WAN_Zone - rd: 192.168.254.15:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '65105:31' - export: - - address_family: evpn - route_targets: - - '65105:31' - router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - - name: TENANT_D_WAN_ZONE - rd: 192.168.254.15:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '65105:42' - export: - - address_family: evpn - route_targets: - - '65105:42' - router_id: 192.168.255.15 - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.254.15:14 - route_targets: - both: - - '65105:14' - import_export_evpn_domains: - - domain: remote - route_target: '65105:14' - redistribute_routes: - - learned - vlan: '150' - rd_evpn_domain: - domain: remote - rd: 192.168.254.15:14 - - name: Tenant_B_WAN_Zone - rd: 192.168.254.15:21 - route_targets: - both: - - '65105:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.254.15:31 - route_targets: - both: - - '65105:31' - redistribute_routes: - - learned - vlan: '350' - - name: TENANT_D_WAN_ZONE - rd: 192.168.254.15:42 - route_targets: - both: - - '65105:42' - import_export_evpn_domains: - - domain: remote - route_target: '65105:42' - redistribute_routes: - - learned - vlan: '453' - rd_evpn_domain: - domain: remote - rd: 192.168.254.15:42 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.4.0/24 - gateway: 1.2.3.4 - vrf: Tenant_A_WAN_Zone -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G - - speed_group: 5/1 - serdes: 25G +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -347,211 +8,128 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_L3_VRF_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -- name: TENANT_D_WAN_ZONE - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management99 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.111/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: null -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-BL1B ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet23 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet23 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.193/31 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet23 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_LINK_TO_DC1-SPINE2_Ethernet23 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.195/31 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet23 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_LINK_TO_DC1-SPINE3_Ethernet23 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.197/31 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet23 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_LINK_TO_DC1-SPINE4_Ethernet23 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.199/31 + peer: DC1-SPINE4 + peer_interface: Ethernet23 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.199/31 - name: Ethernet8 - peer_type: l3_interface - ip_address: 10.10.30.10/24 - mtu: 9000 - shutdown: false description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.30.10/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet9 - peer_type: l3_interface - ip_address: 10.10.40.20/24 - mtu: 9000 - shutdown: false description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.40.20/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet10 - peer_type: l3_interface - ip_address: 10.10.40.20/24 - mtu: 9000 - shutdown: false description: test-DC1-BL1B + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.40.20/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet11 - peer_type: l3_interface - ip_address: 10.10.40.20/24 - mtu: 9000 - shutdown: false description: DC1-BL1B descriptions preferred over single description + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.40.20/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet12 - peer_type: l3_interface - ip_address: 10.10.50.10/24 - mtu: 9000 - shutdown: false description: test l3 interfaces acls + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone + ip_address: 10.10.50.10/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet12 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet12 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_L3_VRF_Zone - name: Ethernet13.10 - peer_type: l3_interface - ip_address: 10.10.50.20/24 - mtu: 9000 - shutdown: false description: test l3 interfaces acls - access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 - access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 + shutdown: false + mtu: 9000 + vrf: Tenant_A_L3_VRF_Zone encapsulation_dot1q: vlan: 10 - vrf: Tenant_A_L3_VRF_Zone -- name: Ethernet7 + ip_address: 10.10.50.20/24 + access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 + access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 peer_type: l3_interface - ip_address: 10.10.20.20/24 - mtu: 9000 - shutdown: false +- name: Ethernet7 description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_WAN_Zone + ip_address: 10.10.20.20/24 + peer_type: l3_interface switchport: enabled: false - vrf: Tenant_A_WAN_Zone - name: Ethernet13 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false - name: Ethernet4000 description: My second test shutdown: false @@ -562,6 +140,76 @@ ethernet_interfaces: peer_type: my_precious switchport: enabled: false +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G + - speed_group: 5/1 + serdes: 25G +hostname: DC1-BL1B +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet12 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.10.50.10 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.10.50.20 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet12 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.10.50.10 + destination: any +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.10.50.20 + destination: any +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -571,6 +219,26 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.254.15/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management99 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.111/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: null +platform: + sand: + lag: + hardware_only: true prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -602,112 +270,453 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 453 - name: Tenant_D_WAN_Zone_1 - tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet12 - entries: - - source: any - destination: 10.10.50.10 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet13.10 - entries: - - source: any - destination: 10.10.50.20 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet12 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.10.50.10 - destination: any - action: permit - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet13.10 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.10.50.20 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65105' + router_id: 192.168.255.15 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + - name: EVPN-OVERLAY-CORE + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 15 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.192 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet23 + - ip_address: 172.31.254.194 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet23 + - ip_address: 172.31.254.196 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet23 + - ip_address: 172.31.254.198 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet23 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + - ip_address: 1.1.1.1 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65555' + peer: MY_EVPN_GW1_USER_DEFINED + description: MY_EVPN_GW1_USER_DEFINED + - ip_address: 2.2.2.2 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65555' + peer: MY_EVPN_GW2_USER_DEFINED + description: MY_EVPN_GW2_USER_DEFINED + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.254.15:14 + rd_evpn_domain: + domain: remote + rd: 192.168.254.15:14 + route_targets: + both: + - '65105:14' + import_export_evpn_domains: + - domain: remote + route_target: '65105:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.254.15:21 + route_targets: + both: + - '65105:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.254.15:31 + route_targets: + both: + - '65105:31' + redistribute_routes: + - learned + vlan: '350' + - name: TENANT_D_WAN_ZONE + rd: 192.168.254.15:42 + rd_evpn_domain: + domain: remote + rd: 192.168.254.15:42 + route_targets: + both: + - '65105:42' + import_export_evpn_domains: + - domain: remote + route_target: '65105:42' + redistribute_routes: + - learned + vlan: '453' + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: false + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_rtc: + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: Tenant_A_L3_VRF_Zone + rd: 192.168.254.15:15 + route_targets: + import: + - address_family: evpn + route_targets: + - '65105:15' + export: + - address_family: evpn + route_targets: + - '65105:15' + router_id: 192.168.255.15 + redistribute: + connected: + enabled: true + - name: Tenant_A_WAN_Zone + rd: 192.168.254.15:14 + route_targets: + import: + - address_family: evpn + route_targets: + - '65105:14' + - 65000:456 + - address_family: vpn-ipv4 + route_targets: + - 65000:123 + export: + - address_family: evpn + route_targets: + - '65105:14' + - 65000:789 + - address_family: vpn-ipv4 + route_targets: + - 65000:123 + router_id: 192.168.255.15 + updates: + wait_install: true + neighbors: + - ip_address: 123.1.1.10 + remote_as: '1234' + password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 + shutdown: true + send_community: standard extended + maximum_routes: 0 + maximum_routes_warning_only: true + default_originate: + always: false + route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + update_source: Loopback123 + route_map_in: RM-123-1-1-10-IN + route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + - ip_address: 123.1.1.11 + remote_as: '65000.100' + password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 + bfd: true + send_community: standard extended + maximum_routes: 0 + default_originate: + always: false + update_source: Loopback123 + route_map_in: RM-123-1-1-11-IN + route_map_out: RM-123-1-1-11-OUT + - ip_address: fd5a:fe45:8831:06c5::a + remote_as: '12345' + send_community: all + route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT + - ip_address: fd5a:fe45:8831:06c5::b + remote_as: '12345' + redistribute: + connected: + enabled: true + ospf: + enabled: true + static: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 123.1.1.10 + activate: true + - ip_address: 123.1.1.11 + activate: true + prefix_list_in: PL-TEST-IN-AF4 + prefix_list_out: PL-TEST-OUT-AF4 + address_family_ipv6: + neighbors: + - ip_address: fd5a:fe45:8831:06c5::a + activate: true + prefix_list_in: PL-TEST-IN-AF6 + prefix_list_out: PL-TEST-OUT-AF6 + - ip_address: fd5a:fe45:8831:06c5::b + activate: true + - name: Tenant_B_OP_Zone + rd: 192.168.254.15:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '65105:20' + export: + - address_family: evpn + route_targets: + - '65105:20' + router_id: 192.168.255.15 + redistribute: + connected: + enabled: true + - name: Tenant_B_WAN_Zone + rd: 192.168.254.15:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '65105:21' + export: + - address_family: evpn + route_targets: + - '65105:21' + router_id: 192.168.255.15 + redistribute: + connected: + enabled: true + - name: Tenant_C_WAN_Zone + rd: 192.168.254.15:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '65105:31' + export: + - address_family: evpn + route_targets: + - '65105:31' + router_id: 192.168.255.15 + redistribute: + connected: + enabled: true + - name: TENANT_D_WAN_ZONE + rd: 192.168.254.15:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '65105:42' + export: + - address_family: evpn + route_targets: + - '65105:42' + router_id: 192.168.255.15 +router_ospf: + process_ids: + - id: 14 + vrf: Tenant_A_WAN_Zone + passive_interface_default: true + router_id: 192.168.255.15 + no_passive_interfaces: + - Vlan150 + max_lsa: 15000 + redistribute: + connected: + enabled: true + route_map: RM_TEST + bgp: + enabled: true +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: OOB + destinations: + - destination: 192.168.200.10 + - destination: 10.0.200.90 + source_interface: Management99 +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-BL1B +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.4.0/24 + gateway: 1.2.3.4 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan150 - tenant: Tenant_A - tags: - - wan description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan250 - tenant: Tenant_B + tenant: Tenant_A tags: - wan +- name: Vlan250 description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan350 - tenant: Tenant_C + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B tags: - wan +- name: Vlan350 description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.3.50.1/24 vrf: Tenant_C_WAN_Zone -- name: Vlan453 - tenant: Tenant_D + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C tags: - wan +- name: Vlan453 description: Tenant_D_WAN_Zone_1 shutdown: false + vrf: TENANT_D_WAN_ZONE ipv6_enable: true ipv6_address_virtuals: - 10.0.10.1/24 - vrf: TENANT_D_WAN_ZONE -router_ospf: - process_ids: - - id: 14 - vrf: Tenant_A_WAN_Zone - passive_interface_default: true - router_id: 192.168.255.15 - no_passive_interfaces: - - Vlan150 - max_lsa: 15000 - redistribute: - bgp: - enabled: true - connected: - enabled: true - route_map: RM_TEST + tenant: Tenant_D + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 453 + name: Tenant_D_WAN_Zone_1 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_L3_VRF_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C +- name: TENANT_D_WAN_ZONE + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-BL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -730,12 +739,3 @@ vxlan_interface: vni: 31 - name: TENANT_D_WAN_ZONE vni: 42 -metadata: - platform: 7280R -sflow: - vrfs: - - name: OOB - destinations: - - destination: 192.168.200.10 - - destination: 10.0.200.90 - source_interface: Management99 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2A.yml index 1b8367380bc..2bad37d0c9a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2A.yml @@ -1,8 +1,157 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet24 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.225/31 + peer: DC1-SPINE1 + peer_interface: Ethernet24 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet24 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.227/31 + peer: DC1-SPINE2 + peer_interface: Ethernet24 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet24 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.229/31 + peer: DC1-SPINE3 + peer_interface: Ethernet24 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet24 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.231/31 + peer: DC1-SPINE4 + peer_interface: Ethernet24 + peer_type: spine + switchport: + enabled: false hostname: DC1-BL2A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.16/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.16/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.117/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R2 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65106' router_id: 192.168.255.16 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true bgp_defaults: - distance bgp 20 200 200 bgp: @@ -10,37 +159,28 @@ router_bgp: ipv4_unicast: false bestpath: d_path: true - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: IPVPN-INTERWORKING-PEERS type: mpls + local_as: '65001' update_source: Loopback0 bfd: true password: nWwwZQLPI34O1AhoANg77g== send_community: all maximum_routes: 50000 - local_as: '65001' - name: Tenant_C_BGP_PEER_GROUP remote_as: '666' local_as: '777' @@ -60,24 +200,6 @@ router_bgp: remote_as: '667' description: Tenant C peer group2 update_source: lo0 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: IPVPN-INTERWORKING-PEERS - activate: false - - name: Tenant_C_BGP_PEER_GROUP - activate: true - prefix_list_in: PL_In_Test_1 - prefix_list_out: PL_Out_Test_1 - - name: Tenant_C_BGP_PEER_GROUP2 - activate: true - route_map_in: TEST_IN - route_map_out: TEST_OUT - rcf_in: TEST_RCF_IN() - rcf_out: TEST_RCF_OUT() neighbors: - ip_address: 172.31.254.224 peer_group: UNDERLAY-PEERS @@ -101,68 +223,123 @@ router_bgp: description: DC1-SPINE4_Ethernet24 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4 - remote_as: '65001' - ip_address: 100.70.0.1 peer_group: IPVPN-INTERWORKING-PEERS + remote_as: '64512' peer: rr1 description: rr1 - remote_as: '64512' ebgp_multihop: 15 - ip_address: 100.70.0.2 peer_group: IPVPN-INTERWORKING-PEERS + remote_as: '64512' peer: rr2 description: rr2 - remote_as: '64512' ebgp_multihop: 15 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.16:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.16:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.255.16:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + - name: TENANT_D_WAN_ZONE + rd: 192.168.255.16:42 + route_targets: + both: + - '42:42' + redistribute_routes: + - learned + vlan: '453' address_family_evpn: + domain_identifier: '65000:3' peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 180 threshold: 5 - enabled: true expiry_timeout: 10 - domain_identifier: '65000:3' - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 + address_family_ipv4: peer_groups: - - name: IPVPN-INTERWORKING-PEERS + - name: UNDERLAY-PEERS activate: true - domain_identifier: '65000:4' - address_family_vpn_ipv6: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false - name: IPVPN-INTERWORKING-PEERS - activate: true - domain_identifier: '65000:4' - address_family_ipv6: - peer_groups: - - name: Tenant_C_BGP_PEER_GROUP activate: false - - name: Tenant_C_BGP_PEER_GROUP2 + - name: Tenant_C_BGP_PEER_GROUP activate: true - rcf_in: TEST_RCF_IN() + prefix_list_in: PL_In_Test_1 + prefix_list_out: PL_Out_Test_1 + - name: Tenant_C_BGP_PEER_GROUP2 + activate: true + route_map_in: TEST_IN + route_map_out: TEST_OUT + rcf_in: TEST_RCF_IN() + rcf_out: TEST_RCF_OUT() + address_family_ipv6: + peer_groups: + - name: Tenant_C_BGP_PEER_GROUP + activate: false + - name: Tenant_C_BGP_PEER_GROUP2 + activate: true + rcf_in: TEST_RCF_IN() rcf_out: TEST_RCF_OUT() + address_family_vpn_ipv4: + domain_identifier: '65000:4' + peer_groups: + - name: IPVPN-INTERWORKING-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + address_family_vpn_ipv6: + domain_identifier: '65000:4' + peer_groups: + - name: IPVPN-INTERWORKING-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 vrfs: - name: Tenant_A_WAN_Zone rd: 192.168.255.16:14 @@ -229,6 +406,15 @@ router_bgp: route_targets: - '31:31' router_id: 192.168.255.16 + updates: + wait_install: true + neighbors: + - ip_address: 2.2.2.2 + peer_group: Tenant_C_BGP_PEER_GROUP + description: test_bgp_peer_group_without_nodes + - ip_address: 2.2.2.3 + peer_group: Tenant_C_BGP_PEER_GROUP2 + description: test_bgp_peer_group_without_nodes_2nd_time redistribute: connected: enabled: true @@ -238,15 +424,6 @@ router_bgp: activate: true - ip_address: 2.2.2.3 activate: true - neighbors: - - ip_address: 2.2.2.2 - peer_group: Tenant_C_BGP_PEER_GROUP - description: test_bgp_peer_group_without_nodes - - ip_address: 2.2.2.3 - peer_group: Tenant_C_BGP_PEER_GROUP2 - description: test_bgp_peer_group_without_nodes_2nd_time - updates: - wait_install: true - name: TENANT_D_WAN_ZONE rd: 192.168.255.16:42 route_targets: @@ -259,281 +436,106 @@ router_bgp: route_targets: - '42:42' router_id: 192.168.255.16 - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.16:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.16:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.255.16:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' - - name: TENANT_D_WAN_ZONE - rd: 192.168.255.16:42 - route_targets: - both: - - '42:42' - redistribute_routes: - - learned - vlan: '453' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-BL2A spanning_tree: root_super: true mode: mstp mst_instances: - id: '0' priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -- name: TENANT_D_WAN_ZONE - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.117/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-BL2A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet24 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet24 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.225/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet24 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet24 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.227/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet24 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet24 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.229/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet24 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet24 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.231/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.16/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.16/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 453 - name: Tenant_D_WAN_Zone_1 - tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan150 - tenant: Tenant_A - tags: - - wan description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan250 - tenant: Tenant_B + tenant: Tenant_A tags: - wan +- name: Vlan250 description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan350 - tenant: Tenant_C + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B tags: - wan +- name: Vlan350 description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.3.50.1/24 vrf: Tenant_C_WAN_Zone -- name: Vlan453 - tenant: Tenant_D + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C tags: - wan +- name: Vlan453 description: Tenant_D_WAN_Zone_1 shutdown: false + vrf: TENANT_D_WAN_ZONE ipv6_enable: true ipv6_address_virtuals: - 10.0.10.1/24 - vrf: TENANT_D_WAN_ZONE + tenant: Tenant_D + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 453 + name: Tenant_D_WAN_Zone_1 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C +- name: TENANT_D_WAN_ZONE + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-BL2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -554,5 +556,3 @@ vxlan_interface: vni: 31 - name: TENANT_D_WAN_ZONE vni: 42 -metadata: - platform: 7280R2 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2B.yml index 721c862e107..f0dc338b6dd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-BL2B.yml @@ -1,8 +1,159 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet25 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.1/31 + peer: DC1-SPINE1 + peer_interface: Ethernet25 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet25 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.3/31 + peer: DC1-SPINE2 + peer_interface: Ethernet25 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet25 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.5/31 + peer: DC1-SPINE3 + peer_interface: Ethernet25 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet25 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.7/31 + peer: DC1-SPINE4 + peer_interface: Ethernet25 + peer_type: spine + switchport: + enabled: false hostname: DC1-BL2B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.17/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.17/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.118/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-Tenant_C_WAN_Zone-1.1.1.1-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ip next-hop 1.1.1.1 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65107' router_id: 192.168.255.17 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true bgp_defaults: - distance bgp 20 200 200 bgp: @@ -10,37 +161,28 @@ router_bgp: ipv4_unicast: false bestpath: d_path: true - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: IPVPN-INTERWORKING-PEERS type: mpls + local_as: '65001' update_source: Loopback0 bfd: true password: nWwwZQLPI34O1AhoANg77g== send_community: all maximum_routes: 50000 - local_as: '65001' - name: Tenant_C_WAN_Zone_BGP_PEER_GROUP remote_as: '666' local_as: '777' @@ -56,20 +198,6 @@ router_bgp: maximum_routes: 1000 route_map_in: TEST_IN route_map_out: TEST_OUT - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: IPVPN-INTERWORKING-PEERS - activate: false - - name: Tenant_C_WAN_Zone_BGP_PEER_GROUP - activate: true - route_map_in: TEST_IN - route_map_out: TEST_OUT - rcf_in: TEST_RCF_IN() - rcf_out: TEST_RCF_OUT() neighbors: - ip_address: 172.31.255.0 peer_group: UNDERLAY-PEERS @@ -93,60 +221,97 @@ router_bgp: description: DC1-SPINE4_Ethernet25 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4 - remote_as: '65001' - ip_address: 100.70.0.1 peer_group: IPVPN-INTERWORKING-PEERS + remote_as: '64512' peer: rr1 description: rr1 - remote_as: '64512' ebgp_multihop: 15 - ip_address: 100.70.0.2 peer_group: IPVPN-INTERWORKING-PEERS + remote_as: '64512' peer: rr2 description: rr2 - remote_as: '64512' ebgp_multihop: 15 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.17:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.17:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.255.17:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + - name: TENANT_D_WAN_ZONE + rd: 192.168.255.17:42 + route_targets: + both: + - '42:42' + redistribute_routes: + - learned + vlan: '453' address_family_evpn: + domain_identifier: '65000:3' peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 180 threshold: 5 - enabled: true expiry_timeout: 10 - domain_identifier: '65000:3' - address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 + address_family_ipv4: peer_groups: - - name: IPVPN-INTERWORKING-PEERS + - name: UNDERLAY-PEERS activate: true - domain_identifier: '65000:4' - address_family_vpn_ipv6: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 - peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false - name: IPVPN-INTERWORKING-PEERS + activate: false + - name: Tenant_C_WAN_Zone_BGP_PEER_GROUP activate: true - domain_identifier: '65000:4' + route_map_in: TEST_IN + route_map_out: TEST_OUT + rcf_in: TEST_RCF_IN() + rcf_out: TEST_RCF_OUT() address_family_ipv6: peer_groups: - name: Tenant_C_WAN_Zone_BGP_PEER_GROUP @@ -155,9 +320,23 @@ router_bgp: route_map_out: TEST_OUT rcf_in: TEST_RCF_IN() rcf_out: TEST_RCF_OUT() - vrfs: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.17:14 + address_family_vpn_ipv4: + domain_identifier: '65000:4' + peer_groups: + - name: IPVPN-INTERWORKING-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + address_family_vpn_ipv6: + domain_identifier: '65000:4' + peer_groups: + - name: IPVPN-INTERWORKING-PEERS + activate: true + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 + vrfs: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.17:14 route_targets: import: - address_family: evpn @@ -221,15 +400,8 @@ router_bgp: route_targets: - '31:31' router_id: 192.168.255.17 - redistribute: - connected: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 1.1.1.1 - activate: true - - ip_address: 2.2.2.3 - activate: true + updates: + wait_install: true neighbors: - ip_address: 1.1.1.1 peer_group: Tenant_C_WAN_Zone_BGP_PEER_GROUP @@ -241,12 +413,19 @@ router_bgp: - ip_address: BEBA::C0CA:C07A peer_group: Tenant_C_WAN_Zone_BGP_PEER_GROUP description: test_ipv6 + redistribute: + connected: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 1.1.1.1 + activate: true + - ip_address: 2.2.2.3 + activate: true address_family_ipv6: neighbors: - ip_address: BEBA::C0CA:C07A activate: true - updates: - wait_install: true - name: TENANT_D_WAN_ZONE rd: 192.168.255.17:42 route_targets: @@ -259,283 +438,106 @@ router_bgp: route_targets: - '42:42' router_id: 192.168.255.17 - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.17:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.17:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.255.17:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' - - name: TENANT_D_WAN_ZONE - rd: 192.168.255.17:42 - route_targets: - both: - - '42:42' - redistribute_routes: - - learned - vlan: '453' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-BL2B spanning_tree: root_super: true mode: mstp mst_instances: - id: '0' priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -- name: TENANT_D_WAN_ZONE - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.118/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-BL2B -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet25 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet25 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.1/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet25 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet25 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.3/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet25 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet25 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.5/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet25 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet25 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.7/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.17/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.17/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-Tenant_C_WAN_Zone-1.1.1.1-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ip next-hop 1.1.1.1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 453 - name: Tenant_D_WAN_Zone_1 - tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan150 - tenant: Tenant_A - tags: - - wan description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan250 - tenant: Tenant_B + tenant: Tenant_A tags: - wan +- name: Vlan250 description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan350 - tenant: Tenant_C + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B tags: - wan +- name: Vlan350 description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.3.50.1/24 vrf: Tenant_C_WAN_Zone -- name: Vlan453 - tenant: Tenant_D + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C tags: - wan +- name: Vlan453 description: Tenant_D_WAN_Zone_1 shutdown: false + vrf: TENANT_D_WAN_ZONE ipv6_enable: true ipv6_address_virtuals: - 10.0.10.1/24 - vrf: TENANT_D_WAN_ZONE + tenant: Tenant_D + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 453 + name: Tenant_D_WAN_Zone_1 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C +- name: TENANT_D_WAN_ZONE + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-BL2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -556,5 +558,3 @@ vxlan_interface: vni: 31 - name: TENANT_D_WAN_ZONE vni: 42 -metadata: - platform: 7280R3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml index 829f1603149..9a5372ddb6b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml @@ -1,52 +1,221 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1/15/1 + description: MLAG_PEER_DC1-CL1B_Ethernet1/15/1 + shutdown: false + speed: 100g + channel_group: + id: 1151 + mode: active + peer: DC1-CL1B + peer_interface: Ethernet1/15/1 + peer_type: mlag_peer +- name: Ethernet1/16/1 + description: MLAG_PEER_DC1-CL1B_Ethernet1/16/1 + shutdown: false + speed: 100g + channel_group: + id: 1151 + mode: active + peer: DC1-CL1B + peer_interface: Ethernet1/16/1 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet26 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.33/31 + peer: DC1-SPINE1 + peer_interface: Ethernet26 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet26 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.35/31 + peer: DC1-SPINE2 + peer_interface: Ethernet26 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet26 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.37/31 + peer: DC1-SPINE3 + peer_interface: Ethernet26 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet26 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.39/31 + peer: DC1-SPINE4 + peer_interface: Ethernet26 + peer_type: spine + switchport: + enabled: false hostname: DC1-CL1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.18/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.18/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.119/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7368X4 +mlag_configuration: + domain_id: DC1_CL1 + local_interface: Vlan4092 + peer_address: 10.255.252.19 + peer_link: Port-Channel1151 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel1151 + description: MLAG_PEER_DC1-CL1B_Po1151 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 + groups: + - MLAG + - LEAF_PEER_L3 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65108' router_id: 192.168.255.18 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-PEERS type: ipv4 remote_as: '65108' - next_hop_self: true description: MLAG_PEER_DC1-CL1B + next_hop_self: true password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.19 peer_group: MLAG-PEERS @@ -74,33 +243,28 @@ router_bgp: description: DC1-SPINE4_Ethernet26 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 + redistribute: + connected: enabled: true - expiry_timeout: 10 + route_map: RM-CONN-2-BGP vlan_aware_bundles: - name: Tenant_A_APP_Zone rd: 192.168.255.18:12 @@ -192,42 +356,27 @@ router_bgp: redistribute_routes: - learned vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-CL1A spanning_tree: root_super: true mode: mstp @@ -235,60 +384,39 @@ spanning_tree: - id: '0' priority: 4096 no_spanning_tree_vlan: 4090,4092 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.119/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-CL1A +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4090 + description: MLAG_PEER_L3_PEERING + shutdown: false + ip_address: 10.255.251.18/31 + mtu: 1500 +- name: Vlan4092 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.18/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4090 - tenant: system name: LEAF_PEER_L3 trunk_groups: - LEAF_PEER_L3 -- id: 4092 tenant: system +- id: 4092 name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -343,141 +471,15 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4090 - description: MLAG_PEER_L3_PEERING - shutdown: false - mtu: 1500 - ip_address: 10.255.251.18/31 -- name: Vlan4092 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.18/31 -port_channel_interfaces: -- name: Port-Channel1151 - description: MLAG_PEER_DC1-CL1B_Po1151 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - - LEAF_PEER_L3 - allowed_vlan: 1-4094 - shutdown: false -ethernet_interfaces: -- name: Ethernet1/15/1 - peer: DC1-CL1B - peer_interface: Ethernet1/15/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-CL1B_Ethernet1/15/1 - shutdown: false - channel_group: - id: 1151 - mode: active - speed: 100g -- name: Ethernet1/16/1 - peer: DC1-CL1B - peer_interface: Ethernet1/16/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-CL1B_Ethernet1/16/1 - shutdown: false - channel_group: - id: 1151 - mode: active - speed: 100g -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet26 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet26 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.33/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet26 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet26 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.35/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet26 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet26 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.37/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet26 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet26 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.39/31 -mlag_configuration: - domain_id: DC1_CL1 - local_interface: Vlan4092 - peer_address: 10.255.252.19 - peer_link: Port-Channel1151 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.18/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.18/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-CL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -515,5 +517,3 @@ vxlan_interface: vni: 30311 - id: 350 vni: 30350 -metadata: - platform: 7368X4 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml index d2953141b57..87e62833724 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml @@ -1,53 +1,229 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1/31/1 + description: MLAG_PEER_DC1-CL1A_Ethernet1/31/1 + shutdown: false + speed: 100g + channel_group: + id: 1311 + mode: active + peer: DC1-CL1A + peer_interface: Ethernet1/31/1 + peer_type: mlag_peer +- name: Ethernet1/32/1 + description: MLAG_PEER_DC1-CL1A_Ethernet1/32/1 + shutdown: false + speed: 100g + channel_group: + id: 1311 + mode: active + peer: DC1-CL1A + peer_interface: Ethernet1/32/1 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet27 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.65/31 + peer: DC1-SPINE1 + peer_interface: Ethernet27 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet27 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.67/31 + peer: DC1-SPINE2 + peer_interface: Ethernet27 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet27 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.69/31 + peer: DC1-SPINE3 + peer_interface: Ethernet27 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet27 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.71/31 + peer: DC1-SPINE4 + peer_interface: Ethernet27 + peer_type: spine + switchport: + enabled: false hostname: DC1-CL1B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.19/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.18/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.120/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7300X3 +mlag_configuration: + domain_id: DC1_CL1 + local_interface: Vlan4092 + peer_address: 10.255.252.18 + peer_link: Port-Channel1311 + reload_delay_mlag: '1200' + reload_delay_non_mlag: '1320' +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel1311 + description: MLAG_PEER_DC1-CL1A_Po1311 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 + groups: + - MLAG + - LEAF_PEER_L3 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65109' router_id: 192.168.255.19 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-PEERS type: ipv4 remote_as: '65109' - next_hop_self: true description: MLAG_PEER_DC1-CL1A + next_hop_self: true password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.18 peer_group: MLAG-PEERS @@ -75,33 +251,28 @@ router_bgp: description: DC1-SPINE4_Ethernet27 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 + redistribute: + connected: enabled: true - expiry_timeout: 10 + route_map: RM-CONN-2-BGP vlan_aware_bundles: - name: Tenant_A_APP_Zone rd: 192.168.255.19:12 @@ -193,42 +364,27 @@ router_bgp: redistribute_routes: - learned vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-CL1B spanning_tree: root_super: true mode: mstp @@ -236,60 +392,39 @@ spanning_tree: - id: '0' priority: 4096 no_spanning_tree_vlan: 4090,4092 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.120/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-CL1B +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4090 + description: MLAG_PEER_L3_PEERING + shutdown: false + ip_address: 10.255.251.19/31 + mtu: 1500 +- name: Vlan4092 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.19/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4090 - tenant: system name: LEAF_PEER_L3 trunk_groups: - LEAF_PEER_L3 -- id: 4092 tenant: system +- id: 4092 name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -344,148 +479,15 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4090 - description: MLAG_PEER_L3_PEERING - shutdown: false - mtu: 1500 - ip_address: 10.255.251.19/31 -- name: Vlan4092 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.19/31 -port_channel_interfaces: -- name: Port-Channel1311 - description: MLAG_PEER_DC1-CL1A_Po1311 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - - LEAF_PEER_L3 - allowed_vlan: 1-4094 - shutdown: false -ethernet_interfaces: -- name: Ethernet1/31/1 - peer: DC1-CL1A - peer_interface: Ethernet1/31/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-CL1A_Ethernet1/31/1 - shutdown: false - channel_group: - id: 1311 - mode: active - speed: 100g -- name: Ethernet1/32/1 - peer: DC1-CL1A - peer_interface: Ethernet1/32/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-CL1A_Ethernet1/32/1 - shutdown: false - channel_group: - id: 1311 - mode: active - speed: 100g -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet27 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet27 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.65/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet27 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet27 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.67/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet27 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet27 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.69/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet27 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet27 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.71/31 -mlag_configuration: - domain_id: DC1_CL1 - local_interface: Vlan4092 - peer_address: 10.255.252.18 - peer_link: Port-Channel1311 - reload_delay_mlag: '1200' - reload_delay_non_mlag: '1320' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.19/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.18/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-CL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -523,5 +525,3 @@ vxlan_interface: vni: 30311 - id: 350 vni: 30350 -metadata: - platform: 7300X3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml index 3ebc5d8cbef..a69f4ebf81e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,68 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1-L2LEAF1B_Ethernet3 + shutdown: false + speed: forced 40gfull + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1-L2LEAF1B_Ethernet4 + shutdown: false + speed: forced 40gfull + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet7 + shutdown: false + speed: forced 10000 + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-LEAF2B_Ethernet7 + shutdown: false + speed: forced 10000 + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet5 + description: server03_ESI_L2LEAF_Eth1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: server03_ESI_L2LEAF + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A_B +hostname: DC1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +79,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +94,99 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.112/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF1 + local_interface: Vlan4091 + peer_address: 10.255.252.15 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1-L2LEAF1B_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: DC1_LEAF2_Po7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel5 + description: server03_ESI_L2LEAF_PortChanne1 + shutdown: false + mlag: 5 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,210-211 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF1A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.14/31 + mtu: 1498 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -117,103 +214,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1498 - ip_address: 10.255.252.14/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1-L2LEAF1B_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: DC1_LEAF2_Po7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,160-161 - shutdown: false - mlag: 1 -- name: Port-Channel5 - description: server03_ESI_L2LEAF_PortChanne1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF1B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active - speed: forced 40gfull -- name: Ethernet4 - peer: DC1-L2LEAF1B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF1B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active - speed: forced 40gfull -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet7 - speed: forced 10000 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet7 - speed: forced 10000 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet5 - peer: server03_ESI_L2LEAF - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A_B - description: server03_ESI_L2LEAF_Eth1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF1 - local_interface: Vlan4091 - peer_address: 10.255.252.15 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml index 29074ea3134..63ba21dfd32 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,68 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1-L2LEAF1A_Ethernet3 + shutdown: false + speed: forced 40gfull + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1-L2LEAF1A_Ethernet4 + shutdown: false + speed: forced 40gfull + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet8 + shutdown: false + speed: forced 10000 + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-LEAF2B_Ethernet8 + shutdown: false + speed: forced 10000 + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet5 + description: server03_ESI_L2LEAF_Eth2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: server03_ESI_L2LEAF + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A_B +hostname: DC1-L2LEAF1B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +79,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +94,99 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.115/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF1 + local_interface: Vlan4091 + peer_address: 10.255.252.14 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1-L2LEAF1A_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: DC1_LEAF2_Po7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel5 + description: server03_ESI_L2LEAF_PortChanne1 + shutdown: false + mlag: 5 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,210-211 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF1B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.15/31 + mtu: 1499 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -117,103 +214,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1499 - ip_address: 10.255.252.15/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1-L2LEAF1A_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: DC1_LEAF2_Po7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,160-161 - shutdown: false - mlag: 1 -- name: Port-Channel5 - description: server03_ESI_L2LEAF_PortChanne1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF1A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active - speed: forced 40gfull -- name: Ethernet4 - peer: DC1-L2LEAF1A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF1A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active - speed: forced 40gfull -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet8 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet8 - speed: forced 10000 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet8 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet8 - speed: forced 10000 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet5 - peer: server03_ESI_L2LEAF - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A_B - description: server03_ESI_L2LEAF_Eth2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF1 - local_interface: Vlan4091 - peer_address: 10.255.252.14 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml index aa843f471e2..61d237b82f6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,58 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-SVC3A_Ethernet7 + shutdown: false + speed: forced 100gfull + channel_group: + id: 1001 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-SVC3B_Ethernet7 + shutdown: false + speed: forced 100gfull + channel_group: + id: 1001 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +69,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +84,94 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.113/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4091 + peer_address: 10.255.252.17 + peer_address_heartbeat: + peer_ip: 192.168.200.114 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1-L2LEAF2B_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1001 + description: DC1_SVC3_Po1007 + shutdown: false + mlag: 1001 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-122,130-131,140-141,150,160-161,210-211,250,310-311,350 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF2A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.16/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -147,88 +229,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.16/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1-L2LEAF2B_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1001 - description: DC1_SVC3_Po1007 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-122,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 1001 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet7 - peer_type: l3leaf - description: DC1-SVC3A_Ethernet7 - speed: forced 100gfull - shutdown: false - channel_group: - id: 1001 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet7 - peer_type: l3leaf - description: DC1-SVC3B_Ethernet7 - speed: forced 100gfull - shutdown: false - channel_group: - id: 1001 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4091 - peer_address: 10.255.252.17 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.200.114 - vrf: MGMT - dual_primary_detection_delay: 5 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml index 31390a73f5d..6c80d5c4823 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,58 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-SVC3A_Ethernet8 + shutdown: false + speed: forced 100gfull + channel_group: + id: 1001 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-SVC3B_Ethernet8 + shutdown: false + speed: forced 100gfull + channel_group: + id: 1001 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +69,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +84,94 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4091 + peer_address: 10.255.252.16 + peer_address_heartbeat: + peer_ip: 192.168.200.113 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1-L2LEAF2A_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1001 + description: DC1_SVC3_Po1007 + shutdown: false + mlag: 1001 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-122,130-131,140-141,150,160-161,210-211,250,310-311,350 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF2B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.17/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -147,88 +229,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.17/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1-L2LEAF2A_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1001 - description: DC1_SVC3_Po1007 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-122,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 1001 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet8 - peer_type: l3leaf - description: DC1-SVC3A_Ethernet8 - speed: forced 100gfull - shutdown: false - channel_group: - id: 1001 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet8 - peer_type: l3leaf - description: DC1-SVC3B_Ethernet8 - speed: forced 100gfull - shutdown: false - channel_group: - id: 1001 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4091 - peer_address: 10.255.252.16 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.200.113 - vrf: MGMT - dual_primary_detection_delay: 5 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml index d527b86f8f9..85cede10ffc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF3A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,36 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet9 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet9 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-LEAF2B_Ethernet9 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet9 + peer_type: l3leaf +hostname: DC1-L2LEAF3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,11 +47,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin disabled: true @@ -54,63 +62,59 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.116/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF3A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet9 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet9 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet9 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet9 - shutdown: false - channel_group: - id: 1 - mode: active port_channel_interfaces: - name: Port-Channel1 description: DC1_LEAF2_Po9 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 - shutdown: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF3A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -139,10 +143,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml index 95014ccffc8..a336c06668a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF4A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,36 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet13 + shutdown: false + channel_group: + id: 1001 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet13 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-LEAF2B_Ethernet13 + shutdown: false + channel_group: + id: 1001 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet13 + peer_type: l3leaf +hostname: DC1-L2LEAF4A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,11 +47,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin disabled: true @@ -54,63 +62,59 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.119/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF4A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet13 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet13 - shutdown: false - channel_group: - id: 1001 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet13 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet13 - shutdown: false - channel_group: - id: 1001 - mode: active port_channel_interfaces: - name: Port-Channel1001 description: DC1_LEAF2_Po1013 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 - shutdown: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS rackE DC1-L2LEAF4A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -139,10 +143,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF1A.yml index a323de68be4..e681eda5e61 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF1A.yml @@ -1,375 +1,97 @@ -hostname: DC1-LEAF1A -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.42.42 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: true - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - graceful_restart: - enabled: true - restart_time: 500 - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.0 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet1/1 - - ip_address: 172.31.254.2 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/1/1 - - ip_address: 172.31.254.4 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/1/1 - - ip_address: 172.31.254.6 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet1/1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_A_APP_Zone - rd: 1.1.1.1:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '1234:12' - export: - - address_family: evpn - route_targets: - - '1234:12' - router_id: 192.168.42.42 - redistribute: - connected: - enabled: true - - name: Tenant_A_OP_Zone - rd: 1.1.1.1:9 - route_targets: - import: - - address_family: evpn - route_targets: - - '1234:9' - export: - - address_family: evpn - route_targets: - - '1234:9' - router_id: 192.168.42.42 - redistribute: - connected: - enabled: true - ospf: - enabled: true - - name: Tenant_A_WEB_Zone - rd: 1.1.1.1:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '1234:11' - export: - - address_family: evpn - route_targets: - - '1234:11' - router_id: 192.168.42.42 - redistribute: - connected: - enabled: true - - name: '12345678' - rd: 1.1.1.1:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '1234:41' - export: - - address_family: evpn - route_targets: - - '1234:41' - router_id: 192.168.42.42 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 1.1.1.1:12 - route_targets: - both: - - '1234:12' - redistribute_routes: - - learned - vlan: 130-132 - - name: Tenant_A_OP_Zone - rd: 1.1.1.1:9 - route_targets: - both: - - '1234:9' - redistribute_routes: - - learned - vlan: '113' - - name: Tenant_A_WEB_Zone - rd: 1.1.1.1:11 - route_targets: - both: - - '1234:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: '12345678' - rd: 1.1.1.1:41 - route_targets: - both: - - '1234:41' - redistribute_routes: - - learned - vlan: 450-452 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.2.32.0/24 - vrf: Tenant_A_APP_Zone - name: VARP - interface: Vlan132 -- destination_address_prefix: 10.3.32.0/24 - vrf: Tenant_A_APP_Zone - name: VARP - interface: Vlan132 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: '12345678' - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS rackA DC1-LEAF1A + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true ethernet_interfaces: - name: Ethernet27 - peer: DC1-SPINE1 - peer_interface: Ethernet1/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet1/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.1/31 + peer: DC1-SPINE1 + peer_interface: Ethernet1/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.1/31 - name: Ethernet28 - peer: DC1-SPINE2 - peer_interface: Ethernet1/1/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/1/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.3/31 -- name: Ethernet29 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet1/1/1 peer_type: spine + switchport: + enabled: false +- name: Ethernet29 description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/1/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.5/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/1/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.5/31 - name: Ethernet30 - peer: DC1-SPINE4 - peer_interface: Ethernet1/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE4_Ethernet1/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.7/31 + peer: DC1-SPINE4 + peer_interface: Ethernet1/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.7/31 - name: Ethernet6 - peer: server02_SINGLE_NODE_TRUNK - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY description: server02_SINGLE_NODE_TRUNK_Eth1 shutdown: false l2_mtu: 8000 l2_mru: 9000 + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server02_SINGLE_NODE_TRUNK + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'False' - name: Ethernet7 + description: server02_SINGLE_NODE_Eth1 + shutdown: false peer: server02_SINGLE_NODE peer_interface: Eth1 peer_type: server port_profile: TENANT_A - description: server02_SINGLE_NODE_Eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 110 - name: Ethernet8 + description: PHONE01_untagged_Eth0 + shutdown: false peer: PHONE01_untagged peer_interface: Eth0 peer_type: phone - description: PHONE01_untagged_Eth0 - shutdown: false switchport: enabled: true mode: trunk phone @@ -379,11 +101,11 @@ ethernet_interfaces: vlan: 113 trunk: untagged - name: Ethernet9 + description: PHONE02_tagged_Eth0 + shutdown: false peer: PHONE02_tagged peer_interface: Eth0 peer_type: phone - description: PHONE02_tagged_Eth0 - shutdown: false switchport: enabled: true mode: trunk phone @@ -392,6 +114,38 @@ ethernet_interfaces: phone: vlan: 113 trunk: tagged +hostname: DC1-LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -406,6 +160,31 @@ loopback_interfaces: shutdown: false vrf: Tenant_A_OP_Zone ip_address: 10.255.1.9/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: VEOS +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -425,79 +204,263 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 132 - name: Tenant_A_APP_Zone_3 - tenant: Tenant_A -- id: 113 - name: Tenant_A_OP_Zone_4 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 450 - name: Tenant_D_v6_WAN_Zone_1 - tenant: Tenant_D -- id: 451 - name: Tenant_D_v6_WAN_Zone_2 - tenant: Tenant_D -- id: 452 - name: Tenant_D_v6_WAN_Zone_3 - tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65101' + router_id: 192.168.42.42 + graceful_restart: + enabled: true + restart_time: 500 + maximum_paths: + paths: 4 + ecmp: 4 + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: true + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.0 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet1/1 + - ip_address: 172.31.254.2 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/1/1 + - ip_address: 172.31.254.4 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/1/1 + - ip_address: 172.31.254.6 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet1/1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 1.1.1.1:12 + route_targets: + both: + - '1234:12' + redistribute_routes: + - learned + vlan: 130-132 + - name: Tenant_A_OP_Zone + rd: 1.1.1.1:9 + route_targets: + both: + - '1234:9' + redistribute_routes: + - learned + vlan: '113' + - name: Tenant_A_WEB_Zone + rd: 1.1.1.1:11 + route_targets: + both: + - '1234:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: '12345678' + rd: 1.1.1.1:41 + route_targets: + both: + - '1234:41' + redistribute_routes: + - learned + vlan: 450-452 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 1.1.1.1:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '1234:12' + export: + - address_family: evpn + route_targets: + - '1234:12' + router_id: 192.168.42.42 + redistribute: + connected: + enabled: true + - name: Tenant_A_OP_Zone + rd: 1.1.1.1:9 + route_targets: + import: + - address_family: evpn + route_targets: + - '1234:9' + export: + - address_family: evpn + route_targets: + - '1234:9' + router_id: 192.168.42.42 + redistribute: + connected: + enabled: true + ospf: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 1.1.1.1:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '1234:11' + export: + - address_family: evpn + route_targets: + - '1234:11' + router_id: 192.168.42.42 + redistribute: + connected: + enabled: true + - name: '12345678' + rd: 1.1.1.1:41 + route_targets: + import: + - address_family: evpn + route_targets: + - '1234:41' + export: + - address_family: evpn + route_targets: + - '1234:41' + router_id: 192.168.42.42 + redistribute: + connected: + enabled: true +router_ospf: + process_ids: + - id: 9 + vrf: Tenant_A_OP_Zone + passive_interface_default: true + router_id: 192.168.42.42 + no_passive_interfaces: + - Vlan113 + redistribute: + bgp: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS rackA DC1-LEAF1A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_A_APP_Zone + destination_address_prefix: 10.2.32.0/24 + interface: Vlan132 + name: VARP +- vrf: Tenant_A_APP_Zone + destination_address_prefix: 10.3.32.0/24 + interface: Vlan132 + name: VARP +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.9 vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan132 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - erp2 + - app +- name: Vlan132 description: Tenant_A_APP_Zone_3 shutdown: false + vrf: Tenant_A_APP_Zone ip_address: 10.1.32.1/24 ip_virtual_router_addresses: - 10.1.32.254 - 10.2.32.254/24 - 10.3.32.254/24 - vrf: Tenant_A_APP_Zone -- name: Vlan113 tenant: Tenant_A tags: - - DC1_LEAF1 + - erp2 +- name: Vlan113 description: Tenant_A_OP_Zone_4 shutdown: false vrf: Tenant_A_OP_Zone - ospf_area: '0' ospf_network_point_to_point: true + ospf_area: '0' ospf_authentication: message-digest ospf_message_digest_keys: - id: 1 @@ -506,81 +469,123 @@ vlan_interfaces: - id: 2 hash_algorithm: sha512 key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan120 tenant: Tenant_A tags: - - web - - erp1 + - DC1_LEAF1 +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false + vrf: Tenant_A_WEB_Zone ip_address_virtual: 10.1.20.1/24 ip_address_virtual_secondaries: - 10.2.20.1/24 - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan450 - tenant: Tenant_D + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A tags: - - v6wan + - web +- name: Vlan450 description: Tenant_D_v6_WAN_Zone_1 shutdown: false + vrf: '12345678' ipv6_enable: true ipv6_address_virtuals: - 2001:db8:355::1/64 - vrf: '12345678' -- name: Vlan451 tenant: Tenant_D tags: - v6wan +- name: Vlan451 description: Tenant_D_v6_WAN_Zone_2 shutdown: false + vrf: '12345678' ipv6_enable: true - mtu: 1560 ipv6_address_virtuals: - 2001:db8:451::1/64 - vrf: '12345678' -- name: Vlan452 + mtu: 1560 tenant: Tenant_D tags: - v6wan +- name: Vlan452 description: Tenant_D_v6_WAN_Zone_3 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: '12345678' ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: '12345678' -router_ospf: - process_ids: - - id: 9 - vrf: Tenant_A_OP_Zone - passive_interface_default: true - router_id: 192.168.42.42 - no_passive_interfaces: - - Vlan113 - redistribute: - bgp: - enabled: true + mtu: 1560 + tenant: Tenant_D + tags: + - v6wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 132 + name: Tenant_A_APP_Zone_3 + tenant: Tenant_A +- id: 113 + name: Tenant_A_OP_Zone_4 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 450 + name: Tenant_D_v6_WAN_Zone_1 + tenant: Tenant_D +- id: 451 + name: Tenant_D_v6_WAN_Zone_2 + tenant: Tenant_D +- id: 452 + name: Tenant_D_v6_WAN_Zone_3 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: '12345678' + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -609,8 +614,3 @@ vxlan_interface: vni: 11 - name: '12345678' vni: 41 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.9 -metadata: - platform: VEOS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2A.yml index 6b54862f8e6..181b81008b0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2A.yml @@ -1,366 +1,6 @@ -hostname: DC1-LEAF2A -is_deployed: true -router_bgp: - as: '65102' - router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_for_convergence: true - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.32 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet3/1 - - ip_address: 172.31.254.34 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/3/1 - - ip_address: 172.31.254.36 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/4/1 - - ip_address: 172.31.254.38 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet4/1 - - ip_address: 172.31.254.40 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/3/1 - - ip_address: 172.31.254.42 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet3/1 - - ip_address: 172.31.254.44 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet4/1 - - ip_address: 172.31.254.46 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/4/1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_A_APP_Zone - rd: '65001:12' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:12' - export: - - address_family: evpn - route_targets: - - '100000:12' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_A_DB_Zone - rd: '65001:13' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:13' - export: - - address_family: evpn - route_targets: - - '100000:13' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_A_OP_Zone - rd: '65001:9' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:9' - export: - - address_family: evpn - route_targets: - - '100000:9' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_A_OSPF - rd: '65001:16' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:16' - export: - - address_family: evpn - route_targets: - - '100000:16' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - ospf: - enabled: true - - name: Tenant_A_WEB_Zone - rd: '65001:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:11' - export: - - address_family: evpn - route_targets: - - '100000:11' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_B_OP_Zone - rd: '65001:20' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:20' - export: - - address_family: evpn - route_targets: - - '100000:20' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_C_OP_Zone - rd: '65001:30' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:30' - export: - - address_family: evpn - route_targets: - - '100000:30' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: '12345678' - rd: '65001:41' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:41' - export: - - address_family: evpn - route_targets: - - '100000:41' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_D_OP_Zone - rd: '65001:40' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:40' - export: - - address_family: evpn - route_targets: - - '100000:40' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - static: - enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: '65001:12' - route_targets: - both: - - '100000:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: '65001:13' - route_targets: - both: - - '100000:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: '65001:9' - route_targets: - both: - - '100000:9' - redistribute_routes: - - learned - vlan: 110-112 - - name: Tenant_A_WEB_Zone - rd: '65001:11' - route_targets: - both: - - '100000:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 65001:20161 - route_targets: - both: - - 100000:20161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 65001:20160 - route_targets: - both: - - 100000:20160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: '65001:20' - route_targets: - both: - - '100000:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: '65001:30' - route_targets: - both: - - '100000:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: '12345678' - rd: '65001:41' - route_targets: - both: - - '100000:41' - redistribute_routes: - - learned - vlan: 450-452 - - name: Tenant_D_OP_Zone - rd: '65001:40' - route_targets: - both: - - '100000:40' - redistribute_routes: - - learned - vlan: 410-413 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.3.11.4 - vrf: Tenant_D_OP_Zone -- destination_address_prefix: 1.1.1.0/24 - gateway: 10.3.11.4 - track_bfd: true - name: Track-bfd-network-services - vrf: Tenant_D_OP_Zone -- destination_address_prefix: 10.3.11.0/24 - vrf: Tenant_D_OP_Zone - name: VARP - interface: Vlan411 -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G - - speed_group: 5/1 - serdes: 25G +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -368,289 +8,184 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_OSPF - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: '12345678' - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -- name: Tenant_D_OP_Zone - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management99 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management99 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS rackC DC1-LEAF2A ethernet_interfaces: - name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf description: DC1-L2LEAF1A_Ethernet1 - speed: forced 10000 shutdown: false + speed: forced 10000 channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF1B + peer: DC1-L2LEAF1A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet8 description: DC1-L2LEAF1B_Ethernet1 - speed: forced 10000 shutdown: false + speed: forced 10000 channel_group: id: 7 mode: active -- name: Ethernet9 - peer: DC1-L2LEAF3A + peer: DC1-L2LEAF1B peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet9 description: DC1-L2LEAF3A_Ethernet1 shutdown: false channel_group: id: 9 mode: active -- name: Ethernet13 - peer: DC1-L2LEAF4A + peer: DC1-L2LEAF3A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet13 description: DC1-L2LEAF4A_Ethernet1 shutdown: false channel_group: id: 1013 mode: active -- name: Ethernet14/1 - peer: DC1.L2LEAF5A + peer: DC1-L2LEAF4A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet14/1 description: DC1.L2LEAF5A_Ethernet1 shutdown: false channel_group: id: 141 mode: active -- name: Ethernet15/1 - peer: DC1.L2LEAF5B + peer: DC1.L2LEAF5A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet15/1 description: DC1.L2LEAF5B_Ethernet1 shutdown: false channel_group: id: 141 mode: active -- name: Ethernet30 - peer: DC1.L2LEAF6A + peer: DC1.L2LEAF5B peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet30 description: DC1.L2LEAF6A_Ethernet1 shutdown: false channel_group: id: 30 mode: active + peer: DC1.L2LEAF6A + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet49/1 - peer: DC1-SPINE1 - peer_interface: Ethernet3/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet3/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.33/31 + peer: DC1-SPINE1 + peer_interface: Ethernet3/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.33/31 - name: Ethernet50/1 - peer: DC1-SPINE2 - peer_interface: Ethernet1/3/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/3/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.35/31 -- name: Ethernet51/1 peer: DC1-SPINE2 - peer_interface: Ethernet1/4/1 + peer_interface: Ethernet1/3/1 peer_type: spine + switchport: + enabled: false +- name: Ethernet51/1 description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/4/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.37/31 + peer: DC1-SPINE2 + peer_interface: Ethernet1/4/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.37/31 - name: Ethernet52/1 - peer: DC1-SPINE1 - peer_interface: Ethernet4/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet4/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.39/31 + peer: DC1-SPINE1 + peer_interface: Ethernet4/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.39/31 - name: Ethernet53/1 - peer: DC1-SPINE3 - peer_interface: Ethernet1/3/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/3/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.41/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/3/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.41/31 - name: Ethernet54/1 - peer: DC1-SPINE4 - peer_interface: Ethernet3/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE4_Ethernet3/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.43/31 -- name: Ethernet55/1 peer: DC1-SPINE4 - peer_interface: Ethernet4/1 + peer_interface: Ethernet3/1 peer_type: spine + switchport: + enabled: false +- name: Ethernet55/1 description: P2P_LINK_TO_DC1-SPINE4_Ethernet4/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.45/31 + peer: DC1-SPINE4 + peer_interface: Ethernet4/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.45/31 - name: Ethernet56/1 - peer: DC1-SPINE3 - peer_interface: Ethernet1/4/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/4/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.47/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/4/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.47/31 - name: Ethernet22 - peer_type: l3_interface - ip_address: 10.0.0.1/30 shutdown: false - switchport: - enabled: false vrf: Tenant_A_OSPF - ospf_area: 0.0.0.0 + ip_address: 10.0.0.1/30 ospf_network_point_to_point: true -- name: Ethernet23 + ospf_area: 0.0.0.0 peer_type: l3_interface - ip_address: 10.0.0.13/30 - shutdown: false switchport: enabled: false +- name: Ethernet23 + shutdown: false vrf: Tenant_A_OSPF - ospf_area: 0.0.0.0 + ip_address: 10.0.0.13/30 ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + peer_type: l3_interface + switchport: + enabled: false - name: Ethernet24 - peer_type: network_port - port_profile: DOT1X_PORT_PROFILE description: PC shutdown: false dot1x: @@ -670,11 +205,11 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + peer_type: network_port + port_profile: DOT1X_PORT_PROFILE switchport: enabled: true - name: Ethernet25 - peer_type: network_port - port_profile: DOT1X_PORT_PROFILE description: PC shutdown: false dot1x: @@ -694,157 +229,282 @@ ethernet_interfaces: reauth_period: server tx_period: 3 reauthorization_request_limit: 3 + peer_type: network_port + port_profile: DOT1X_PORT_PROFILE switchport: enabled: true - name: Ethernet10 + description: server01_MLAG_Eth2 + shutdown: false + channel_group: + id: 10 + mode: active peer: server01_MLAG peer_interface: Eth2 peer_type: server port_profile: TENANT_B - description: server01_MLAG_Eth2 +- name: Ethernet11 + description: server01_MTU_PROFILE_MLAG_Eth4 shutdown: false channel_group: - id: 10 + id: 11 mode: active -- name: Ethernet11 peer: server01_MTU_PROFILE_MLAG peer_interface: Eth4 peer_type: server port_profile: TENANT_A_MTU - description: server01_MTU_PROFILE_MLAG_Eth4 +- name: Ethernet12 + description: server01_MTU_ADAPTOR_MLAG_Eth6 shutdown: false channel_group: - id: 11 + id: 12 mode: active -- name: Ethernet12 peer: server01_MTU_ADAPTOR_MLAG peer_interface: Eth6 peer_type: server - description: server01_MTU_ADAPTOR_MLAG_Eth6 +- name: Ethernet20 + description: FIREWALL01_E0 shutdown: false channel_group: - id: 12 + id: 20 mode: active -- name: Ethernet20 peer: FIREWALL01 peer_interface: E0 peer_type: firewall port_profile: TENANT_A_B - description: FIREWALL01_E0 - shutdown: false - channel_group: - id: 20 - mode: active - name: Ethernet21 + description: ROUTER01_Eth0 + shutdown: false peer: ROUTER01 peer_interface: Eth0 peer_type: router port_profile: TENANT_A - description: ROUTER01_Eth0 - shutdown: false switchport: enabled: true mode: access access_vlan: 110 - name: Ethernet26 - peer: PHONE03_port_channel - peer_interface: Eth0 - peer_type: phone - port_profile: PHONE_WITH_PC description: PHONE03_port_channel_Eth0 shutdown: false channel_group: id: 26 mode: active + peer: PHONE03_port_channel + peer_interface: Eth0 + peer_type: phone + port_profile: PHONE_WITH_PC +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G + - speed_group: 5/1 + serdes: 25G +hostname: DC1-LEAF2A +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_static_routes: +- vrf: Tenant_D_OP_Zone + destination_address_prefix: ::/0 + gateway: 2001:db8:311::4 + name: IPv6-test-2 +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 2001:dba::/32 + gateway: 2001:db8:310::1 + track_bfd: true + name: Track-bfd-network-services +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.10/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.10/32 +- name: Loopback101 + description: Tenant_A_OSPF_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OSPF + ip_address: 10.255.11.10/32 +- name: Loopback123 + description: Test-Loopback + shutdown: false + vrf: Tenant_A_OSPF + ip_address: 10.1.53.0/32 + ospf_area: '1' +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management99 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management99 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +platform: + sand: + lag: + hardware_only: true port_channel_interfaces: - name: Port-Channel7 description: DC1_L2LEAF1_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,160-161 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:0808:0707:0606 route_target: 08:08:07:07:06:06 lacp_id: 0808.0707.0606 -- name: Port-Channel9 - description: DC1-L2LEAF3A_Po1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel9 + description: DC1-L2LEAF3A_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:0606:0707:0808 route_target: 06:06:07:07:08:08 lacp_id: 0606.0707.0808 -- name: Port-Channel1013 - description: DC1-L2LEAF4A_Po1001 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel1013 + description: DC1-L2LEAF4A_Po1001 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:a36b:7013:457b route_target: a3:6b:70:13:45:7b lacp_id: a36b.7013.457b -- name: Port-Channel141 - description: DC1_L2LEAF5_Po1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel141 + description: DC1_L2LEAF5_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:fa91:ce62:ce95 route_target: fa:91:ce:62:ce:95 lacp_id: fa91.ce62.ce95 -- name: Port-Channel30 - description: DC1_L2LEAF6_Po1 switchport: enabled: true mode: trunk trunk: - allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 + allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel30 + description: DC1_L2LEAF6_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:a8be:743c:0a1a route_target: a8:be:74:3c:0a:1a lacp_id: a8be.743c.0a1a + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 - name: Port-Channel10 description: server01_MLAG_PortChanne1 shutdown: false + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: disabled switchport: enabled: true mode: trunk trunk: allowed_vlan: 210-211 - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: disabled - name: Port-Channel11 description: server01_MTU_PROFILE_MLAG_PortChanne1 shutdown: false mtu: 1600 + spanning_tree_bpdufilter: enabled + spanning_tree_bpduguard: enabled switchport: enabled: true mode: access access_vlan: 110 - spanning_tree_bpdufilter: enabled - spanning_tree_bpduguard: enabled - name: Port-Channel12 description: server01_MTU_ADAPTOR_MLAG_PortChanne1 shutdown: false mtu: 1601 - switchport: - enabled: true spanning_tree_bpdufilter: 'True' spanning_tree_bpduguard: 'True' + switchport: + enabled: true - name: Port-Channel20 description: FIREWALL01_PortChanne1 shutdown: false @@ -864,31 +524,6 @@ port_channel_interfaces: phone: vlan: 211 trunk: untagged -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.10/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.10/32 -- name: Loopback101 - description: Tenant_A_OSPF_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OSPF - ip_address: 10.255.11.10/32 -- name: Loopback123 - ip_address: 10.1.53.0/32 - shutdown: false - description: Test-Loopback - vrf: Tenant_A_OSPF - ospf_area: '1' prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -908,337 +543,709 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 450 - name: Tenant_D_v6_WAN_Zone_1 - tenant: Tenant_D -- id: 451 - name: Tenant_D_v6_WAN_Zone_2 - tenant: Tenant_D -- id: 452 - name: Tenant_D_v6_WAN_Zone_3 - tenant: Tenant_D -- id: 410 - name: Tenant_D_v6_OP_Zone_1 - tenant: Tenant_D -- id: 411 - name: Tenant_D_v6_OP_Zone_2 - tenant: Tenant_D -- id: 412 - name: Tenant_D_v6_OP_Zone_1 - tenant: Tenant_D -- id: 413 - name: Tenant_D_v6_OP_Zone_3 - tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65102' + router_id: 192.168.255.10 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_for_convergence: true + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.32 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet3/1 + - ip_address: 172.31.254.34 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/3/1 + - ip_address: 172.31.254.36 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/4/1 + - ip_address: 172.31.254.38 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet4/1 + - ip_address: 172.31.254.40 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/3/1 + - ip_address: 172.31.254.42 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet3/1 + - ip_address: 172.31.254.44 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet4/1 + - ip_address: 172.31.254.46 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/4/1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: '65001:12' + route_targets: + both: + - '100000:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: '65001:13' + route_targets: + both: + - '100000:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: '65001:9' + route_targets: + both: + - '100000:9' + redistribute_routes: + - learned + vlan: 110-112 + - name: Tenant_A_WEB_Zone + rd: '65001:11' + route_targets: + both: + - '100000:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 65001:20161 + route_targets: + both: + - 100000:20161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 65001:20160 + route_targets: + both: + - 100000:20160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: '65001:20' + route_targets: + both: + - '100000:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: '65001:30' + route_targets: + both: + - '100000:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: '12345678' + rd: '65001:41' + route_targets: + both: + - '100000:41' + redistribute_routes: + - learned + vlan: 450-452 + - name: Tenant_D_OP_Zone + rd: '65001:40' + route_targets: + both: + - '100000:40' + redistribute_routes: + - learned + vlan: 410-413 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: '65001:12' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:12' + export: + - address_family: evpn + route_targets: + - '100000:12' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: '65001:13' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:13' + export: + - address_family: evpn + route_targets: + - '100000:13' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_A_OP_Zone + rd: '65001:9' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:9' + export: + - address_family: evpn + route_targets: + - '100000:9' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_A_OSPF + rd: '65001:16' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:16' + export: + - address_family: evpn + route_targets: + - '100000:16' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + ospf: + enabled: true + - name: Tenant_A_WEB_Zone + rd: '65001:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:11' + export: + - address_family: evpn + route_targets: + - '100000:11' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: '65001:20' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:20' + export: + - address_family: evpn + route_targets: + - '100000:20' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_C_OP_Zone + rd: '65001:30' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:30' + export: + - address_family: evpn + route_targets: + - '100000:30' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: '12345678' + rd: '65001:41' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:41' + export: + - address_family: evpn + route_targets: + - '100000:41' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_D_OP_Zone + rd: '65001:40' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:40' + export: + - address_family: evpn + route_targets: + - '100000:40' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + static: + enabled: true +router_ospf: + process_ids: + - id: 16 + vrf: Tenant_A_OSPF + passive_interface_default: true + router_id: 192.168.255.10 + no_passive_interfaces: + - Ethernet22 + - Ethernet23 + redistribute: + bgp: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS rackC DC1-LEAF2A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 0.0.0.0/0 + gateway: 10.3.11.4 +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 1.1.1.0/24 + gateway: 10.3.11.4 + track_bfd: true + name: Track-bfd-network-services +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 10.3.11.0/24 + interface: Vlan411 + name: VARP +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.10 +- name: Tenant_A_OSPF + ip_address: 10.255.11.10 vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan140 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - db - - erp1 + - app +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan110 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A tags: - - opzone + - db +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan112 tenant: Tenant_A tags: - opzone +- name: Vlan112 description: Tenant_A_OP_Zone_3 shutdown: false - mtu: 1560 vrf: Tenant_A_OP_Zone ip_helpers: - ip_helper: 2.2.2.2 source_interface: lo101 vrf: MGMT -- name: Vlan120 + mtu: 1560 tenant: Tenant_A tags: - - web - - erp1 + - opzone +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false + vrf: Tenant_A_WEB_Zone ip_address_virtual: 10.1.20.1/24 ip_address_virtual_secondaries: - 10.2.20.1/24 - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan210 - tenant: Tenant_B + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A tags: - - opzone + - web +- name: Vlan210 description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan310 - tenant: Tenant_C + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B tags: - opzone +- name: Vlan310 description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan450 - tenant: Tenant_D + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C tags: - - v6wan + - opzone +- name: Vlan450 description: Tenant_D_v6_WAN_Zone_1 shutdown: false + vrf: '12345678' ipv6_enable: true ipv6_address_virtuals: - 2001:db8:355::1/64 - vrf: '12345678' -- name: Vlan451 tenant: Tenant_D tags: - v6wan +- name: Vlan451 description: Tenant_D_v6_WAN_Zone_2 shutdown: false + vrf: '12345678' ipv6_enable: true - mtu: 1560 ipv6_address_virtuals: - 2001:db8:451::1/64 - vrf: '12345678' -- name: Vlan452 + mtu: 1560 tenant: Tenant_D tags: - v6wan +- name: Vlan452 description: Tenant_D_v6_WAN_Zone_3 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: '12345678' ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: '12345678' -- name: Vlan410 + mtu: 1560 tenant: Tenant_D tags: - - v6opzone + - v6wan +- name: Vlan410 description: Tenant_D_v6_OP_Zone_1 shutdown: false - ipv6_enable: true + vrf: Tenant_D_OP_Zone ip_address_virtual: 10.3.10.1/24 + ipv6_enable: true ipv6_address_virtuals: - 2001:db8:310::1/64 - 2001:db8:311::1/64 - 2001:db8:312::1/64 - vrf: Tenant_D_OP_Zone -- name: Vlan411 tenant: Tenant_D tags: - v6opzone +- name: Vlan411 description: Tenant_D_v6_OP_Zone_2 shutdown: false + vrf: Tenant_D_OP_Zone ip_address: 10.3.11.2/24 - ipv6_address: 2001:db8:311::2/64 ip_virtual_router_addresses: - 10.3.11.1/24 + ipv6_address: 2001:db8:311::2/64 ipv6_virtual_router_addresses: - 2001:db8:311::1 - vrf: Tenant_D_OP_Zone -- name: Vlan412 tenant: Tenant_D tags: - v6opzone +- name: Vlan412 description: Tenant_D_v6_OP_Zone_1 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: Tenant_D_OP_Zone ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: Tenant_D_OP_Zone -- name: Vlan413 + mtu: 1560 tenant: Tenant_D tags: - v6opzone +- name: Vlan413 description: Tenant_D_v6_OP_Zone_3 shutdown: false + vrf: Tenant_D_OP_Zone ip_address: 11.4.13.2/24 - ipv6_address: 2001:db9:413::2/64 - mtu: 1560 ip_virtual_router_addresses: - 11.4.13.1 - ipv6_virtual_router_addresses: - - 2001:db9:413::1 - vrf: Tenant_D_OP_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo101 vrf: TEST -ipv6_static_routes: -- destination_address_prefix: ::/0 - gateway: 2001:db8:311::4 - name: IPv6-test-2 - vrf: Tenant_D_OP_Zone -- destination_address_prefix: 2001:dba::/32 - gateway: 2001:db8:310::1 - track_bfd: true - name: Track-bfd-network-services - vrf: Tenant_D_OP_Zone -router_ospf: - process_ids: - - id: 16 - vrf: Tenant_A_OSPF - passive_interface_default: true - router_id: 192.168.255.10 - no_passive_interfaces: - - Ethernet22 - - Ethernet23 - redistribute: - bgp: - enabled: true + ipv6_address: 2001:db9:413::2/64 + ipv6_virtual_router_addresses: + - 2001:db9:413::1 + mtu: 1560 + tenant: Tenant_D + tags: + - v6opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 450 + name: Tenant_D_v6_WAN_Zone_1 + tenant: Tenant_D +- id: 451 + name: Tenant_D_v6_WAN_Zone_2 + tenant: Tenant_D +- id: 452 + name: Tenant_D_v6_WAN_Zone_3 + tenant: Tenant_D +- id: 410 + name: Tenant_D_v6_OP_Zone_1 + tenant: Tenant_D +- id: 411 + name: Tenant_D_v6_OP_Zone_2 + tenant: Tenant_D +- id: 412 + name: Tenant_D_v6_OP_Zone_1 + tenant: Tenant_D +- id: 413 + name: Tenant_D_v6_OP_Zone_3 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OSPF + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: '12345678' + ip_routing: true + ipv6_routing: true + tenant: Tenant_D +- name: Tenant_D_OP_Zone + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -1303,10 +1310,3 @@ vxlan_interface: vni: 41 - name: Tenant_D_OP_Zone vni: 40 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.10 -- name: Tenant_A_OSPF - ip_address: 10.255.11.10 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2B.yml index 535f579737d..a83d40e38e3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-LEAF2B.yml @@ -1,366 +1,6 @@ -hostname: DC1-LEAF2B -is_deployed: true -router_bgp: - as: '65102' - router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_for_convergence: true - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.64 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet5/1 - - ip_address: 172.31.254.66 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/5/1 - - ip_address: 172.31.254.68 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/6/1 - - ip_address: 172.31.254.70 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet6/1 - - ip_address: 172.31.254.72 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/5/1 - - ip_address: 172.31.254.74 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet5/1 - - ip_address: 172.31.254.76 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet6/1 - - ip_address: 172.31.254.78 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/6/1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_A_APP_Zone - rd: '65001:12' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:12' - export: - - address_family: evpn - route_targets: - - '100000:12' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_A_DB_Zone - rd: '65001:13' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:13' - export: - - address_family: evpn - route_targets: - - '100000:13' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_A_OP_Zone - rd: '65001:9' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:9' - export: - - address_family: evpn - route_targets: - - '100000:9' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_A_OSPF - rd: '65001:16' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:16' - export: - - address_family: evpn - route_targets: - - '100000:16' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - ospf: - enabled: true - - name: Tenant_A_WEB_Zone - rd: '65001:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:11' - export: - - address_family: evpn - route_targets: - - '100000:11' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_B_OP_Zone - rd: '65001:20' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:20' - export: - - address_family: evpn - route_targets: - - '100000:20' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_C_OP_Zone - rd: '65001:30' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:30' - export: - - address_family: evpn - route_targets: - - '100000:30' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: '12345678' - rd: '65001:41' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:41' - export: - - address_family: evpn - route_targets: - - '100000:41' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_D_OP_Zone - rd: '65001:40' - route_targets: - import: - - address_family: evpn - route_targets: - - '100000:40' - export: - - address_family: evpn - route_targets: - - '100000:40' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - static: - enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: '65001:12' - route_targets: - both: - - '100000:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: '65001:13' - route_targets: - both: - - '100000:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: '65001:9' - route_targets: - both: - - '100000:9' - redistribute_routes: - - learned - vlan: 110-112 - - name: Tenant_A_WEB_Zone - rd: '65001:11' - route_targets: - both: - - '100000:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 65001:20161 - route_targets: - both: - - 100000:20161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 65001:20160 - route_targets: - both: - - 100000:20160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: '65001:20' - route_targets: - both: - - '100000:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: '65001:30' - route_targets: - both: - - '100000:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: '12345678' - rd: '65001:41' - route_targets: - both: - - '100000:41' - redistribute_routes: - - learned - vlan: 450-452 - - name: Tenant_D_OP_Zone - rd: '65001:40' - route_targets: - both: - - '100000:40' - redistribute_routes: - - learned - vlan: 410-413 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.3.11.4 - vrf: Tenant_D_OP_Zone -- destination_address_prefix: 1.1.1.0/24 - gateway: 10.3.11.4 - track_bfd: true - name: Track-bfd-network-services - vrf: Tenant_D_OP_Zone -- destination_address_prefix: 10.3.11.0/24 - vrf: Tenant_D_OP_Zone - name: VARP - interface: Vlan411 -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G - - speed_group: 5/1 - serdes: 25G +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -368,426 +8,443 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_OSPF - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: '12345678' - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -- name: Tenant_D_OP_Zone - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management99 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management99 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS rackD DC1-LEAF2B ethernet_interfaces: - name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf description: DC1-L2LEAF1A_Ethernet2 - speed: forced 10000 shutdown: false + speed: forced 10000 channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF1B + peer: DC1-L2LEAF1A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet8 description: DC1-L2LEAF1B_Ethernet2 - speed: forced 10000 shutdown: false + speed: forced 10000 channel_group: id: 7 mode: active -- name: Ethernet9 - peer: DC1-L2LEAF3A + peer: DC1-L2LEAF1B peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet9 description: DC1-L2LEAF3A_Ethernet2 shutdown: false channel_group: id: 9 mode: active -- name: Ethernet13 - peer: DC1-L2LEAF4A + peer: DC1-L2LEAF3A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet13 description: DC1-L2LEAF4A_Ethernet2 shutdown: false channel_group: id: 1013 mode: active -- name: Ethernet14/1 - peer: DC1.L2LEAF5A + peer: DC1-L2LEAF4A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet14/1 description: DC1.L2LEAF5A_Ethernet2 shutdown: false channel_group: id: 141 mode: active -- name: Ethernet15/1 - peer: DC1.L2LEAF5B + peer: DC1.L2LEAF5A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet15/1 description: DC1.L2LEAF5B_Ethernet2 shutdown: false channel_group: id: 141 mode: active -- name: Ethernet31 - peer: DC1.L2LEAF6B - peer_interface: Ethernet1 + peer: DC1.L2LEAF5B + peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet31 description: DC1.L2LEAF6B_Ethernet1 shutdown: false channel_group: id: 30 mode: active + peer: DC1.L2LEAF6B + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet49/1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet5/1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.65/31 peer: DC1-SPINE1 peer_interface: Ethernet5/1 peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet5/1 - speed: forced 100gfull - shutdown: false - mtu: 1500 switchport: enabled: false - ip_address: 172.31.254.65/31 - name: Ethernet50/1 - peer: DC1-SPINE2 - peer_interface: Ethernet1/5/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/5/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.67/31 -- name: Ethernet51/1 peer: DC1-SPINE2 - peer_interface: Ethernet1/6/1 + peer_interface: Ethernet1/5/1 peer_type: spine + switchport: + enabled: false +- name: Ethernet51/1 description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/6/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.69/31 + peer: DC1-SPINE2 + peer_interface: Ethernet1/6/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.69/31 - name: Ethernet52/1 - peer: DC1-SPINE1 - peer_interface: Ethernet6/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet6/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.71/31 + peer: DC1-SPINE1 + peer_interface: Ethernet6/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.71/31 - name: Ethernet53/1 - peer: DC1-SPINE3 - peer_interface: Ethernet1/5/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/5/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.73/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/5/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.73/31 - name: Ethernet54/1 - peer: DC1-SPINE4 - peer_interface: Ethernet5/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE4_Ethernet5/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.75/31 -- name: Ethernet55/1 peer: DC1-SPINE4 - peer_interface: Ethernet6/1 + peer_interface: Ethernet5/1 peer_type: spine + switchport: + enabled: false +- name: Ethernet55/1 description: P2P_LINK_TO_DC1-SPINE4_Ethernet6/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.77/31 + peer: DC1-SPINE4 + peer_interface: Ethernet6/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.77/31 - name: Ethernet56/1 - peer: DC1-SPINE3 - peer_interface: Ethernet1/6/1 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/6/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.79/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/6/1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.254.79/31 - name: Ethernet24 - peer_type: l3_interface - ip_address: 10.0.0.5/30 shutdown: false - switchport: - enabled: false vrf: Tenant_A_OSPF - ospf_area: 0.0.0.0 + ip_address: 10.0.0.5/30 ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + peer_type: l3_interface + switchport: + enabled: false - name: Ethernet10 + description: server01_MLAG_Eth3 + shutdown: false + channel_group: + id: 10 + mode: active peer: server01_MLAG peer_interface: Eth3 peer_type: server port_profile: TENANT_B - description: server01_MLAG_Eth3 +- name: Ethernet11 + description: server01_MTU_PROFILE_MLAG_Eth5 shutdown: false channel_group: - id: 10 + id: 11 mode: active -- name: Ethernet11 peer: server01_MTU_PROFILE_MLAG peer_interface: Eth5 peer_type: server port_profile: TENANT_A_MTU - description: server01_MTU_PROFILE_MLAG_Eth5 +- name: Ethernet12 + description: server01_MTU_ADAPTOR_MLAG_Eth7 shutdown: false channel_group: - id: 11 + id: 12 mode: active -- name: Ethernet12 peer: server01_MTU_ADAPTOR_MLAG peer_interface: Eth7 peer_type: server - description: server01_MTU_ADAPTOR_MLAG_Eth7 +- name: Ethernet20 + description: FIREWALL01_E1 shutdown: false channel_group: - id: 12 + id: 20 mode: active -- name: Ethernet20 peer: FIREWALL01 peer_interface: E1 peer_type: firewall port_profile: TENANT_A_B - description: FIREWALL01_E1 - shutdown: false - channel_group: - id: 20 - mode: active - name: Ethernet21 + description: ROUTER01_Eth1 + shutdown: false peer: ROUTER01 peer_interface: Eth1 peer_type: router port_profile: TENANT_A - description: ROUTER01_Eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 110 - name: Ethernet26 - peer: PHONE03_port_channel - peer_interface: Eth1 - peer_type: phone - port_profile: PHONE_WITH_PC description: PHONE03_port_channel_Eth1 shutdown: false channel_group: id: 26 mode: active + peer: PHONE03_port_channel + peer_interface: Eth1 + peer_type: phone + port_profile: PHONE_WITH_PC +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G + - speed_group: 5/1 + serdes: 25G +hostname: DC1-LEAF2B +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_static_routes: +- vrf: Tenant_D_OP_Zone + destination_address_prefix: ::/0 + gateway: 2001:db8:311::4 + name: IPv6-test-2 +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.11/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.11/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.11/32 +- name: Loopback101 + description: Tenant_A_OSPF_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OSPF + ip_address: 10.255.11.11/32 +- name: Loopback123 + shutdown: true + vrf: Tenant_A_OSPF + ip_address: 10.1.53.1/32 + ospf_area: 0.0.0.0 + eos_cli: 'ip ospf cost 100 + + ' +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management99 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management99 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +platform: + sand: + lag: + hardware_only: true port_channel_interfaces: - name: Port-Channel7 description: DC1_L2LEAF1_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,160-161 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:0808:0707:0606 route_target: 08:08:07:07:06:06 lacp_id: 0808.0707.0606 -- name: Port-Channel9 - description: DC1-L2LEAF3A_Po1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel9 + description: DC1-L2LEAF3A_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:0606:0707:0808 route_target: 06:06:07:07:08:08 lacp_id: 0606.0707.0808 -- name: Port-Channel1013 - description: DC1-L2LEAF4A_Po1001 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel1013 + description: DC1-L2LEAF4A_Po1001 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:a36b:7013:457b route_target: a3:6b:70:13:45:7b lacp_id: a36b.7013.457b -- name: Port-Channel141 - description: DC1_L2LEAF5_Po1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel141 + description: DC1_L2LEAF5_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:fa91:ce62:ce95 route_target: fa:91:ce:62:ce:95 lacp_id: fa91.ce62.ce95 -- name: Port-Channel30 - description: DC1_L2LEAF6_Po1 switchport: enabled: true mode: trunk trunk: - allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 + allowed_vlan: 110-112,120-121,130-131,160-161 +- name: Port-Channel30 + description: DC1_L2LEAF6_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:0000:a8be:743c:0a1a route_target: a8:be:74:3c:0a:1a lacp_id: a8be.743c.0a1a + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 - name: Port-Channel10 description: server01_MLAG_PortChanne1 shutdown: false + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: disabled switchport: enabled: true mode: trunk trunk: allowed_vlan: 210-211 - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: disabled - name: Port-Channel11 description: server01_MTU_PROFILE_MLAG_PortChanne1 shutdown: false mtu: 1600 + spanning_tree_bpdufilter: enabled + spanning_tree_bpduguard: enabled switchport: enabled: true mode: access access_vlan: 110 - spanning_tree_bpdufilter: enabled - spanning_tree_bpduguard: enabled - name: Port-Channel12 description: server01_MTU_ADAPTOR_MLAG_PortChanne1 shutdown: false mtu: 1601 - switchport: - enabled: true spanning_tree_bpdufilter: 'True' spanning_tree_bpduguard: 'True' + switchport: + enabled: true - name: Port-Channel20 description: FIREWALL01_PortChanne1 shutdown: false @@ -807,33 +464,6 @@ port_channel_interfaces: phone: vlan: 211 trunk: untagged -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.11/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.11/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.11/32 -- name: Loopback101 - description: Tenant_A_OSPF_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OSPF - ip_address: 10.255.11.11/32 -- name: Loopback123 - ip_address: 10.1.53.1/32 - shutdown: true - eos_cli: 'ip ospf cost 100 - - ' - vrf: Tenant_A_OSPF - ospf_area: 0.0.0.0 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -853,331 +483,708 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 450 - name: Tenant_D_v6_WAN_Zone_1 - tenant: Tenant_D -- id: 451 - name: Tenant_D_v6_WAN_Zone_2 - tenant: Tenant_D -- id: 452 - name: Tenant_D_v6_WAN_Zone_3 - tenant: Tenant_D -- id: 410 - name: Tenant_D_v6_OP_Zone_1 - tenant: Tenant_D -- id: 411 - name: Tenant_D_v6_OP_Zone_2 - tenant: Tenant_D -- id: 412 - name: Tenant_D_v6_OP_Zone_1 - tenant: Tenant_D -- id: 413 - name: Tenant_D_v6_OP_Zone_3 - tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65102' + router_id: 192.168.255.11 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_for_convergence: true + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.64 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet5/1 + - ip_address: 172.31.254.66 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/5/1 + - ip_address: 172.31.254.68 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/6/1 + - ip_address: 172.31.254.70 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet6/1 + - ip_address: 172.31.254.72 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/5/1 + - ip_address: 172.31.254.74 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet5/1 + - ip_address: 172.31.254.76 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet6/1 + - ip_address: 172.31.254.78 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/6/1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: '65001:12' + route_targets: + both: + - '100000:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: '65001:13' + route_targets: + both: + - '100000:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: '65001:9' + route_targets: + both: + - '100000:9' + redistribute_routes: + - learned + vlan: 110-112 + - name: Tenant_A_WEB_Zone + rd: '65001:11' + route_targets: + both: + - '100000:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 65001:20161 + route_targets: + both: + - 100000:20161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 65001:20160 + route_targets: + both: + - 100000:20160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: '65001:20' + route_targets: + both: + - '100000:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: '65001:30' + route_targets: + both: + - '100000:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: '12345678' + rd: '65001:41' + route_targets: + both: + - '100000:41' + redistribute_routes: + - learned + vlan: 450-452 + - name: Tenant_D_OP_Zone + rd: '65001:40' + route_targets: + both: + - '100000:40' + redistribute_routes: + - learned + vlan: 410-413 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: '65001:12' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:12' + export: + - address_family: evpn + route_targets: + - '100000:12' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: '65001:13' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:13' + export: + - address_family: evpn + route_targets: + - '100000:13' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_A_OP_Zone + rd: '65001:9' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:9' + export: + - address_family: evpn + route_targets: + - '100000:9' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_A_OSPF + rd: '65001:16' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:16' + export: + - address_family: evpn + route_targets: + - '100000:16' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + ospf: + enabled: true + - name: Tenant_A_WEB_Zone + rd: '65001:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:11' + export: + - address_family: evpn + route_targets: + - '100000:11' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: '65001:20' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:20' + export: + - address_family: evpn + route_targets: + - '100000:20' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_C_OP_Zone + rd: '65001:30' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:30' + export: + - address_family: evpn + route_targets: + - '100000:30' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: '12345678' + rd: '65001:41' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:41' + export: + - address_family: evpn + route_targets: + - '100000:41' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_D_OP_Zone + rd: '65001:40' + route_targets: + import: + - address_family: evpn + route_targets: + - '100000:40' + export: + - address_family: evpn + route_targets: + - '100000:40' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + static: + enabled: true +router_ospf: + process_ids: + - id: 16 + vrf: Tenant_A_OSPF + passive_interface_default: true + router_id: 192.168.255.11 + no_passive_interfaces: + - Ethernet24 + redistribute: + bgp: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS rackD DC1-LEAF2B +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 0.0.0.0/0 + gateway: 10.3.11.4 +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 1.1.1.0/24 + gateway: 10.3.11.4 + track_bfd: true + name: Track-bfd-network-services +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 10.3.11.0/24 + interface: Vlan411 + name: VARP +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.11 +- name: Tenant_A_OSPF + ip_address: 10.255.11.11 vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan140 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - db - - erp1 + - app +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan110 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A tags: - - opzone + - db +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan112 tenant: Tenant_A tags: - opzone +- name: Vlan112 description: Tenant_A_OP_Zone_3 shutdown: false - mtu: 1560 vrf: Tenant_A_OP_Zone ip_helpers: - ip_helper: 2.2.2.2 source_interface: lo101 vrf: MGMT -- name: Vlan120 + mtu: 1560 tenant: Tenant_A tags: - - web - - erp1 + - opzone +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false + vrf: Tenant_A_WEB_Zone ip_address_virtual: 10.1.20.1/24 ip_address_virtual_secondaries: - 10.2.20.1/24 - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan210 - tenant: Tenant_B + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A tags: - - opzone + - web +- name: Vlan210 description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan310 - tenant: Tenant_C + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B tags: - opzone +- name: Vlan310 description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan450 - tenant: Tenant_D + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C tags: - - v6wan + - opzone +- name: Vlan450 description: Tenant_D_v6_WAN_Zone_1 shutdown: false + vrf: '12345678' ipv6_enable: true ipv6_address_virtuals: - 2001:db8:355::1/64 - vrf: '12345678' -- name: Vlan451 tenant: Tenant_D tags: - v6wan +- name: Vlan451 description: Tenant_D_v6_WAN_Zone_2 shutdown: false + vrf: '12345678' ipv6_enable: true - mtu: 1560 ipv6_address_virtuals: - 2001:db8:451::1/64 - vrf: '12345678' -- name: Vlan452 + mtu: 1560 tenant: Tenant_D tags: - v6wan +- name: Vlan452 description: Tenant_D_v6_WAN_Zone_3 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: '12345678' ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: '12345678' -- name: Vlan410 + mtu: 1560 tenant: Tenant_D tags: - - v6opzone + - v6wan +- name: Vlan410 description: Tenant_D_v6_OP_Zone_1 shutdown: false - ipv6_enable: true + vrf: Tenant_D_OP_Zone ip_address_virtual: 10.3.10.1/24 + ipv6_enable: true ipv6_address_virtuals: - 2001:db8:310::1/64 - 2001:db8:311::1/64 - 2001:db8:312::1/64 - vrf: Tenant_D_OP_Zone -- name: Vlan411 tenant: Tenant_D tags: - v6opzone +- name: Vlan411 description: Tenant_D_v6_OP_Zone_2 shutdown: false + vrf: Tenant_D_OP_Zone ip_address: 10.3.11.3/24 - ipv6_address: 2001:db8:311::3/64 ip_virtual_router_addresses: - 10.3.11.1/24 + ipv6_address: 2001:db8:311::3/64 ipv6_virtual_router_addresses: - 2001:db8:311::1 - vrf: Tenant_D_OP_Zone -- name: Vlan412 tenant: Tenant_D tags: - v6opzone +- name: Vlan412 description: Tenant_D_v6_OP_Zone_1 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: Tenant_D_OP_Zone ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: Tenant_D_OP_Zone -- name: Vlan413 + mtu: 1560 tenant: Tenant_D tags: - v6opzone +- name: Vlan413 description: Tenant_D_v6_OP_Zone_3 shutdown: false + vrf: Tenant_D_OP_Zone ip_address: 101.4.13.2/24 - ipv6_address: 2002:db9:413::2/64 - mtu: 1560 ip_virtual_router_addresses: - 101.4.13.1 - ipv6_virtual_router_addresses: - - 2002:db9:413::1 - vrf: Tenant_D_OP_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo101 vrf: TEST -ipv6_static_routes: -- destination_address_prefix: ::/0 - gateway: 2001:db8:311::4 - name: IPv6-test-2 - vrf: Tenant_D_OP_Zone -router_ospf: - process_ids: - - id: 16 - vrf: Tenant_A_OSPF - passive_interface_default: true - router_id: 192.168.255.11 - no_passive_interfaces: - - Ethernet24 - redistribute: - bgp: - enabled: true + ipv6_address: 2002:db9:413::2/64 + ipv6_virtual_router_addresses: + - 2002:db9:413::1 + mtu: 1560 + tenant: Tenant_D + tags: + - v6opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 450 + name: Tenant_D_v6_WAN_Zone_1 + tenant: Tenant_D +- id: 451 + name: Tenant_D_v6_WAN_Zone_2 + tenant: Tenant_D +- id: 452 + name: Tenant_D_v6_WAN_Zone_3 + tenant: Tenant_D +- id: 410 + name: Tenant_D_v6_OP_Zone_1 + tenant: Tenant_D +- id: 411 + name: Tenant_D_v6_OP_Zone_2 + tenant: Tenant_D +- id: 412 + name: Tenant_D_v6_OP_Zone_1 + tenant: Tenant_D +- id: 413 + name: Tenant_D_v6_OP_Zone_3 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OSPF + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: '12345678' + ip_routing: true + ipv6_routing: true + tenant: Tenant_D +- name: Tenant_D_OP_Zone + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: DC1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -1242,10 +1249,3 @@ vxlan_interface: vni: 41 - name: Tenant_D_OP_Zone vni: 40 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.11 -- name: Tenant_A_OSPF - ip_address: 10.255.11.11 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE1.yml index 2afd23f7e15..b69b71eb267 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE1.yml @@ -1,248 +1,6 @@ -hostname: DC1-SPINE1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.1 - peer_group: UNDERLAY-PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet27 - - ip_address: 172.31.254.33 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet49/1 - - ip_address: 172.31.254.39 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet52/1 - - ip_address: 172.31.254.65 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet49/1 - - ip_address: 172.31.254.71 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet52/1 - - ip_address: 172.31.254.97 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet49/1 - - ip_address: 172.31.254.129 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet49/1 - - ip_address: 10.10.101.7 - peer_group: UNDERLAY-PEERS - remote_as: '65161' - peer: MLAG-OSPF-L3LEAF1A - description: MLAG-OSPF-L3LEAF1A_Ethernet1 - - ip_address: 10.10.101.1 - peer_group: UNDERLAY-PEERS - remote_as: '65151' - peer: MH-LEAF1A - description: MH-LEAF1A_Ethernet1 - - ip_address: 10.10.101.3 - peer_group: UNDERLAY-PEERS - remote_as: '65152' - peer: MH-LEAF1B - description: MH-LEAF1B_Ethernet1 - - ip_address: 10.10.101.5 - peer_group: UNDERLAY-PEERS - remote_as: '65153' - peer: MH-LEAF2A - description: MH-LEAF2A_Ethernet1 - - ip_address: 172.31.254.161 - peer_group: UNDERLAY-PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet1 - - ip_address: 172.31.254.193 - peer_group: UNDERLAY-PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet1 - - ip_address: 172.31.254.225 - peer_group: UNDERLAY-PEERS - remote_as: '65106' - peer: DC1-BL2A - description: DC1-BL2A_Ethernet1 - - ip_address: 172.31.255.1 - peer_group: UNDERLAY-PEERS - remote_as: '65107' - peer: DC1-BL2B - description: DC1-BL2B_Ethernet1 - - ip_address: 172.31.255.33 - peer_group: UNDERLAY-PEERS - remote_as: '65108' - peer: DC1-CL1A - description: DC1-CL1A_Ethernet1 - - ip_address: 172.31.255.65 - peer_group: UNDERLAY-PEERS - remote_as: '65109' - peer: DC1-CL1B - description: DC1-CL1B_Ethernet1 - - ip_address: 172.31.255.129 - peer_group: UNDERLAY-PEERS - remote_as: '65110' - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A_Ethernet49/1 - shutdown: true - - ip_address: 172.31.255.161 - peer_group: UNDERLAY-PEERS - remote_as: '65111' - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B_Ethernet49/1 - shutdown: true - - ip_address: 10.10.101.9 - peer_group: UNDERLAY-PEERS - remote_as: '65161' - peer: MLAG-OSPF-L3LEAF1B - description: MLAG-OSPF-L3LEAF1B_Ethernet1 - - ip_address: 192.168.255.14 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A - remote_as: '65104' - - ip_address: 192.168.255.15 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B - remote_as: '65105' - - ip_address: 192.168.255.16 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2A - description: DC1-BL2A - remote_as: '65106' - - ip_address: 192.168.255.17 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2B - description: DC1-BL2B - remote_as: '65107' - - ip_address: 192.168.255.18 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1A - description: DC1-CL1A - remote_as: '65108' - - ip_address: 192.168.255.19 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1B - description: DC1-CL1B - remote_as: '65109' - - ip_address: 192.168.42.42 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A - remote_as: '65101' - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A - remote_as: '65102' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B - remote_as: '65102' - - ip_address: 192.168.255.12 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A - remote_as: '65103' - - ip_address: 192.168.255.13 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B - remote_as: '65103' - - ip_address: 192.168.255.21 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A - remote_as: '65110' - shutdown: true - - ip_address: 192.168.255.22 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B - remote_as: '65111' - shutdown: true - - ip_address: 192.168.255.33 - peer_group: EVPN-OVERLAY-PEERS - peer: MH-LEAF1A - description: MH-LEAF1A - remote_as: '65151' - - ip_address: 192.168.255.34 - peer_group: EVPN-OVERLAY-PEERS - peer: MH-LEAF1B - description: MH-LEAF1B - remote_as: '65152' - - ip_address: 192.168.255.35 - peer_group: EVPN-OVERLAY-PEERS - peer: MH-LEAF2A - description: MH-LEAF2A - remote_as: '65153' - - ip_address: 192.168.255.36 - peer_group: EVPN-OVERLAY-PEERS - peer: MLAG-OSPF-L3LEAF1A - description: MLAG-OSPF-L3LEAF1A - remote_as: '65161' - - ip_address: 192.168.255.37 - peer_group: EVPN-OVERLAY-PEERS - peer: MLAG-OSPF-L3LEAF1B - description: MLAG-OSPF-L3LEAF1B - remote_as: '65161' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -250,297 +8,285 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE1 ethernet_interfaces: - name: Ethernet1/1 - peer: DC1-LEAF1A - peer_interface: Ethernet27 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF1A_Ethernet27 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.0/31 + peer: DC1-LEAF1A + peer_interface: Ethernet27 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.0/31 - name: Ethernet3/1 - peer: DC1-LEAF2A - peer_interface: Ethernet49/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2A_Ethernet49/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.32/31 -- name: Ethernet4/1 peer: DC1-LEAF2A - peer_interface: Ethernet52/1 + peer_interface: Ethernet49/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4/1 description: P2P_LINK_TO_DC1-LEAF2A_Ethernet52/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.38/31 + peer: DC1-LEAF2A + peer_interface: Ethernet52/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.38/31 - name: Ethernet5/1 - peer: DC1-LEAF2B - peer_interface: Ethernet49/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2B_Ethernet49/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.64/31 -- name: Ethernet6/1 peer: DC1-LEAF2B - peer_interface: Ethernet52/1 + peer_interface: Ethernet49/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6/1 description: P2P_LINK_TO_DC1-LEAF2B_Ethernet52/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.70/31 + peer: DC1-LEAF2B + peer_interface: Ethernet52/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.70/31 - name: Ethernet7/1 - peer: DC1-SVC3A - peer_interface: Ethernet49/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-SVC3A_Ethernet49/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.96/31 -- name: Ethernet9/1 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet49/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet9/1 description: P2P_LINK_TO_DC1-SVC3B_Ethernet49/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.128/31 + peer: DC1-SVC3B + peer_interface: Ethernet49/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.128/31 - name: Ethernet18 - peer: MLAG-OSPF-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_LINK_TO_MLAG-OSPF-L3LEAF1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.10.101.6/31 -- name: Ethernet19 - peer: MH-LEAF1A + peer: MLAG-OSPF-L3LEAF1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet19 description: P2P_LINK_TO_MH-LEAF1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.10.101.0/31 -- name: Ethernet20 - peer: MH-LEAF1B + peer: MH-LEAF1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet20 description: P2P_LINK_TO_MH-LEAF1B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.10.101.2/31 -- name: Ethernet21 - peer: MH-LEAF2A + peer: MH-LEAF1B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet21 description: P2P_LINK_TO_MH-LEAF2A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.10.101.4/31 -- name: Ethernet22 - peer: DC1-BL1A + peer: MH-LEAF2A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet22 description: P2P_LINK_TO_DC1-BL1A_Ethernet1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.160/31 -- name: Ethernet23 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet23 description: P2P_LINK_TO_DC1-BL1B_Ethernet1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.192/31 -- name: Ethernet24 - peer: DC1-BL2A + peer: DC1-BL1B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet24 description: P2P_LINK_TO_DC1-BL2A_Ethernet1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.224/31 -- name: Ethernet25 - peer: DC1-BL2B + peer: DC1-BL2A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet25 description: P2P_LINK_TO_DC1-BL2B_Ethernet1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.0/31 -- name: Ethernet26 - peer: DC1-CL1A + peer: DC1-BL2B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet26 description: P2P_LINK_TO_DC1-CL1A_Ethernet1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.32/31 -- name: Ethernet27 - peer: DC1-CL1B + peer: DC1-CL1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet27 description: P2P_LINK_TO_DC1-CL1B_Ethernet1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.64/31 + peer: DC1-CL1B + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.64/31 - name: Ethernet28 - peer: DC1_UNDEPLOYED_LEAF1A - peer_interface: Ethernet49/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1A_Ethernet49/1 - speed: 100g-2 shutdown: true + speed: 100g-2 mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.128/31 -- name: Ethernet29 - peer: DC1_UNDEPLOYED_LEAF1B + peer: DC1_UNDEPLOYED_LEAF1A peer_interface: Ethernet49/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet29 description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1B_Ethernet49/1 - speed: forced 100gfull shutdown: true + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.160/31 + peer: DC1_UNDEPLOYED_LEAF1B + peer_interface: Ethernet49/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.160/31 - name: Ethernet220 - peer: MLAG-OSPF-L3LEAF1B - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_LINK_TO_MLAG-OSPF-L3LEAF1B_Ethernet1 shutdown: false mtu: 1500 + ip_address: 10.10.101.8/31 + peer: MLAG-OSPF-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ip_address: 10.10.101.8/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY +hostname: DC1-SPINE1 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: - sequence: 10 action: permit 192.168.255.0/24 eq 32 @@ -556,5 +302,259 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050SX3 +router_bgp: + as: '65001' + router_id: 192.168.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.1 + peer_group: UNDERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Ethernet27 + - ip_address: 172.31.254.33 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet49/1 + - ip_address: 172.31.254.39 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet52/1 + - ip_address: 172.31.254.65 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet49/1 + - ip_address: 172.31.254.71 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet52/1 + - ip_address: 172.31.254.97 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Ethernet49/1 + - ip_address: 172.31.254.129 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Ethernet49/1 + - ip_address: 10.10.101.7 + peer_group: UNDERLAY-PEERS + remote_as: '65161' + peer: MLAG-OSPF-L3LEAF1A + description: MLAG-OSPF-L3LEAF1A_Ethernet1 + - ip_address: 10.10.101.1 + peer_group: UNDERLAY-PEERS + remote_as: '65151' + peer: MH-LEAF1A + description: MH-LEAF1A_Ethernet1 + - ip_address: 10.10.101.3 + peer_group: UNDERLAY-PEERS + remote_as: '65152' + peer: MH-LEAF1B + description: MH-LEAF1B_Ethernet1 + - ip_address: 10.10.101.5 + peer_group: UNDERLAY-PEERS + remote_as: '65153' + peer: MH-LEAF2A + description: MH-LEAF2A_Ethernet1 + - ip_address: 172.31.254.161 + peer_group: UNDERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Ethernet1 + - ip_address: 172.31.254.193 + peer_group: UNDERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Ethernet1 + - ip_address: 172.31.254.225 + peer_group: UNDERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A_Ethernet1 + - ip_address: 172.31.255.1 + peer_group: UNDERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B_Ethernet1 + - ip_address: 172.31.255.33 + peer_group: UNDERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A_Ethernet1 + - ip_address: 172.31.255.65 + peer_group: UNDERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B_Ethernet1 + - ip_address: 172.31.255.129 + peer_group: UNDERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A_Ethernet49/1 + shutdown: true + - ip_address: 172.31.255.161 + peer_group: UNDERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B_Ethernet49/1 + shutdown: true + - ip_address: 10.10.101.9 + peer_group: UNDERLAY-PEERS + remote_as: '65161' + peer: MLAG-OSPF-L3LEAF1B + description: MLAG-OSPF-L3LEAF1B_Ethernet1 + - ip_address: 192.168.255.14 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A + - ip_address: 192.168.255.15 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B + - ip_address: 192.168.255.16 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A + - ip_address: 192.168.255.17 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B + - ip_address: 192.168.255.18 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A + - ip_address: 192.168.255.19 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B + - ip_address: 192.168.42.42 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B + - ip_address: 192.168.255.12 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A + - ip_address: 192.168.255.13 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B + - ip_address: 192.168.255.21 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A + shutdown: true + - ip_address: 192.168.255.22 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B + shutdown: true + - ip_address: 192.168.255.33 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65151' + peer: MH-LEAF1A + description: MH-LEAF1A + - ip_address: 192.168.255.34 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65152' + peer: MH-LEAF1B + description: MH-LEAF1B + - ip_address: 192.168.255.35 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65153' + peer: MH-LEAF2A + description: MH-LEAF2A + - ip_address: 192.168.255.36 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65161' + peer: MLAG-OSPF-L3LEAF1A + description: MLAG-OSPF-L3LEAF1A + - ip_address: 192.168.255.37 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65161' + peer: MLAG-OSPF-L3LEAF1B + description: MLAG-OSPF-L3LEAF1B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE1 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE2.yml index 095e6b5b9f4..9a92698bad0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE2.yml @@ -1,198 +1,6 @@ -hostname: DC1-SPINE2 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.3 - peer_group: UNDERLAY-PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet28 - - ip_address: 172.31.254.35 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet50/1 - - ip_address: 172.31.254.37 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet51/1 - - ip_address: 172.31.254.67 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet50/1 - - ip_address: 172.31.254.69 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet51/1 - - ip_address: 172.31.254.99 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet50/1 - - ip_address: 172.31.254.131 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet50/1 - - ip_address: 172.31.254.163 - peer_group: UNDERLAY-PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet2 - - ip_address: 172.31.254.195 - peer_group: UNDERLAY-PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet2 - - ip_address: 172.31.254.227 - peer_group: UNDERLAY-PEERS - remote_as: '65106' - peer: DC1-BL2A - description: DC1-BL2A_Ethernet2 - - ip_address: 172.31.255.3 - peer_group: UNDERLAY-PEERS - remote_as: '65107' - peer: DC1-BL2B - description: DC1-BL2B_Ethernet2 - - ip_address: 172.31.255.35 - peer_group: UNDERLAY-PEERS - remote_as: '65108' - peer: DC1-CL1A - description: DC1-CL1A_Ethernet2 - - ip_address: 172.31.255.67 - peer_group: UNDERLAY-PEERS - remote_as: '65109' - peer: DC1-CL1B - description: DC1-CL1B_Ethernet2 - - ip_address: 172.31.255.131 - peer_group: UNDERLAY-PEERS - remote_as: '65110' - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A_Ethernet50/1 - shutdown: true - - ip_address: 172.31.255.163 - peer_group: UNDERLAY-PEERS - remote_as: '65111' - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B_Ethernet50/1 - shutdown: true - - ip_address: 192.168.255.14 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A - remote_as: '65104' - - ip_address: 192.168.255.15 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B - remote_as: '65105' - - ip_address: 192.168.255.16 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2A - description: DC1-BL2A - remote_as: '65106' - - ip_address: 192.168.255.17 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2B - description: DC1-BL2B - remote_as: '65107' - - ip_address: 192.168.255.18 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1A - description: DC1-CL1A - remote_as: '65108' - - ip_address: 192.168.255.19 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1B - description: DC1-CL1B - remote_as: '65109' - - ip_address: 192.168.42.42 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A - remote_as: '65101' - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A - remote_as: '65102' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B - remote_as: '65102' - - ip_address: 192.168.255.12 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A - remote_as: '65103' - - ip_address: 192.168.255.13 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B - remote_as: '65103' - - ip_address: 192.168.255.21 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A - remote_as: '65110' - shutdown: true - - ip_address: 192.168.255.22 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B - remote_as: '65111' - shutdown: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -200,251 +8,237 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE2 ethernet_interfaces: - name: Ethernet1/1/1 - peer: DC1-LEAF1A - peer_interface: Ethernet28 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF1A_Ethernet28 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.2/31 + peer: DC1-LEAF1A + peer_interface: Ethernet28 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.2/31 - name: Ethernet1/3/1 - peer: DC1-LEAF2A - peer_interface: Ethernet50/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2A_Ethernet50/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.34/31 -- name: Ethernet1/4/1 peer: DC1-LEAF2A - peer_interface: Ethernet51/1 + peer_interface: Ethernet50/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1/4/1 description: P2P_LINK_TO_DC1-LEAF2A_Ethernet51/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.36/31 + peer: DC1-LEAF2A + peer_interface: Ethernet51/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.36/31 - name: Ethernet1/5/1 - peer: DC1-LEAF2B - peer_interface: Ethernet50/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2B_Ethernet50/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.66/31 -- name: Ethernet1/6/1 peer: DC1-LEAF2B - peer_interface: Ethernet51/1 + peer_interface: Ethernet50/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1/6/1 description: P2P_LINK_TO_DC1-LEAF2B_Ethernet51/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.68/31 + peer: DC1-LEAF2B + peer_interface: Ethernet51/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.68/31 - name: Ethernet1/7/1 - peer: DC1-SVC3A - peer_interface: Ethernet50/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-SVC3A_Ethernet50/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.98/31 -- name: Ethernet1/9/1 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet50/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1/9/1 description: P2P_LINK_TO_DC1-SVC3B_Ethernet50/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.130/31 + peer: DC1-SVC3B + peer_interface: Ethernet50/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.130/31 - name: Ethernet22 - peer: DC1-BL1A - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_LINK_TO_DC1-BL1A_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.162/31 -- name: Ethernet23 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet23 description: P2P_LINK_TO_DC1-BL1B_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.194/31 -- name: Ethernet24 - peer: DC1-BL2A + peer: DC1-BL1B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet24 description: P2P_LINK_TO_DC1-BL2A_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.226/31 -- name: Ethernet25 - peer: DC1-BL2B + peer: DC1-BL2A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet25 description: P2P_LINK_TO_DC1-BL2B_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.2/31 -- name: Ethernet26 - peer: DC1-CL1A + peer: DC1-BL2B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet26 description: P2P_LINK_TO_DC1-CL1A_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.34/31 -- name: Ethernet27 - peer: DC1-CL1B + peer: DC1-CL1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet27 description: P2P_LINK_TO_DC1-CL1B_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.66/31 + peer: DC1-CL1B + peer_interface: Ethernet2 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.66/31 - name: Ethernet28 - peer: DC1_UNDEPLOYED_LEAF1A - peer_interface: Ethernet50/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1A_Ethernet50/1 - speed: 100g-2 shutdown: true + speed: 100g-2 mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.130/31 -- name: Ethernet29 - peer: DC1_UNDEPLOYED_LEAF1B + peer: DC1_UNDEPLOYED_LEAF1A peer_interface: Ethernet50/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet29 description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1B_Ethernet50/1 - speed: forced 100gfull shutdown: true + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.162/31 + peer: DC1_UNDEPLOYED_LEAF1B + peer_interface: Ethernet50/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.162/31 +hostname: DC1-SPINE2 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7500R +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +platform: + sand: + lag: + hardware_only: true prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -462,5 +256,211 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7500R +router_bgp: + as: '65001' + router_id: 192.168.255.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.3 + peer_group: UNDERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Ethernet28 + - ip_address: 172.31.254.35 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet50/1 + - ip_address: 172.31.254.37 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet51/1 + - ip_address: 172.31.254.67 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet50/1 + - ip_address: 172.31.254.69 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet51/1 + - ip_address: 172.31.254.99 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Ethernet50/1 + - ip_address: 172.31.254.131 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Ethernet50/1 + - ip_address: 172.31.254.163 + peer_group: UNDERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Ethernet2 + - ip_address: 172.31.254.195 + peer_group: UNDERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Ethernet2 + - ip_address: 172.31.254.227 + peer_group: UNDERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A_Ethernet2 + - ip_address: 172.31.255.3 + peer_group: UNDERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B_Ethernet2 + - ip_address: 172.31.255.35 + peer_group: UNDERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A_Ethernet2 + - ip_address: 172.31.255.67 + peer_group: UNDERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B_Ethernet2 + - ip_address: 172.31.255.131 + peer_group: UNDERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A_Ethernet50/1 + shutdown: true + - ip_address: 172.31.255.163 + peer_group: UNDERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B_Ethernet50/1 + shutdown: true + - ip_address: 192.168.255.14 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A + - ip_address: 192.168.255.15 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B + - ip_address: 192.168.255.16 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A + - ip_address: 192.168.255.17 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B + - ip_address: 192.168.255.18 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A + - ip_address: 192.168.255.19 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B + - ip_address: 192.168.42.42 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B + - ip_address: 192.168.255.12 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A + - ip_address: 192.168.255.13 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B + - ip_address: 192.168.255.21 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A + shutdown: true + - ip_address: 192.168.255.22 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B + shutdown: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE2 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE3.yml index 821abba925d..c70d781723a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE3.yml @@ -1,198 +1,6 @@ -hostname: DC1-SPINE3 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.5 - peer_group: UNDERLAY-PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet29 - - ip_address: 172.31.254.41 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet53/1 - - ip_address: 172.31.254.47 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet56/1 - - ip_address: 172.31.254.73 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet53/1 - - ip_address: 172.31.254.79 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet56/1 - - ip_address: 172.31.254.101 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet51/1 - - ip_address: 172.31.254.133 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet51/1 - - ip_address: 172.31.254.165 - peer_group: UNDERLAY-PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet3 - - ip_address: 172.31.254.197 - peer_group: UNDERLAY-PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet3 - - ip_address: 172.31.254.229 - peer_group: UNDERLAY-PEERS - remote_as: '65106' - peer: DC1-BL2A - description: DC1-BL2A_Ethernet3 - - ip_address: 172.31.255.5 - peer_group: UNDERLAY-PEERS - remote_as: '65107' - peer: DC1-BL2B - description: DC1-BL2B_Ethernet3 - - ip_address: 172.31.255.37 - peer_group: UNDERLAY-PEERS - remote_as: '65108' - peer: DC1-CL1A - description: DC1-CL1A_Ethernet3 - - ip_address: 172.31.255.69 - peer_group: UNDERLAY-PEERS - remote_as: '65109' - peer: DC1-CL1B - description: DC1-CL1B_Ethernet3 - - ip_address: 172.31.255.133 - peer_group: UNDERLAY-PEERS - remote_as: '65110' - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A_Ethernet51/1 - shutdown: true - - ip_address: 172.31.255.165 - peer_group: UNDERLAY-PEERS - remote_as: '65111' - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B_Ethernet51/1 - shutdown: true - - ip_address: 192.168.255.14 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A - remote_as: '65104' - - ip_address: 192.168.255.15 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B - remote_as: '65105' - - ip_address: 192.168.255.16 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2A - description: DC1-BL2A - remote_as: '65106' - - ip_address: 192.168.255.17 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2B - description: DC1-BL2B - remote_as: '65107' - - ip_address: 192.168.255.18 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1A - description: DC1-CL1A - remote_as: '65108' - - ip_address: 192.168.255.19 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1B - description: DC1-CL1B - remote_as: '65109' - - ip_address: 192.168.42.42 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A - remote_as: '65101' - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A - remote_as: '65102' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B - remote_as: '65102' - - ip_address: 192.168.255.12 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A - remote_as: '65103' - - ip_address: 192.168.255.13 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B - remote_as: '65103' - - ip_address: 192.168.255.21 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A - remote_as: '65110' - shutdown: true - - ip_address: 192.168.255.22 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B - remote_as: '65111' - shutdown: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -200,247 +8,233 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management0 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management0 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE3 ethernet_interfaces: - name: Ethernet1/1/1 - peer: DC1-LEAF1A - peer_interface: Ethernet29 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF1A_Ethernet29 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.4/31 + peer: DC1-LEAF1A + peer_interface: Ethernet29 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.4/31 - name: Ethernet1/3/1 - peer: DC1-LEAF2A - peer_interface: Ethernet53/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2A_Ethernet53/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.40/31 -- name: Ethernet1/4/1 peer: DC1-LEAF2A - peer_interface: Ethernet56/1 + peer_interface: Ethernet53/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1/4/1 description: P2P_LINK_TO_DC1-LEAF2A_Ethernet56/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.46/31 + peer: DC1-LEAF2A + peer_interface: Ethernet56/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.46/31 - name: Ethernet1/5/1 - peer: DC1-LEAF2B - peer_interface: Ethernet53/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2B_Ethernet53/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.72/31 -- name: Ethernet1/6/1 peer: DC1-LEAF2B - peer_interface: Ethernet56/1 + peer_interface: Ethernet53/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1/6/1 description: P2P_LINK_TO_DC1-LEAF2B_Ethernet56/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.78/31 + peer: DC1-LEAF2B + peer_interface: Ethernet56/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.78/31 - name: Ethernet1/7/1 - peer: DC1-SVC3A - peer_interface: Ethernet51/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-SVC3A_Ethernet51/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.100/31 -- name: Ethernet1/9/1 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet51/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1/9/1 description: P2P_LINK_TO_DC1-SVC3B_Ethernet51/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.132/31 + peer: DC1-SVC3B + peer_interface: Ethernet51/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.132/31 - name: Ethernet22 - peer: DC1-BL1A - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_LINK_TO_DC1-BL1A_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.164/31 -- name: Ethernet23 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet23 description: P2P_LINK_TO_DC1-BL1B_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.196/31 -- name: Ethernet24 - peer: DC1-BL2A + peer: DC1-BL1B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet24 description: P2P_LINK_TO_DC1-BL2A_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.228/31 -- name: Ethernet25 - peer: DC1-BL2B + peer: DC1-BL2A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet25 description: P2P_LINK_TO_DC1-BL2B_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.4/31 -- name: Ethernet26 - peer: DC1-CL1A + peer: DC1-BL2B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet26 description: P2P_LINK_TO_DC1-CL1A_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.36/31 -- name: Ethernet27 - peer: DC1-CL1B + peer: DC1-CL1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet27 description: P2P_LINK_TO_DC1-CL1B_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.68/31 + peer: DC1-CL1B + peer_interface: Ethernet3 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.68/31 - name: Ethernet28 - peer: DC1_UNDEPLOYED_LEAF1A - peer_interface: Ethernet51/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1A_Ethernet51/1 - speed: 100g-2 shutdown: true + speed: 100g-2 mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.132/31 -- name: Ethernet29 - peer: DC1_UNDEPLOYED_LEAF1B + peer: DC1_UNDEPLOYED_LEAF1A peer_interface: Ethernet51/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet29 description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1B_Ethernet51/1 - speed: forced 100gfull shutdown: true + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.164/31 + peer: DC1_UNDEPLOYED_LEAF1B + peer_interface: Ethernet51/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.164/31 +hostname: DC1-SPINE3 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.3/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management0 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7800R3 +ntp: + local_interface: + name: Management0 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -458,5 +252,211 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7800R3 +router_bgp: + as: '65001' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.5 + peer_group: UNDERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Ethernet29 + - ip_address: 172.31.254.41 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet53/1 + - ip_address: 172.31.254.47 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet56/1 + - ip_address: 172.31.254.73 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet53/1 + - ip_address: 172.31.254.79 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet56/1 + - ip_address: 172.31.254.101 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Ethernet51/1 + - ip_address: 172.31.254.133 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Ethernet51/1 + - ip_address: 172.31.254.165 + peer_group: UNDERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Ethernet3 + - ip_address: 172.31.254.197 + peer_group: UNDERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Ethernet3 + - ip_address: 172.31.254.229 + peer_group: UNDERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A_Ethernet3 + - ip_address: 172.31.255.5 + peer_group: UNDERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B_Ethernet3 + - ip_address: 172.31.255.37 + peer_group: UNDERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A_Ethernet3 + - ip_address: 172.31.255.69 + peer_group: UNDERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B_Ethernet3 + - ip_address: 172.31.255.133 + peer_group: UNDERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A_Ethernet51/1 + shutdown: true + - ip_address: 172.31.255.165 + peer_group: UNDERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B_Ethernet51/1 + shutdown: true + - ip_address: 192.168.255.14 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A + - ip_address: 192.168.255.15 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B + - ip_address: 192.168.255.16 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A + - ip_address: 192.168.255.17 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B + - ip_address: 192.168.255.18 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A + - ip_address: 192.168.255.19 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B + - ip_address: 192.168.42.42 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B + - ip_address: 192.168.255.12 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A + - ip_address: 192.168.255.13 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B + - ip_address: 192.168.255.21 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A + shutdown: true + - ip_address: 192.168.255.22 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B + shutdown: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE3 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE4.yml index ed38a0af854..95f285485bf 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE4.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SPINE4.yml @@ -1,193 +1,6 @@ -hostname: DC1-SPINE4 -is_deployed: true -router_bgp: - as: '65001' - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.254.7 - peer_group: UNDERLAY-PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet30 - - ip_address: 172.31.254.43 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet54/1 - - ip_address: 172.31.254.45 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet55/1 - - ip_address: 172.31.254.75 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet54/1 - - ip_address: 172.31.254.77 - peer_group: UNDERLAY-PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet55/1 - - ip_address: 172.31.254.103 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet52/1 - - ip_address: 172.31.254.135 - peer_group: UNDERLAY-PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet52/1 - - ip_address: 172.31.254.167 - peer_group: UNDERLAY-PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet4 - - ip_address: 172.31.254.199 - peer_group: UNDERLAY-PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet4 - - ip_address: 172.31.254.231 - peer_group: UNDERLAY-PEERS - remote_as: '65106' - peer: DC1-BL2A - description: DC1-BL2A_Ethernet4 - - ip_address: 172.31.255.7 - peer_group: UNDERLAY-PEERS - remote_as: '65107' - peer: DC1-BL2B - description: DC1-BL2B_Ethernet4 - - ip_address: 172.31.255.39 - peer_group: UNDERLAY-PEERS - remote_as: '65108' - peer: DC1-CL1A - description: DC1-CL1A_Ethernet4 - - ip_address: 172.31.255.71 - peer_group: UNDERLAY-PEERS - remote_as: '65109' - peer: DC1-CL1B - description: DC1-CL1B_Ethernet4 - - ip_address: 172.31.255.135 - peer_group: UNDERLAY-PEERS - remote_as: '65110' - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A_Ethernet52/1 - - ip_address: 172.31.255.167 - peer_group: UNDERLAY-PEERS - remote_as: '65111' - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B_Ethernet52/1 - - ip_address: 192.168.255.14 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A - remote_as: '65104' - - ip_address: 192.168.255.15 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B - remote_as: '65105' - - ip_address: 192.168.255.16 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2A - description: DC1-BL2A - remote_as: '65106' - - ip_address: 192.168.255.17 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL2B - description: DC1-BL2B - remote_as: '65107' - - ip_address: 192.168.255.18 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1A - description: DC1-CL1A - remote_as: '65108' - - ip_address: 192.168.255.19 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-CL1B - description: DC1-CL1B - remote_as: '65109' - - ip_address: 192.168.42.42 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A - remote_as: '65101' - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A - remote_as: '65102' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B - remote_as: '65102' - - ip_address: 192.168.255.12 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A - remote_as: '65103' - - ip_address: 192.168.255.13 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B - remote_as: '65103' - - ip_address: 192.168.255.21 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1A - description: DC1_UNDEPLOYED_LEAF1A - remote_as: '65110' - - ip_address: 192.168.255.22 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1_UNDEPLOYED_LEAF1B - description: DC1_UNDEPLOYED_LEAF1B - remote_as: '65111' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -195,248 +8,233 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE4 -router_general: - router_id: - ipv4: 192.168.255.4 ethernet_interfaces: - name: Ethernet1/1 - peer: DC1-LEAF1A - peer_interface: Ethernet30 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF1A_Ethernet30 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.6/31 + peer: DC1-LEAF1A + peer_interface: Ethernet30 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.6/31 - name: Ethernet3/1 - peer: DC1-LEAF2A - peer_interface: Ethernet54/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2A_Ethernet54/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.42/31 -- name: Ethernet4/1 peer: DC1-LEAF2A - peer_interface: Ethernet55/1 + peer_interface: Ethernet54/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4/1 description: P2P_LINK_TO_DC1-LEAF2A_Ethernet55/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.44/31 + peer: DC1-LEAF2A + peer_interface: Ethernet55/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.44/31 - name: Ethernet5/1 - peer: DC1-LEAF2B - peer_interface: Ethernet54/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-LEAF2B_Ethernet54/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.74/31 -- name: Ethernet6/1 peer: DC1-LEAF2B - peer_interface: Ethernet55/1 + peer_interface: Ethernet54/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6/1 description: P2P_LINK_TO_DC1-LEAF2B_Ethernet55/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.76/31 + peer: DC1-LEAF2B + peer_interface: Ethernet55/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.76/31 - name: Ethernet7/1 - peer: DC1-SVC3A - peer_interface: Ethernet52/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1-SVC3A_Ethernet52/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.102/31 -- name: Ethernet9/1 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet52/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet9/1 description: P2P_LINK_TO_DC1-SVC3B_Ethernet52/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.254.134/31 + peer: DC1-SVC3B + peer_interface: Ethernet52/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.254.134/31 - name: Ethernet22 - peer: DC1-BL1A - peer_interface: Ethernet4 - peer_type: l3leaf description: P2P_LINK_TO_DC1-BL1A_Ethernet4 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.166/31 -- name: Ethernet23 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet23 description: P2P_LINK_TO_DC1-BL1B_Ethernet4 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.198/31 -- name: Ethernet24 - peer: DC1-BL2A + peer: DC1-BL1B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet24 description: P2P_LINK_TO_DC1-BL2A_Ethernet4 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.254.230/31 -- name: Ethernet25 - peer: DC1-BL2B + peer: DC1-BL2A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet25 description: P2P_LINK_TO_DC1-BL2B_Ethernet4 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.6/31 -- name: Ethernet26 - peer: DC1-CL1A + peer: DC1-BL2B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet26 description: P2P_LINK_TO_DC1-CL1A_Ethernet4 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.38/31 -- name: Ethernet27 - peer: DC1-CL1B + peer: DC1-CL1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet27 description: P2P_LINK_TO_DC1-CL1B_Ethernet4 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.70/31 + peer: DC1-CL1B + peer_interface: Ethernet4 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.70/31 - name: Ethernet28 - peer: DC1_UNDEPLOYED_LEAF1A - peer_interface: Ethernet52/1 - peer_type: l3leaf description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1A_Ethernet52/1 - speed: 100g-2 shutdown: false + speed: 100g-2 mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.134/31 -- name: Ethernet29 - peer: DC1_UNDEPLOYED_LEAF1B + peer: DC1_UNDEPLOYED_LEAF1A peer_interface: Ethernet52/1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet29 description: P2P_LINK_TO_DC1_UNDEPLOYED_LEAF1B_Ethernet52/1 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.166/31 + peer: DC1_UNDEPLOYED_LEAF1B + peer_interface: Ethernet52/1 + peer_type: l3leaf switchport: enabled: false - ip_address: 172.31.255.166/31 +hostname: DC1-SPINE4 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.4/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -454,5 +252,207 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7280R3 +router_bgp: + as: '65001' + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.254.7 + peer_group: UNDERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Ethernet30 + - ip_address: 172.31.254.43 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet54/1 + - ip_address: 172.31.254.45 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Ethernet55/1 + - ip_address: 172.31.254.75 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet54/1 + - ip_address: 172.31.254.77 + peer_group: UNDERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Ethernet55/1 + - ip_address: 172.31.254.103 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Ethernet52/1 + - ip_address: 172.31.254.135 + peer_group: UNDERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Ethernet52/1 + - ip_address: 172.31.254.167 + peer_group: UNDERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Ethernet4 + - ip_address: 172.31.254.199 + peer_group: UNDERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Ethernet4 + - ip_address: 172.31.254.231 + peer_group: UNDERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A_Ethernet4 + - ip_address: 172.31.255.7 + peer_group: UNDERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B_Ethernet4 + - ip_address: 172.31.255.39 + peer_group: UNDERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A_Ethernet4 + - ip_address: 172.31.255.71 + peer_group: UNDERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B_Ethernet4 + - ip_address: 172.31.255.135 + peer_group: UNDERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A_Ethernet52/1 + - ip_address: 172.31.255.167 + peer_group: UNDERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B_Ethernet52/1 + - ip_address: 192.168.255.14 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A + - ip_address: 192.168.255.15 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B + - ip_address: 192.168.255.16 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' + peer: DC1-BL2A + description: DC1-BL2A + - ip_address: 192.168.255.17 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65107' + peer: DC1-BL2B + description: DC1-BL2B + - ip_address: 192.168.255.18 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65108' + peer: DC1-CL1A + description: DC1-CL1A + - ip_address: 192.168.255.19 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65109' + peer: DC1-CL1B + description: DC1-CL1B + - ip_address: 192.168.42.42 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B + - ip_address: 192.168.255.12 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A + - ip_address: 192.168.255.13 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B + - ip_address: 192.168.255.21 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65110' + peer: DC1_UNDEPLOYED_LEAF1A + description: DC1_UNDEPLOYED_LEAF1A + - ip_address: 192.168.255.22 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65111' + peer: DC1_UNDEPLOYED_LEAF1B + description: DC1_UNDEPLOYED_LEAF1B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +router_general: + router_id: + ipv4: 192.168.255.4 +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-SPINE4 +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3A.yml index 69d1335e44d..b2a507ef7b3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3A.yml @@ -1,427 +1,6 @@ -hostname: DC1-SVC3A -is_deployed: true -router_bgp: - as: '65103' - router_id: 192.168.255.12 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-PEERS - type: ipv4 - remote_as: '65103' - next_hop_self: true - description: MLAG_PEER_DC1-SVC3B - password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B - - ip_address: 172.31.254.96 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet7/1 - - ip_address: 172.31.254.98 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/7/1 - - ip_address: 172.31.254.100 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/7/1 - - ip_address: 172.31.254.102 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet7/1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_A_APP_Zone - rd: '65103:12' - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_A_DB_Zone - rd: '65103:13' - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_A_ERP_Zone - rd: '65103:17' - route_targets: - import: - - address_family: evpn - route_targets: - - '17:17' - export: - - address_family: evpn - route_targets: - - '17:17' - router_id: 192.168.255.12 - neighbors: - - ip_address: 172.31.12.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_A_OP_Zone - rd: '65103:9' - route_targets: - import: - - address_family: evpn - route_targets: - - '9:9' - export: - - address_family: evpn - route_targets: - - '9:9' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_A_WAN_Zone - rd: '65103:14' - route_targets: - import: - - address_family: evpn - route_targets: - - '14:14' - - 65000:456 - export: - - address_family: evpn - route_targets: - - '14:14' - - 65000:789 - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_A_WEB_Zone - rd: '65103:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 172.31.11.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_B_OP_Zone - rd: '65103:20' - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_B_WAN_Zone - rd: '65103:21' - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_C_OP_Zone - rd: '65103:30' - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - - name: Tenant_C_WAN_Zone - rd: '65103:31' - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: '65103:12' - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: '65103:13' - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_ERP_Zone - rd: '65103:17' - route_targets: - both: - - '17:17' - redistribute_routes: - - learned - vlan: '122' - - name: Tenant_A_OP_Zone - rd: '65103:9' - route_targets: - both: - - '9:9' - redistribute_routes: - - learned - vlan: 110-112 - - name: Tenant_A_WAN_Zone - rd: '65103:14' - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: '65103:11' - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 65103:20161 - route_targets: - both: - - 20161:20161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 65103:20160 - route_targets: - both: - - 20160:20160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: '65103:20' - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: '65103:21' - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: '65103:30' - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: Tenant_C_WAN_Zone - rd: '65103:31' - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -429,535 +8,632 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4090,4092 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_ERP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-SVC3A -vlans: -- id: 4090 - tenant: system - name: LEAF_PEER_L3 - trunk_groups: - - LEAF_PEER_L3 -- id: 4092 - tenant: system - name: MLAG_PEER - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_iBGP_Tenant_A_APP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_iBGP_Tenant_A_DB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 122 - name: Tenant_A_ERP_Zone_1 - tenant: Tenant_A -- id: 3016 - name: MLAG_iBGP_Tenant_A_ERP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 3008 - name: MLAG_iBGP_Tenant_A_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_iBGP_Tenant_A_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_iBGP_Tenant_A_WEB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_iBGP_Tenant_B_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_iBGP_Tenant_B_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_iBGP_Tenant_C_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_iBGP_Tenant_C_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C -vlan_interfaces: -- name: Vlan4090 - description: MLAG_PEER_L3_PEERING +ethernet_interfaces: +- name: Ethernet53/1 + description: MLAG_PEER_DC1-SVC3B_Ethernet53/1 shutdown: false - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan4092 - description: MLAG_PEER + speed: 100g + channel_group: + id: 2000 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet53/1 + peer_type: mlag_peer +- name: Ethernet54/1 + description: MLAG_PEER_DC1-SVC3B_Ethernet54/1 shutdown: false - no_autostate: true + speed: 100g + channel_group: + id: 2000 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet54/1 + peer_type: mlag_peer +- name: Ethernet7 + description: DC1-L2LEAF2A_Ethernet1 + shutdown: false + speed: 100g-2 + channel_group: + id: 1007 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet8 + description: DC1-L2LEAF2B_Ethernet1 + shutdown: false + speed: 100g-2 + channel_group: + id: 1007 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet49/1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet7/1 + shutdown: false + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 - description: Tenant_A_APP_Zone_1 + ip_address: 172.31.254.97/31 + peer: DC1-SPINE1 + peer_interface: Ethernet7/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet50/1 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/7/1 shutdown: false - ip_address_virtual: 10.1.30.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan131 - tenant: Tenant_A - tags: - - app - description: Tenant_A_APP_Zone_2 + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.99/31 + peer: DC1-SPINE2 + peer_interface: Ethernet1/7/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet51/1 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/7/1 shutdown: false - ip_address_virtual: 10.1.31.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.101/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/7/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet52/1 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet7/1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_APP_Zone' - vrf: Tenant_A_APP_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan140 - tenant: Tenant_A - tags: - - db - - erp1 - description: Tenant_A_DB_BZone_1 + ip_address: 172.31.254.103/31 + peer: DC1-SPINE4 + peer_interface: Ethernet7/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet10 + description: server03_ESI_Eth1 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan141 - tenant: Tenant_A - tags: - - db - description: Tenant_A_DB_Zone_2 + channel_group: + id: 10 + mode: active + peer: server03_ESI + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A_B +- name: Ethernet11 + description: server04_inherit_all_from_profile_Eth1 shutdown: false - ip_address_virtual: 10.1.41.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering + l2_mtu: 8000 + l2_mru: 9000 + storm_control: + all: + level: '10.0' + unit: percent + broadcast: + level: '100.0' + unit: pps + multicast: + level: '1.5' + unit: percent + unknown_unicast: + level: '2.8' + unit: percent + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge + peer: server04_inherit_all_from_profile + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet12 + description: server05_no_profile_Eth1 + shutdown: false + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge + peer: server05_no_profile + peer_interface: Eth1 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet13 + description: server06_override_profile_Eth1 + shutdown: false + l2_mtu: 8000 + l2_mru: 9000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server06_override_profile + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet14 + description: server07_inherit_all_from_profile_port_channel_Eth1 + shutdown: false + channel_group: + id: 14 + mode: active + peer: server07_inherit_all_from_profile_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL +- name: Ethernet15 + description: server08_no_profile_port_channel_Eth1 + shutdown: false + channel_group: + id: 15 + mode: 'on' + peer: server08_no_profile_port_channel + peer_interface: Eth1 + peer_type: server +- name: Ethernet16 + description: server09_override_profile_no_port_channel_Eth1 + shutdown: false + l2_mtu: 8000 + l2_mru: 9000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server09_override_profile_no_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet17 + description: server10_no_profile_port_channel_lacp_fallback_Eth1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_DB_Zone' - vrf: Tenant_A_DB_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan122 - tenant: Tenant_A - tags: - - erp3 - description: Tenant_A_ERP_Zone_1 + channel_group: + id: 17 + mode: passive + lacp_port_priority: 8192 + peer: server10_no_profile_port_channel_lacp_fallback + peer_interface: Eth1 + peer_type: server +- name: Ethernet18 + description: server11_inherit_profile_port_channel_lacp_fallback_Eth1 shutdown: false - ip_address_virtual: 10.1.30.1/24 - ip_address_virtual_secondaries: - - 10.2.30.1/24 - - 10.2.31.1/24 - vrf: Tenant_A_ERP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan3016 - tenant: Tenant_A - type: underlay_peering + channel_group: + id: 18 + mode: active + lacp_port_priority: 8192 + peer: server11_inherit_profile_port_channel_lacp_fallback + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK +- name: Ethernet19 + description: server12_inherit_nested_profile_port_channel_lacp_fallback_Eth1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_ERP_Zone' - vrf: Tenant_A_ERP_Zone - mtu: 1500 - ip_address: 172.31.12.6/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_1 + channel_group: + id: 19 + mode: active + lacp_port_priority: 8192 + peer: server12_inherit_nested_profile_port_channel_lacp_fallback + peer_interface: Eth1 + peer_type: server + port_profile: NESTED_PORT_PROFILE +- name: Ethernet20 + description: server13_disabled_interfaces_Eth1 + shutdown: true + peer: server13_disabled_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet21 + description: server14_explicitly_enabled_interfaces_Eth1 shutdown: false - access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_2 + peer: server14_explicitly_enabled_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet22 + description: server15_port_channel_with_disabled_phy_interfaces_Eth1 + shutdown: true + channel_group: + id: 22 + mode: active + peer: server15_port_channel_with_disabled_phy_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A +- name: Ethernet23 + description: server16_port_channel_with_disabled_port_channel_Eth1 shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: MGMT -- name: Vlan112 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_3 + channel_group: + id: 23 + mode: active + peer: server16_port_channel_with_disabled_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A +- name: Ethernet24 + description: server17_port_channel_with_disabled_phy_and_po_interfaces_Eth1 + shutdown: true + channel_group: + id: 24 + mode: active + peer: server17_port_channel_with_disabled_phy_and_po_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A +- name: Ethernet25 + description: server18_monitoring_session_source_phys_interfaces_Eth1 shutdown: false - mtu: 1560 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 2.2.2.2 - source_interface: lo101 - vrf: MGMT -- name: Vlan3008 - tenant: Tenant_A - type: underlay_peering + peer: server18_monitoring_session_source_phys_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet27 + description: server18_monitoring_session_source_po_Eth3 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_OP_Zone' - vrf: Tenant_A_OP_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 + channel_group: + id: 27 + mode: active + peer: server18_monitoring_session_source_po + peer_interface: Eth3 + peer_type: server + port_profile: TENANT_A +- name: Ethernet28 + description: server18_monitoring_session_source_phys_interface_Eth5 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone - ospf_area: '1' - ospf_network_point_to_point: false - ospf_cost: 100 - ospf_authentication: simple - ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan3013 - tenant: Tenant_A - type: underlay_peering + peer: server18_monitoring_session_source_phys_interface + peer_interface: Eth5 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet26 + description: server19_monitoring_session_destination_phys_Eth1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WAN_Zone' - vrf: Tenant_A_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan120 - tenant: Tenant_A - tags: - - web - - erp1 - description: Tenant_A_WEB_Zone_1 + peer: server19_monitoring_session_destination_phys + peer_interface: Eth1 + peer_type: server + switchport: + enabled: true +- name: Ethernet40 + description: server20_monitoring_session_destination_phys_Eth1 shutdown: false - ip_address_virtual: 10.1.20.1/24 - ip_address_virtual_secondaries: - - 10.2.20.1/24 - - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan121 - tenant: Tenant_A - tags: - - web - description: Tenant_A_WEBZone_2 - shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 - vrf: Tenant_A_WEB_Zone -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering + peer: server20_monitoring_session_destination_phys + peer_interface: Eth1 + peer_type: server + switchport: + enabled: true +- name: Ethernet42 + description: server21_monitoring_session_destination_po_Eth1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WEB_Zone' - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ip_address: 172.31.11.6/31 -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 + channel_group: + id: 42 + mode: active + peer: server21_monitoring_session_destination_po + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A +- name: Ethernet29 + description: SERVER_server22_port_channel_with_custom_id_Po1291 shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 + channel_group: + id: 1291 + mode: active + peer: server22_port_channel_with_custom_id + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A +- name: Ethernet30 + description: server23_phone_int_1 shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering + peer: server23_phone + peer_interface: int_1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: trunk phone +- name: Ethernet31 + description: server24_port_channel_lacp_timer_profile_Eth1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_OP_Zone' - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 + channel_group: + id: 31 + mode: active + lacp_timer: + mode: fast + multiplier: 10 + peer: server24_port_channel_lacp_timer_profile + peer_interface: Eth1 + peer_type: server + port_profile: PORT_CHANNEL_LACP_TIMER +- name: Ethernet32 + description: server25_port_channel_lacp_timer_Eth1 shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering + channel_group: + id: 32 + mode: active + lacp_timer: + mode: fast + multiplier: 5 + peer: server25_port_channel_lacp_timer + peer_interface: Eth1 + peer_type: server +- name: Ethernet33 + description: server26_port_channel_lacp_timer_profile_Eth1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 + channel_group: + id: 33 + mode: active + lacp_timer: + mode: normal + multiplier: 100 + peer: server26_port_channel_lacp_timer_profile + peer_interface: Eth1 + peer_type: server + port_profile: PORT_CHANNEL_LACP_TIMER_NORMAL +- name: Ethernet34 + description: server27_port_channel_lacp_timer_Eth1 shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 + channel_group: + id: 34 + mode: active + lacp_timer: + mode: normal + multiplier: 50 + peer: server27_port_channel_lacp_timer + peer_interface: Eth1 + peer_type: server +- name: Ethernet43 + description: server28_monitoring_session_source_settings_access_group_Eth3 shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering + channel_group: + id: 43 + mode: active + peer: server28_monitoring_session_source_settings_access_group + peer_interface: Eth3 + peer_type: server + port_profile: TENANT_A +hostname: DC1-SVC3A +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 + ip_address: 192.168.255.12/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering + ip_address: 192.168.254.12/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.6/31 + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.12/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +mlag_configuration: + domain_id: custom_mlag_domain_id + local_interface: Vlan4092 + peer_address: 10.255.252.7 + peer_link: Port-Channel2000 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +monitor_sessions: +- name: MonitoringSessionServer18 + sources: + - name: Port-Channel43 + direction: tx + access_group: + type: ip + name: myIpAVL + priority: 5 +- name: MonitoringSessionServer18WithDest + sources: + - name: Ethernet25 + direction: rx + - name: Port-Channel27 + direction: tx + - name: Ethernet28 + direction: tx + destinations: + - Ethernet26 + - Ethernet40 + - Port-Channel42 + encapsulation_gre_metadata_tx: false + header_remove_size: 200 + access_group: + type: mac + name: mac_acl + rate_limit_per_ingress_chip: 30 bps + rate_limit_per_egress_chip: 30 bps + sample: 10 + truncate: + enabled: true + size: 20 +- name: MonitoringSessionServer18WithoutDest + sources: + - name: Ethernet25 + direction: tx +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT port_channel_interfaces: - name: Port-Channel2000 description: MLAG_PEER_DC1-SVC3B_Po2000 + shutdown: false switchport: enabled: true mode: trunk trunk: + allowed_vlan: 1-4094 groups: - MLAG - LEAF_PEER_L3 - allowed_vlan: 1-4094 - shutdown: false - name: Port-Channel1007 description: DC1_L2LEAF2_Po1001 + shutdown: false + mlag: 1007 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-122,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 1007 - name: Port-Channel10 description: server03_ESI_PortChanne1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 evpn_ethernet_segment: identifier: 0000:0000:0303:0202:0101 route_target: 03:03:02:02:01:01 lacp_id: 0303.0202.0101 -- name: Port-Channel14 - description: server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false switchport: enabled: true mode: trunk trunk: - allowed_vlan: 1-4094 + allowed_vlan: 110-111,210-211 +- name: Port-Channel14 + description: server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 l2_mru: 9000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - spanning_tree_bpduguard: enabled + mlag: 14 storm_control: all: level: '10' @@ -971,18 +647,18 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 14 -- name: Port-Channel15 - description: server08_no_profile_port_channel_server08_no_profile_port_channel - shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: disabled +- name: Port-Channel15 + description: server08_no_profile_port_channel_server08_no_profile_port_channel + shutdown: false + mlag: 15 storm_control: all: level: '10' @@ -996,18 +672,20 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 15 -- name: Port-Channel17 - description: server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: disabled +- name: Port-Channel17 + description: server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback + shutdown: false + mlag: 17 + lacp_fallback_timeout: 90 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1021,21 +699,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 17 - lacp_fallback_mode: static - lacp_fallback_timeout: 90 -- name: Port-Channel18 - description: server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel18 + description: server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'True' + mlag: 18 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1049,21 +727,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 18 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 -- name: Port-Channel19 - description: server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel19 + description: server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'True' + mlag: 19 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1077,634 +755,997 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 19 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 - name: Port-Channel22 description: server15_port_channel_with_disabled_phy_interfaces_server15_port_channel_with_disabled_phy_interfaces shutdown: false + mlag: 22 switchport: enabled: true mode: access access_vlan: 110 - mlag: 22 - name: Port-Channel23 description: server16_port_channel_with_disabled_port_channel_server16_port_channel_with_disabled_port_channel shutdown: true + mlag: 23 switchport: enabled: true mode: access access_vlan: 110 - mlag: 23 - name: Port-Channel24 description: server17_port_channel_with_disabled_phy_and_po_interfaces_server17_port_channel_with_disabled_phy_and_po_interfaces shutdown: true + mlag: 24 switchport: enabled: true mode: access access_vlan: 110 - mlag: 24 - name: Port-Channel27 description: server18_monitoring_session_source_po_server18_monitoring_session_source_po shutdown: false + mlag: 27 switchport: enabled: true mode: access access_vlan: 110 - mlag: 27 - name: Port-Channel42 description: server21_monitoring_session_destination_po_server21_monitoring_session_destination_po shutdown: false + mlag: 42 switchport: enabled: true mode: access access_vlan: 110 - mlag: 42 - name: Port-Channel1291 description: SERVER_server22_port_channel_with_custom_id_server22_port_channel_with_custom_id shutdown: false + mlag: 1291 switchport: enabled: true mode: access access_vlan: 110 - mlag: 1291 - name: Port-Channel31 description: server24_port_channel_lacp_timer_profile_server24_port_channel_with_lacp_timer shutdown: false + mlag: 31 switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - mlag: 31 - name: Port-Channel32 description: server25_port_channel_lacp_timer_server25_port_channel_with_lacp_timer shutdown: false + mlag: 32 switchport: enabled: true - mlag: 32 - name: Port-Channel33 description: server26_port_channel_lacp_timer_profile_server26_port_channel_with_lacp_timer shutdown: false + mlag: 33 switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - mlag: 33 - name: Port-Channel34 description: server27_port_channel_lacp_timer_server27_port_channel_with_lacp_timer shutdown: false + mlag: 34 switchport: enabled: true - mlag: 34 - name: Port-Channel43 description: server28_monitoring_session_source_settings_access_group_server28_monitoring_session_source_settings_access_group shutdown: false + mlag: 43 switchport: enabled: true mode: access access_vlan: 110 - mlag: 43 -ethernet_interfaces: -- name: Ethernet53/1 - peer: DC1-SVC3B - peer_interface: Ethernet53/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-SVC3B_Ethernet53/1 - shutdown: false - channel_group: - id: 2000 - mode: active - speed: 100g -- name: Ethernet54/1 - peer: DC1-SVC3B - peer_interface: Ethernet54/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-SVC3B_Ethernet54/1 - shutdown: false - channel_group: - id: 2000 - mode: active - speed: 100g -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf - description: DC1-L2LEAF2A_Ethernet1 - speed: 100g-2 - shutdown: false - channel_group: - id: 1007 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet1 - peer_type: l2leaf - description: DC1-L2LEAF2B_Ethernet1 - speed: 100g-2 - shutdown: false - channel_group: - id: 1007 - mode: active -- name: Ethernet49/1 - peer: DC1-SPINE1 - peer_interface: Ethernet7/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet7/1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.97/31 -- name: Ethernet50/1 - peer: DC1-SPINE2 - peer_interface: Ethernet1/7/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/7/1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.99/31 -- name: Ethernet51/1 - peer: DC1-SPINE3 - peer_interface: Ethernet1/7/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/7/1 - speed: forced 100gfull +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.6/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65103' + router_id: 192.168.255.12 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-PEERS + type: ipv4 + remote_as: '65103' + description: MLAG_PEER_DC1-SVC3B + next_hop_self: true + password: 15AwQNBEJ1nyF/kBEtoAGw== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + peer: DC1-SVC3B + description: DC1-SVC3B + - ip_address: 172.31.254.96 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet7/1 + - ip_address: 172.31.254.98 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/7/1 + - ip_address: 172.31.254.100 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/7/1 + - ip_address: 172.31.254.102 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet7/1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: '65103:12' + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: '65103:13' + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_ERP_Zone + rd: '65103:17' + route_targets: + both: + - '17:17' + redistribute_routes: + - learned + vlan: '122' + - name: Tenant_A_OP_Zone + rd: '65103:9' + route_targets: + both: + - '9:9' + redistribute_routes: + - learned + vlan: 110-112 + - name: Tenant_A_WAN_Zone + rd: '65103:14' + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: '65103:11' + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 65103:20161 + route_targets: + both: + - 20161:20161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 65103:20160 + route_targets: + both: + - 20160:20160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: '65103:20' + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: '65103:21' + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: '65103:30' + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: '65103:31' + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: '65103:12' + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: '65103:13' + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + - name: Tenant_A_ERP_Zone + rd: '65103:17' + route_targets: + import: + - address_family: evpn + route_targets: + - '17:17' + export: + - address_family: evpn + route_targets: + - '17:17' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 172.31.12.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + - name: Tenant_A_OP_Zone + rd: '65103:9' + route_targets: + import: + - address_family: evpn + route_targets: + - '9:9' + export: + - address_family: evpn + route_targets: + - '9:9' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_WAN_Zone + rd: '65103:14' + route_targets: + import: + - address_family: evpn + route_targets: + - '14:14' + - 65000:456 + export: + - address_family: evpn + route_targets: + - '14:14' + - 65000:789 + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + - name: Tenant_A_WEB_Zone + rd: '65103:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 172.31.11.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: '65103:20' + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_B_WAN_Zone + rd: '65103:21' + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_OP_Zone + rd: '65103:30' + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: '65103:31' + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-SVC3A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4090,4092 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.12 +vlan_interfaces: +- name: Vlan4090 + description: MLAG_PEER_L3_PEERING shutdown: false + ip_address: 10.255.251.6/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.101/31 -- name: Ethernet52/1 - peer: DC1-SPINE4 - peer_interface: Ethernet7/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet7/1 - speed: forced 100gfull +- name: Vlan4092 + description: MLAG_PEER shutdown: false + ip_address: 10.255.252.6/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.103/31 -- name: Ethernet10 - peer: server03_ESI - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A_B - description: server03_ESI_Eth1 - shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet11 - peer: server04_inherit_all_from_profile - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: server04_inherit_all_from_profile_Eth1 - shutdown: false - l2_mtu: 8000 - l2_mru: 9000 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: disabled - storm_control: - all: - level: '10.0' - unit: percent - broadcast: - level: '100.0' - unit: pps - multicast: - level: '1.5' - unit: percent - unknown_unicast: - level: '2.8' - unit: percent -- name: Ethernet12 - peer: server05_no_profile - peer_interface: Eth1 - peer_type: server - description: server05_no_profile_Eth1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: disabled - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet13 - peer: server06_override_profile - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: server06_override_profile_Eth1 + no_autostate: true +- name: Vlan130 + description: Tenant_A_APP_Zone_1 shutdown: false - l2_mtu: 8000 - l2_mru: 9000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet14 - peer: server07_inherit_all_from_profile_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: server07_inherit_all_from_profile_port_channel_Eth1 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.30.1/24 + tenant: Tenant_A + tags: + - app + - erp1 +- name: Vlan131 + description: Tenant_A_APP_Zone_2 shutdown: false - channel_group: - id: 14 - mode: active -- name: Ethernet15 - peer: server08_no_profile_port_channel - peer_interface: Eth1 - peer_type: server - description: server08_no_profile_port_channel_Eth1 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 + tenant: Tenant_A + tags: + - app +- name: Vlan3011 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_APP_Zone' shutdown: false - channel_group: - id: 15 - mode: 'on' -- name: Ethernet16 - peer: server09_override_profile_no_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: server09_override_profile_no_port_channel_Eth1 + vrf: Tenant_A_APP_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan140 + description: Tenant_A_DB_BZone_1 shutdown: false - l2_mtu: 8000 - l2_mru: 9000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet17 - peer: server10_no_profile_port_channel_lacp_fallback - peer_interface: Eth1 - peer_type: server - description: server10_no_profile_port_channel_lacp_fallback_Eth1 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - db + - erp1 +- name: Vlan141 + description: Tenant_A_DB_Zone_2 shutdown: false - channel_group: - id: 17 - mode: passive - lacp_port_priority: 8192 -- name: Ethernet18 - peer: server11_inherit_profile_port_channel_lacp_fallback - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK - description: server11_inherit_profile_port_channel_lacp_fallback_Eth1 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.41.1/24 + tenant: Tenant_A + tags: + - db +- name: Vlan3012 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_DB_Zone' shutdown: false - channel_group: - id: 18 - mode: active - lacp_port_priority: 8192 -- name: Ethernet19 - peer: server12_inherit_nested_profile_port_channel_lacp_fallback - peer_interface: Eth1 - peer_type: server - port_profile: NESTED_PORT_PROFILE - description: server12_inherit_nested_profile_port_channel_lacp_fallback_Eth1 + vrf: Tenant_A_DB_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan122 + description: Tenant_A_ERP_Zone_1 shutdown: false - channel_group: - id: 19 - mode: active - lacp_port_priority: 8192 -- name: Ethernet20 - peer: server13_disabled_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server13_disabled_interfaces_Eth1 - shutdown: true - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet21 - peer: server14_explicitly_enabled_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server14_explicitly_enabled_interfaces_Eth1 + vrf: Tenant_A_ERP_Zone + ip_address_virtual: 10.1.30.1/24 + ip_address_virtual_secondaries: + - 10.2.30.1/24 + - 10.2.31.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - erp3 +- name: Vlan3016 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_ERP_Zone' shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet22 - peer: server15_port_channel_with_disabled_phy_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server15_port_channel_with_disabled_phy_interfaces_Eth1 - shutdown: true - channel_group: - id: 22 - mode: active -- name: Ethernet23 - peer: server16_port_channel_with_disabled_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server16_port_channel_with_disabled_port_channel_Eth1 + vrf: Tenant_A_ERP_Zone + ip_address: 172.31.12.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan110 + description: Tenant_A_OP_Zone_1 shutdown: false - channel_group: - id: 23 - mode: active -- name: Ethernet24 - peer: server17_port_channel_with_disabled_phy_and_po_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server17_port_channel_with_disabled_phy_and_po_interfaces_Eth1 - shutdown: true - channel_group: - id: 24 - mode: active -- name: Ethernet25 - peer: server18_monitoring_session_source_phys_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server18_monitoring_session_source_phys_interfaces_Eth1 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 + access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: Tenant_A_OP_Zone_2 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet27 - peer: server18_monitoring_session_source_po - peer_interface: Eth3 - peer_type: server - port_profile: TENANT_A - description: server18_monitoring_session_source_po_Eth3 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: MGMT + tenant: Tenant_A + tags: + - opzone +- name: Vlan112 + description: Tenant_A_OP_Zone_3 + shutdown: false + vrf: Tenant_A_OP_Zone + ip_helpers: + - ip_helper: 2.2.2.2 + source_interface: lo101 + vrf: MGMT + mtu: 1560 + tenant: Tenant_A + tags: + - opzone +- name: Vlan3008 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_OP_Zone' shutdown: false - channel_group: - id: 27 - mode: active -- name: Ethernet28 - peer: server18_monitoring_session_source_phys_interface - peer_interface: Eth5 - peer_type: server - port_profile: TENANT_A - description: server18_monitoring_session_source_phys_interface_Eth5 + vrf: Tenant_A_OP_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet26 - peer: server19_monitoring_session_destination_phys - peer_interface: Eth1 - peer_type: server - description: server19_monitoring_session_destination_phys_Eth1 + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + ospf_network_point_to_point: false + ospf_area: '1' + ospf_cost: 100 + ospf_authentication: simple + ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== + tenant: Tenant_A + tags: + - wan +- name: Vlan3013 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WAN_Zone' shutdown: false - switchport: - enabled: true -- name: Ethernet40 - peer: server20_monitoring_session_destination_phys - peer_interface: Eth1 - peer_type: server - description: server20_monitoring_session_destination_phys_Eth1 + vrf: Tenant_A_WAN_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan120 + description: Tenant_A_WEB_Zone_1 shutdown: false - switchport: - enabled: true -- name: Ethernet42 - peer: server21_monitoring_session_destination_po - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: server21_monitoring_session_destination_po_Eth1 + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 + ip_address_virtual_secondaries: + - 10.2.20.1/24 + - 10.2.21.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - web + - erp1 +- name: Vlan121 + description: Tenant_A_WEBZone_2 + shutdown: true + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +- name: Vlan3010 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WEB_Zone' shutdown: false - channel_group: - id: 42 - mode: active -- name: Ethernet29 - peer: server22_port_channel_with_custom_id - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: SERVER_server22_port_channel_with_custom_id_Po1291 + vrf: Tenant_A_WEB_Zone + ip_address: 172.31.11.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 shutdown: false - channel_group: - id: 1291 - mode: active -- name: Ethernet30 - peer: server23_phone - peer_interface: int_1 - peer_type: server - port_profile: TENANT_A - description: server23_phone_int_1 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 shutdown: false - switchport: - enabled: true - mode: trunk phone -- name: Ethernet31 - peer: server24_port_channel_lacp_timer_profile - peer_interface: Eth1 - peer_type: server - port_profile: PORT_CHANNEL_LACP_TIMER - description: server24_port_channel_lacp_timer_profile_Eth1 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_OP_Zone' shutdown: false - channel_group: - id: 31 - mode: active - lacp_timer: - mode: fast - multiplier: 10 -- name: Ethernet32 - peer: server25_port_channel_lacp_timer - peer_interface: Eth1 - peer_type: server - description: server25_port_channel_lacp_timer_Eth1 + vrf: Tenant_B_OP_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - channel_group: - id: 32 - mode: active - lacp_timer: - mode: fast - multiplier: 5 -- name: Ethernet33 - peer: server26_port_channel_lacp_timer_profile - peer_interface: Eth1 - peer_type: server - port_profile: PORT_CHANNEL_LACP_TIMER_NORMAL - description: server26_port_channel_lacp_timer_profile_Eth1 + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan3020 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' shutdown: false - channel_group: - id: 33 - mode: active - lacp_timer: - mode: normal - multiplier: 100 -- name: Ethernet34 - peer: server27_port_channel_lacp_timer - peer_interface: Eth1 - peer_type: server - description: server27_port_channel_lacp_timer_Eth1 + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 shutdown: false - channel_group: - id: 34 - mode: active - lacp_timer: - mode: normal - multiplier: 50 -- name: Ethernet43 - peer: server28_monitoring_session_source_settings_access_group - peer_interface: Eth3 - peer_type: server - port_profile: TENANT_A - description: server28_monitoring_session_source_settings_access_group_Eth3 + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - channel_group: - id: 43 - mode: active -mlag_configuration: - domain_id: custom_mlag_domain_id - local_interface: Vlan4092 - peer_address: 10.255.252.7 - peer_link: Port-Channel2000 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' shutdown: false - ip_address: 192.168.255.12/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.12/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.12/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.6/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.6/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4090 + name: LEAF_PEER_L3 + trunk_groups: + - LEAF_PEER_L3 + tenant: system +- id: 4092 + name: MLAG_PEER + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_iBGP_Tenant_A_APP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_iBGP_Tenant_A_DB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 122 + name: Tenant_A_ERP_Zone_1 + tenant: Tenant_A +- id: 3016 + name: MLAG_iBGP_Tenant_A_ERP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 3008 + name: MLAG_iBGP_Tenant_A_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_iBGP_Tenant_A_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_iBGP_Tenant_A_WEB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_iBGP_Tenant_B_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_iBGP_Tenant_B_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_iBGP_Tenant_C_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_iBGP_Tenant_C_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_ERP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1766,44 +1807,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.12 -monitor_sessions: -- name: MonitoringSessionServer18 - sources: - - name: Port-Channel43 - direction: tx - access_group: - type: ip - name: myIpAVL - priority: 5 -- name: MonitoringSessionServer18WithDest - sources: - - name: Ethernet25 - direction: rx - - name: Port-Channel27 - direction: tx - - name: Ethernet28 - direction: tx - destinations: - - Ethernet26 - - Ethernet40 - - Port-Channel42 - encapsulation_gre_metadata_tx: false - header_remove_size: 200 - access_group: - type: mac - name: mac_acl - rate_limit_per_ingress_chip: 30 bps - rate_limit_per_egress_chip: 30 bps - sample: 10 - truncate: - enabled: true - size: 20 -- name: MonitoringSessionServer18WithoutDest - sources: - - name: Ethernet25 - direction: tx -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3B.yml index 7d419e8da60..1dced3ad166 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3B.yml @@ -1,951 +1,585 @@ -hostname: DC1-SVC3B -is_deployed: true -router_bgp: - as: '65103' - router_id: 192.168.255.13 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-PEERS - type: ipv4 - remote_as: '65103' - next_hop_self: true - description: MLAG_PEER_DC1-SVC3A - password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A - - ip_address: 172.31.254.128 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet9/1 - - ip_address: 172.31.254.130 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1/9/1 - - ip_address: 172.31.254.132 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1/9/1 - - ip_address: 172.31.254.134 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet9/1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_A_APP_Zone - rd: '65103:12' - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_A_DB_Zone - rd: '65103:13' - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_A_ERP_Zone - rd: '65103:17' - route_targets: - import: - - address_family: evpn - route_targets: - - '17:17' - export: - - address_family: evpn - route_targets: - - '17:17' - router_id: 192.168.255.13 - neighbors: - - ip_address: 172.31.12.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_A_OP_Zone - rd: '65103:9' - route_targets: - import: - - address_family: evpn - route_targets: - - '9:9' - export: - - address_family: evpn - route_targets: - - '9:9' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_A_WAN_Zone - rd: '65103:14' - route_targets: - import: - - address_family: evpn - route_targets: - - '14:14' - - 65000:456 - export: - - address_family: evpn - route_targets: - - '14:14' - - 65000:789 - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_A_WEB_Zone - rd: '65103:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - neighbors: - - ip_address: 172.31.11.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_B_OP_Zone - rd: '65103:20' - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_B_WAN_Zone - rd: '65103:21' - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_C_OP_Zone - rd: '65103:30' - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - - name: Tenant_C_WAN_Zone - rd: '65103:31' - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: '65103:12' - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: '65103:13' - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_ERP_Zone - rd: '65103:17' - route_targets: - both: - - '17:17' - redistribute_routes: - - learned - vlan: '122' - - name: Tenant_A_OP_Zone - rd: '65103:9' - route_targets: - both: - - '9:9' - redistribute_routes: - - learned - vlan: 110-112 - - name: Tenant_A_WAN_Zone - rd: '65103:14' - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: '65103:11' - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 65103:20161 - route_targets: - both: - - 20161:20161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 65103:20160 - route_targets: - both: - - 20160:20160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: '65103:20' - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: '65103:21' - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: '65103:30' - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: Tenant_C_WAN_Zone - rd: '65103:31' - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4090,4092 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_ERP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1-SVC3B -vlans: -- id: 4090 - tenant: system - name: LEAF_PEER_L3 - trunk_groups: - - LEAF_PEER_L3 -- id: 4092 - tenant: system - name: MLAG_PEER - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_iBGP_Tenant_A_APP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_iBGP_Tenant_A_DB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 122 - name: Tenant_A_ERP_Zone_1 - tenant: Tenant_A -- id: 3016 - name: MLAG_iBGP_Tenant_A_ERP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 3008 - name: MLAG_iBGP_Tenant_A_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_iBGP_Tenant_A_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_iBGP_Tenant_A_WEB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_iBGP_Tenant_B_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_iBGP_Tenant_B_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_iBGP_Tenant_C_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_iBGP_Tenant_C_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C -vlan_interfaces: -- name: Vlan4090 - description: MLAG_PEER_L3_PEERING +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet53/1 + description: MLAG_PEER_DC1-SVC3A_Ethernet53/1 shutdown: false - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan4092 - description: MLAG_PEER + speed: 100g + channel_group: + id: 2000 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet53/1 + peer_type: mlag_peer +- name: Ethernet54/1 + description: MLAG_PEER_DC1-SVC3A_Ethernet54/1 shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 - description: Tenant_A_APP_Zone_1 + speed: 100g + channel_group: + id: 2000 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet54/1 + peer_type: mlag_peer +- name: Ethernet7 + description: DC1-L2LEAF2A_Ethernet2 shutdown: false - ip_address_virtual: 10.1.30.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan131 - tenant: Tenant_A - tags: - - app - description: Tenant_A_APP_Zone_2 + speed: 100g-2 + channel_group: + id: 1007 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet8 + description: DC1-L2LEAF2B_Ethernet2 shutdown: false - ip_address_virtual: 10.1.31.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering + speed: 100g-2 + channel_group: + id: 1007 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet49/1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet9/1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_APP_Zone' - vrf: Tenant_A_APP_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan140 - tenant: Tenant_A - tags: - - db - - erp1 - description: Tenant_A_DB_BZone_1 + ip_address: 172.31.254.129/31 + peer: DC1-SPINE1 + peer_interface: Ethernet9/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet50/1 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/9/1 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan141 - tenant: Tenant_A - tags: - - db - description: Tenant_A_DB_Zone_2 + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.131/31 + peer: DC1-SPINE2 + peer_interface: Ethernet1/9/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet51/1 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/9/1 shutdown: false - ip_address_virtual: 10.1.41.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.254.133/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1/9/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet52/1 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet9/1 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_DB_Zone' - vrf: Tenant_A_DB_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan122 - tenant: Tenant_A - tags: - - erp3 - description: Tenant_A_ERP_Zone_1 + ip_address: 172.31.254.135/31 + peer: DC1-SPINE4 + peer_interface: Ethernet9/1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet11 + description: server04_inherit_all_from_profile_Eth2 + shutdown: false + l2_mtu: 8000 + l2_mru: 9000 + storm_control: + all: + level: '10.0' + unit: percent + broadcast: + level: '100.0' + unit: pps + multicast: + level: '1.5' + unit: percent + unknown_unicast: + level: '2.8' + unit: percent + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge + peer: server04_inherit_all_from_profile + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet12 + description: server05_no_profile_Eth2 + shutdown: false + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge + peer: server05_no_profile + peer_interface: Eth2 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet13 + description: server06_override_profile_Eth2 shutdown: false - ip_address_virtual: 10.1.30.1/24 - ip_address_virtual_secondaries: - - 10.2.30.1/24 - - 10.2.31.1/24 - vrf: Tenant_A_ERP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan3016 - tenant: Tenant_A - type: underlay_peering + l2_mtu: 8000 + l2_mru: 9000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server06_override_profile + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet14 + description: server07_inherit_all_from_profile_port_channel_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_ERP_Zone' - vrf: Tenant_A_ERP_Zone - mtu: 1500 - ip_address: 172.31.12.7/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_1 + channel_group: + id: 14 + mode: active + peer: server07_inherit_all_from_profile_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL +- name: Ethernet15 + description: server08_no_profile_port_channel_Eth2 shutdown: false - access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_2 + channel_group: + id: 15 + mode: 'on' + peer: server08_no_profile_port_channel + peer_interface: Eth2 + peer_type: server +- name: Ethernet16 + description: server09_override_profile_no_port_channel_Eth2 shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: MGMT -- name: Vlan112 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_3 + l2_mtu: 8000 + l2_mru: 9000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: disabled + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server09_override_profile_no_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet17 + description: server10_no_profile_port_channel_lacp_fallback_Eth2 shutdown: false - mtu: 1560 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 2.2.2.2 - source_interface: lo101 - vrf: MGMT -- name: Vlan3008 - tenant: Tenant_A - type: underlay_peering + channel_group: + id: 17 + mode: passive + lacp_port_priority: 32768 + peer: server10_no_profile_port_channel_lacp_fallback + peer_interface: Eth2 + peer_type: server +- name: Ethernet18 + description: server11_inherit_profile_port_channel_lacp_fallback_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_OP_Zone' - vrf: Tenant_A_OP_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 + channel_group: + id: 18 + mode: active + lacp_port_priority: 32768 + peer: server11_inherit_profile_port_channel_lacp_fallback + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK +- name: Ethernet19 + description: server12_inherit_nested_profile_port_channel_lacp_fallback_Eth2 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone - ospf_area: '1' - ospf_network_point_to_point: false - ospf_cost: 100 - ospf_authentication: simple - ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan3013 - tenant: Tenant_A - type: underlay_peering + channel_group: + id: 19 + mode: active + lacp_port_priority: 32768 + peer: server12_inherit_nested_profile_port_channel_lacp_fallback + peer_interface: Eth2 + peer_type: server + port_profile: NESTED_PORT_PROFILE +- name: Ethernet20 + description: server13_disabled_interfaces_Eth2 + shutdown: true + peer: server13_disabled_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet21 + description: server14_explicitly_enabled_interfaces_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WAN_Zone' - vrf: Tenant_A_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan120 - tenant: Tenant_A - tags: - - web - - erp1 - description: Tenant_A_WEB_Zone_1 + peer: server14_explicitly_enabled_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet22 + description: server15_port_channel_with_disabled_phy_interfaces_Eth2 + shutdown: true + channel_group: + id: 22 + mode: active + peer: server15_port_channel_with_disabled_phy_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A +- name: Ethernet23 + description: server16_port_channel_with_disabled_port_channel_Eth2 shutdown: false - ip_address_virtual: 10.1.20.1/24 - ip_address_virtual_secondaries: - - 10.2.20.1/24 - - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan121 - tenant: Tenant_A - tags: - - web - description: Tenant_A_WEBZone_2 + channel_group: + id: 23 + mode: active + peer: server16_port_channel_with_disabled_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A +- name: Ethernet24 + description: server17_port_channel_with_disabled_phy_and_po_interfaces_Eth2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 - vrf: Tenant_A_WEB_Zone -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering + channel_group: + id: 24 + mode: active + peer: server17_port_channel_with_disabled_phy_and_po_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A +- name: Ethernet25 + description: server18_monitoring_session_source_phys_interfaces_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WEB_Zone' - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ip_address: 172.31.11.7/31 -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 + peer: server18_monitoring_session_source_phys_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet27 + description: server18_monitoring_session_source_po_Eth4 shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 + channel_group: + id: 27 + mode: active + peer: server18_monitoring_session_source_po + peer_interface: Eth4 + peer_type: server + port_profile: TENANT_A +- name: Ethernet26 + description: server19_monitoring_session_destination_phys_Eth2 shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering + peer: server19_monitoring_session_destination_phys + peer_interface: Eth2 + peer_type: server + switchport: + enabled: true +- name: Ethernet42 + description: server21_monitoring_session_destination_po_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_OP_Zone' - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 + channel_group: + id: 42 + mode: active + peer: server21_monitoring_session_destination_po + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A +- name: Ethernet29 + description: SERVER_server22_port_channel_with_custom_id_Po1291 shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering + channel_group: + id: 1291 + mode: active + peer: server22_port_channel_with_custom_id + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A +- name: Ethernet31 + description: server24_port_channel_lacp_timer_profile_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 + channel_group: + id: 31 + mode: active + lacp_timer: + mode: fast + multiplier: 10 + peer: server24_port_channel_lacp_timer_profile + peer_interface: Eth2 + peer_type: server + port_profile: PORT_CHANNEL_LACP_TIMER +- name: Ethernet32 + description: server25_port_channel_lacp_timer_Eth2 shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 + channel_group: + id: 32 + mode: active + lacp_timer: + mode: fast + multiplier: 5 + peer: server25_port_channel_lacp_timer + peer_interface: Eth2 + peer_type: server +- name: Ethernet33 + description: server26_port_channel_lacp_timer_profile_Eth2 shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering + channel_group: + id: 33 + mode: active + lacp_timer: + mode: normal + multiplier: 100 + peer: server26_port_channel_lacp_timer_profile + peer_interface: Eth2 + peer_type: server + port_profile: PORT_CHANNEL_LACP_TIMER_NORMAL +- name: Ethernet34 + description: server27_port_channel_lacp_timer_Eth2 shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 + channel_group: + id: 34 + mode: active + lacp_timer: + mode: normal + multiplier: 50 + peer: server27_port_channel_lacp_timer + peer_interface: Eth2 + peer_type: server +- name: Ethernet44 + description: server28_monitoring_session_source_settings_access_group_Eth4 shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering + channel_group: + id: 43 + mode: active + peer: server28_monitoring_session_source_settings_access_group + peer_interface: Eth4 + peer_type: server + port_profile: TENANT_A +hostname: DC1-SVC3B +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.7/31 + ip_address: 192.168.255.13/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.12/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.13/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +mlag_configuration: + domain_id: custom_mlag_domain_id + local_interface: Vlan4092 + peer_address: 10.255.252.6 + peer_link: Port-Channel2000 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +monitor_sessions: +- name: MonitoringSessionServer18 + sources: + - name: Port-Channel43 + direction: tx + access_group: + type: ip + name: myIpAVL + priority: 5 +- name: MonitoringSessionServer18WithDest + sources: + - name: Ethernet25 + direction: rx + - name: Port-Channel27 + direction: tx + destinations: + - Ethernet26 + - Port-Channel42 + encapsulation_gre_metadata_tx: true + header_remove_size: 20 + access_group: + type: ip + name: ip_acl + rate_limit_per_ingress_chip: 30 bps + rate_limit_per_egress_chip: 30 bps + sample: 10 + truncate: + enabled: true + size: 20 +- name: MonitoringSessionServer18WithoutDest + sources: + - name: Ethernet25 + direction: tx +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT port_channel_interfaces: - name: Port-Channel2000 description: MLAG_PEER_DC1-SVC3A_Po2000 + shutdown: false switchport: enabled: true mode: trunk trunk: + allowed_vlan: 1-4094 groups: - MLAG - LEAF_PEER_L3 - allowed_vlan: 1-4094 - shutdown: false - name: Port-Channel1007 description: DC1_L2LEAF2_Po1001 + shutdown: false + mlag: 1007 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-112,120-122,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 1007 - name: Port-Channel14 description: server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 l2_mtu: 8000 l2_mru: 9000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - spanning_tree_bpduguard: enabled + mlag: 14 storm_control: all: level: '10' @@ -959,18 +593,18 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 14 -- name: Port-Channel15 - description: server08_no_profile_port_channel_server08_no_profile_port_channel - shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_bpduguard: enabled + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: disabled +- name: Port-Channel15 + description: server08_no_profile_port_channel_server08_no_profile_port_channel + shutdown: false + mlag: 15 storm_control: all: level: '10' @@ -984,18 +618,20 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 15 -- name: Port-Channel17 - description: server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: disabled +- name: Port-Channel17 + description: server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback + shutdown: false + mlag: 17 + lacp_fallback_timeout: 90 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1009,21 +645,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 17 - lacp_fallback_mode: static - lacp_fallback_timeout: 90 -- name: Port-Channel18 - description: server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: disabled + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel18 + description: server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'True' + mlag: 18 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1037,21 +673,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 18 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 -- name: Port-Channel19 - description: server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel19 + description: server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'True' + mlag: 19 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1065,595 +701,997 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 19 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 - name: Port-Channel22 description: server15_port_channel_with_disabled_phy_interfaces_server15_port_channel_with_disabled_phy_interfaces shutdown: false + mlag: 22 switchport: enabled: true mode: access access_vlan: 110 - mlag: 22 - name: Port-Channel23 description: server16_port_channel_with_disabled_port_channel_server16_port_channel_with_disabled_port_channel shutdown: true + mlag: 23 switchport: enabled: true mode: access access_vlan: 110 - mlag: 23 - name: Port-Channel24 description: server17_port_channel_with_disabled_phy_and_po_interfaces_server17_port_channel_with_disabled_phy_and_po_interfaces shutdown: true + mlag: 24 switchport: enabled: true mode: access access_vlan: 110 - mlag: 24 - name: Port-Channel27 description: server18_monitoring_session_source_po_server18_monitoring_session_source_po shutdown: false + mlag: 27 switchport: enabled: true mode: access access_vlan: 110 - mlag: 27 - name: Port-Channel42 description: server21_monitoring_session_destination_po_server21_monitoring_session_destination_po shutdown: false + mlag: 42 switchport: enabled: true mode: access access_vlan: 110 - mlag: 42 - name: Port-Channel1291 description: SERVER_server22_port_channel_with_custom_id_server22_port_channel_with_custom_id shutdown: false + mlag: 1291 switchport: enabled: true mode: access access_vlan: 110 - mlag: 1291 - name: Port-Channel31 description: server24_port_channel_lacp_timer_profile_server24_port_channel_with_lacp_timer shutdown: false + mlag: 31 switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - mlag: 31 - name: Port-Channel32 description: server25_port_channel_lacp_timer_server25_port_channel_with_lacp_timer shutdown: false + mlag: 32 switchport: enabled: true - mlag: 32 - name: Port-Channel33 description: server26_port_channel_lacp_timer_profile_server26_port_channel_with_lacp_timer shutdown: false + mlag: 33 switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - mlag: 33 - name: Port-Channel34 description: server27_port_channel_lacp_timer_server27_port_channel_with_lacp_timer shutdown: false + mlag: 34 switchport: enabled: true - mlag: 34 - name: Port-Channel43 description: server28_monitoring_session_source_settings_access_group_server28_monitoring_session_source_settings_access_group shutdown: false + mlag: 43 switchport: enabled: true mode: access access_vlan: 110 - mlag: 43 -ethernet_interfaces: -- name: Ethernet53/1 - peer: DC1-SVC3A - peer_interface: Ethernet53/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-SVC3A_Ethernet53/1 - shutdown: false - channel_group: - id: 2000 - mode: active - speed: 100g -- name: Ethernet54/1 - peer: DC1-SVC3A - peer_interface: Ethernet54/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1-SVC3A_Ethernet54/1 - shutdown: false - channel_group: - id: 2000 - mode: active - speed: 100g -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf - description: DC1-L2LEAF2A_Ethernet2 - speed: 100g-2 - shutdown: false - channel_group: - id: 1007 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet2 - peer_type: l2leaf - description: DC1-L2LEAF2B_Ethernet2 - speed: 100g-2 - shutdown: false - channel_group: - id: 1007 - mode: active -- name: Ethernet49/1 - peer: DC1-SPINE1 - peer_interface: Ethernet9/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet9/1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.129/31 -- name: Ethernet50/1 - peer: DC1-SPINE2 - peer_interface: Ethernet1/9/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet1/9/1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.131/31 -- name: Ethernet51/1 - peer: DC1-SPINE3 - peer_interface: Ethernet1/9/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet1/9/1 - speed: forced 100gfull +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.6/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65103' + router_id: 192.168.255.13 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-PEERS + type: ipv4 + remote_as: '65103' + description: MLAG_PEER_DC1-SVC3A + next_hop_self: true + password: 15AwQNBEJ1nyF/kBEtoAGw== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + peer: DC1-SVC3A + description: DC1-SVC3A + - ip_address: 172.31.254.128 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet9/1 + - ip_address: 172.31.254.130 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet1/9/1 + - ip_address: 172.31.254.132 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet1/9/1 + - ip_address: 172.31.254.134 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet9/1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: '65103:12' + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: '65103:13' + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_ERP_Zone + rd: '65103:17' + route_targets: + both: + - '17:17' + redistribute_routes: + - learned + vlan: '122' + - name: Tenant_A_OP_Zone + rd: '65103:9' + route_targets: + both: + - '9:9' + redistribute_routes: + - learned + vlan: 110-112 + - name: Tenant_A_WAN_Zone + rd: '65103:14' + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: '65103:11' + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 65103:20161 + route_targets: + both: + - 20161:20161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 65103:20160 + route_targets: + both: + - 20160:20160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: '65103:20' + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: '65103:21' + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: '65103:30' + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: '65103:31' + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: '65103:12' + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: '65103:13' + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + - name: Tenant_A_ERP_Zone + rd: '65103:17' + route_targets: + import: + - address_family: evpn + route_targets: + - '17:17' + export: + - address_family: evpn + route_targets: + - '17:17' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 172.31.12.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + - name: Tenant_A_OP_Zone + rd: '65103:9' + route_targets: + import: + - address_family: evpn + route_targets: + - '9:9' + export: + - address_family: evpn + route_targets: + - '9:9' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_WAN_Zone + rd: '65103:14' + route_targets: + import: + - address_family: evpn + route_targets: + - '14:14' + - 65000:456 + export: + - address_family: evpn + route_targets: + - '14:14' + - 65000:789 + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + - name: Tenant_A_WEB_Zone + rd: '65103:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 172.31.11.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: '65103:20' + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_B_WAN_Zone + rd: '65103:21' + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_OP_Zone + rd: '65103:30' + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: '65103:31' + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1-SVC3B +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4090,4092 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.13 +vlan_interfaces: +- name: Vlan4090 + description: MLAG_PEER_L3_PEERING shutdown: false + ip_address: 10.255.251.7/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.133/31 -- name: Ethernet52/1 - peer: DC1-SPINE4 - peer_interface: Ethernet9/1 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet9/1 - speed: forced 100gfull +- name: Vlan4092 + description: MLAG_PEER shutdown: false + ip_address: 10.255.252.7/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.254.135/31 -- name: Ethernet11 - peer: server04_inherit_all_from_profile - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: server04_inherit_all_from_profile_Eth2 - shutdown: false - l2_mtu: 8000 - l2_mru: 9000 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: disabled - storm_control: - all: - level: '10.0' - unit: percent - broadcast: - level: '100.0' - unit: pps - multicast: - level: '1.5' - unit: percent - unknown_unicast: - level: '2.8' - unit: percent -- name: Ethernet12 - peer: server05_no_profile - peer_interface: Eth2 - peer_type: server - description: server05_no_profile_Eth2 + no_autostate: true +- name: Vlan130 + description: Tenant_A_APP_Zone_1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: disabled - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet13 - peer: server06_override_profile - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: server06_override_profile_Eth2 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.30.1/24 + tenant: Tenant_A + tags: + - app + - erp1 +- name: Vlan131 + description: Tenant_A_APP_Zone_2 shutdown: false - l2_mtu: 8000 - l2_mru: 9000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet14 - peer: server07_inherit_all_from_profile_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: server07_inherit_all_from_profile_port_channel_Eth2 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 + tenant: Tenant_A + tags: + - app +- name: Vlan3011 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_APP_Zone' shutdown: false - channel_group: - id: 14 - mode: active -- name: Ethernet15 - peer: server08_no_profile_port_channel - peer_interface: Eth2 - peer_type: server - description: server08_no_profile_port_channel_Eth2 + vrf: Tenant_A_APP_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan140 + description: Tenant_A_DB_BZone_1 shutdown: false - channel_group: - id: 15 - mode: 'on' -- name: Ethernet16 - peer: server09_override_profile_no_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: server09_override_profile_no_port_channel_Eth2 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - db + - erp1 +- name: Vlan141 + description: Tenant_A_DB_Zone_2 shutdown: false - l2_mtu: 8000 - l2_mru: 9000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: disabled - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet17 - peer: server10_no_profile_port_channel_lacp_fallback - peer_interface: Eth2 - peer_type: server - description: server10_no_profile_port_channel_lacp_fallback_Eth2 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.41.1/24 + tenant: Tenant_A + tags: + - db +- name: Vlan3012 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_DB_Zone' shutdown: false - channel_group: - id: 17 - mode: passive - lacp_port_priority: 32768 -- name: Ethernet18 - peer: server11_inherit_profile_port_channel_lacp_fallback - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK - description: server11_inherit_profile_port_channel_lacp_fallback_Eth2 + vrf: Tenant_A_DB_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan122 + description: Tenant_A_ERP_Zone_1 shutdown: false - channel_group: - id: 18 - mode: active - lacp_port_priority: 32768 -- name: Ethernet19 - peer: server12_inherit_nested_profile_port_channel_lacp_fallback - peer_interface: Eth2 - peer_type: server - port_profile: NESTED_PORT_PROFILE - description: server12_inherit_nested_profile_port_channel_lacp_fallback_Eth2 + vrf: Tenant_A_ERP_Zone + ip_address_virtual: 10.1.30.1/24 + ip_address_virtual_secondaries: + - 10.2.30.1/24 + - 10.2.31.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - erp3 +- name: Vlan3016 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_ERP_Zone' shutdown: false - channel_group: - id: 19 - mode: active - lacp_port_priority: 32768 -- name: Ethernet20 - peer: server13_disabled_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server13_disabled_interfaces_Eth2 - shutdown: true - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet21 - peer: server14_explicitly_enabled_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server14_explicitly_enabled_interfaces_Eth2 + vrf: Tenant_A_ERP_Zone + ip_address: 172.31.12.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan110 + description: Tenant_A_OP_Zone_1 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet22 - peer: server15_port_channel_with_disabled_phy_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server15_port_channel_with_disabled_phy_interfaces_Eth2 - shutdown: true - channel_group: - id: 22 - mode: active -- name: Ethernet23 - peer: server16_port_channel_with_disabled_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server16_port_channel_with_disabled_port_channel_Eth2 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 + access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: Tenant_A_OP_Zone_2 + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: MGMT + tenant: Tenant_A + tags: + - opzone +- name: Vlan112 + description: Tenant_A_OP_Zone_3 + shutdown: false + vrf: Tenant_A_OP_Zone + ip_helpers: + - ip_helper: 2.2.2.2 + source_interface: lo101 + vrf: MGMT + mtu: 1560 + tenant: Tenant_A + tags: + - opzone +- name: Vlan3008 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_OP_Zone' shutdown: false - channel_group: - id: 23 - mode: active -- name: Ethernet24 - peer: server17_port_channel_with_disabled_phy_and_po_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server17_port_channel_with_disabled_phy_and_po_interfaces_Eth2 - shutdown: true - channel_group: - id: 24 - mode: active -- name: Ethernet25 - peer: server18_monitoring_session_source_phys_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server18_monitoring_session_source_phys_interfaces_Eth2 + vrf: Tenant_A_OP_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet27 - peer: server18_monitoring_session_source_po - peer_interface: Eth4 - peer_type: server - port_profile: TENANT_A - description: server18_monitoring_session_source_po_Eth4 + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + ospf_network_point_to_point: false + ospf_area: '1' + ospf_cost: 100 + ospf_authentication: simple + ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== + tenant: Tenant_A + tags: + - wan +- name: Vlan3013 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WAN_Zone' shutdown: false - channel_group: - id: 27 - mode: active -- name: Ethernet26 - peer: server19_monitoring_session_destination_phys - peer_interface: Eth2 - peer_type: server - description: server19_monitoring_session_destination_phys_Eth2 + vrf: Tenant_A_WAN_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan120 + description: Tenant_A_WEB_Zone_1 shutdown: false - switchport: - enabled: true -- name: Ethernet42 - peer: server21_monitoring_session_destination_po - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: server21_monitoring_session_destination_po_Eth2 + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 + ip_address_virtual_secondaries: + - 10.2.20.1/24 + - 10.2.21.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - web + - erp1 +- name: Vlan121 + description: Tenant_A_WEBZone_2 + shutdown: true + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +- name: Vlan3010 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WEB_Zone' shutdown: false - channel_group: - id: 42 - mode: active -- name: Ethernet29 - peer: server22_port_channel_with_custom_id - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: SERVER_server22_port_channel_with_custom_id_Po1291 + vrf: Tenant_A_WEB_Zone + ip_address: 172.31.11.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 shutdown: false - channel_group: - id: 1291 - mode: active -- name: Ethernet31 - peer: server24_port_channel_lacp_timer_profile - peer_interface: Eth2 - peer_type: server - port_profile: PORT_CHANNEL_LACP_TIMER - description: server24_port_channel_lacp_timer_profile_Eth2 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 shutdown: false - channel_group: - id: 31 - mode: active - lacp_timer: - mode: fast - multiplier: 10 -- name: Ethernet32 - peer: server25_port_channel_lacp_timer - peer_interface: Eth2 - peer_type: server - description: server25_port_channel_lacp_timer_Eth2 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_OP_Zone' shutdown: false - channel_group: - id: 32 - mode: active - lacp_timer: - mode: fast - multiplier: 5 -- name: Ethernet33 - peer: server26_port_channel_lacp_timer_profile - peer_interface: Eth2 - peer_type: server - port_profile: PORT_CHANNEL_LACP_TIMER_NORMAL - description: server26_port_channel_lacp_timer_profile_Eth2 + vrf: Tenant_B_OP_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - channel_group: - id: 33 - mode: active - lacp_timer: - mode: normal - multiplier: 100 -- name: Ethernet34 - peer: server27_port_channel_lacp_timer - peer_interface: Eth2 - peer_type: server - description: server27_port_channel_lacp_timer_Eth2 + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan3020 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' shutdown: false - channel_group: - id: 34 - mode: active - lacp_timer: - mode: normal - multiplier: 50 -- name: Ethernet44 - peer: server28_monitoring_session_source_settings_access_group - peer_interface: Eth4 - peer_type: server - port_profile: TENANT_A - description: server28_monitoring_session_source_settings_access_group_Eth4 + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 shutdown: false - channel_group: - id: 43 - mode: active -mlag_configuration: - domain_id: custom_mlag_domain_id - local_interface: Vlan4092 - peer_address: 10.255.252.6 - peer_link: Port-Channel2000 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - ip_address: 192.168.255.13/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.12/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.6/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.7/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4090 + name: LEAF_PEER_L3 + trunk_groups: + - LEAF_PEER_L3 + tenant: system +- id: 4092 + name: MLAG_PEER + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_iBGP_Tenant_A_APP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_iBGP_Tenant_A_DB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 122 + name: Tenant_A_ERP_Zone_1 + tenant: Tenant_A +- id: 3016 + name: MLAG_iBGP_Tenant_A_ERP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 3008 + name: MLAG_iBGP_Tenant_A_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_iBGP_Tenant_A_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_iBGP_Tenant_A_WEB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_iBGP_Tenant_B_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_iBGP_Tenant_B_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_iBGP_Tenant_C_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_iBGP_Tenant_C_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_ERP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1715,41 +1753,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.13 -monitor_sessions: -- name: MonitoringSessionServer18 - sources: - - name: Port-Channel43 - direction: tx - access_group: - type: ip - name: myIpAVL - priority: 5 -- name: MonitoringSessionServer18WithDest - sources: - - name: Ethernet25 - direction: rx - - name: Port-Channel27 - direction: tx - destinations: - - Ethernet26 - - Port-Channel42 - encapsulation_gre_metadata_tx: true - header_remove_size: 20 - access_group: - type: ip - name: ip_acl - rate_limit_per_ingress_chip: 30 bps - rate_limit_per_egress_chip: 30 bps - sample: 10 - truncate: - enabled: true - size: 20 -- name: MonitoringSessionServer18WithoutDest - sources: - - name: Ethernet25 - direction: tx -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml index 9a7504ca2c8..d69786fb5db 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml @@ -1,10 +1,6 @@ -hostname: DC1.L2LEAF5A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,54 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1.L2LEAF5B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF5B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1.L2LEAF5B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF5B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet14/1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet14/1 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-LEAF2B_Ethernet14/1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet14/1 + peer_type: l3leaf +hostname: DC1.L2LEAF5A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +65,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +80,90 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.120/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF5 + local_interface: Vlan4091 + peer_address: 10.255.252.27 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1.L2LEAF5B_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: DC1_LEAF2_Po141 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,160-161 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1.L2LEAF5A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.26/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -117,80 +191,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.26/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1.L2LEAF5B_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: DC1_LEAF2_Po141 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,160-161 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1.L2LEAF5B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF5B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1.L2LEAF5B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF5B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet14/1 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet14/1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet14/1 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet14/1 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF5 - local_interface: Vlan4091 - peer_address: 10.255.252.27 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml index 698565f51a5..c7d5e192eaa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml @@ -1,10 +1,6 @@ -hostname: DC1.L2LEAF5B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,54 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1.L2LEAF5A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF5A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1.L2LEAF5A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF5A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet15/1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet15/1 + peer_type: l3leaf +- name: Ethernet2 + description: DC1-LEAF2B_Ethernet15/1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet15/1 + peer_type: l3leaf +hostname: DC1.L2LEAF5B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +65,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +80,90 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.121/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF5 + local_interface: Vlan4091 + peer_address: 10.255.252.26 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1.L2LEAF5A_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: DC1_LEAF2_Po141 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,160-161 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1.L2LEAF5B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.27/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -117,80 +191,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.27/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1.L2LEAF5A_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: DC1_LEAF2_Po141 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,160-161 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1.L2LEAF5A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF5A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1.L2LEAF5A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF5A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet15/1 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet15/1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet15/1 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet15/1 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF5 - local_interface: Vlan4091 - peer_address: 10.255.252.26 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6A.yml index bd62805950e..0035343c35c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6A.yml @@ -1,10 +1,6 @@ -hostname: DC1.L2LEAF6A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,45 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1.L2LEAF6B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF6B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1.L2LEAF6B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF6B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-LEAF2A_Ethernet30 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet30 + peer_type: l3leaf +hostname: DC1.L2LEAF6A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +56,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +71,90 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.122/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF6 + local_interface: Vlan4091 + peer_address: 10.255.252.31 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1.L2LEAF6B_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: DC1_LEAF2_Po30 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1.L2LEAF6A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.30/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -156,71 +221,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.30/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1.L2LEAF6B_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: DC1_LEAF2_Po30 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1.L2LEAF6B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF6B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1.L2LEAF6B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF6B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet30 - peer_type: l3leaf - description: DC1-LEAF2A_Ethernet30 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF6 - local_interface: Vlan4091 - peer_address: 10.255.252.31 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6B.yml index def35702693..6b0869b75f3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF6B.yml @@ -1,10 +1,6 @@ -hostname: DC1.L2LEAF6B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,45 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_PEER_DC1.L2LEAF6A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF6A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_PEER_DC1.L2LEAF6A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1.L2LEAF6A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: DC1-LEAF2B_Ethernet31 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet31 + peer_type: l3leaf +hostname: DC1.L2LEAF6B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,12 +56,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin disabled: true @@ -55,41 +71,90 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.123/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF6 + local_interface: Vlan4091 + peer_address: 10.255.252.30 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_PEER_DC1.L2LEAF6A_Po3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: DC1_LEAF2_Po30 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS rackE DC1.L2LEAF6B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG_PEER + shutdown: false + ip_address: 10.255.252.31/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG_PEER trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -156,71 +221,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -vlan_interfaces: -- name: Vlan4091 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.31/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_PEER_DC1.L2LEAF6A_Po3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: DC1_LEAF2_Po30 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-112,120-121,130-131,140-141,160-161,210-211,310-311,410-413,450-452 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1.L2LEAF6A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF6A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1.L2LEAF6A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_PEER_DC1.L2LEAF6A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-LEAF2B - peer_interface: Ethernet31 - peer_type: l3leaf - description: DC1-LEAF2B_Ethernet31 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF6 - local_interface: Vlan4091 - peer_address: 10.255.252.30 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1A.yml index 13ffd40524e..6f7d39d8086 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1A.yml @@ -1,53 +1,278 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet57/1 + description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B_Ethernet57/1 + shutdown: false + speed: 100g + channel_group: + id: 571 + mode: active + peer: DC1_UNDEPLOYED_LEAF1B + peer_interface: Ethernet57/1 + peer_type: mlag_peer +- name: Ethernet58/1 + description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B_Ethernet58/1 + shutdown: false + speed: 100g + channel_group: + id: 571 + mode: active + peer: DC1_UNDEPLOYED_LEAF1B + peer_interface: Ethernet58/1 + peer_type: mlag_peer +- name: Ethernet49/1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet28 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.129/31 + peer: DC1-SPINE1 + peer_interface: Ethernet28 + peer_type: spine + switchport: + enabled: false +- name: Ethernet50/1 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet28 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.131/31 + peer: DC1-SPINE2 + peer_interface: Ethernet28 + peer_type: spine + switchport: + enabled: false +- name: Ethernet51/1 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet28 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.133/31 + peer: DC1-SPINE3 + peer_interface: Ethernet28 + peer_type: spine + switchport: + enabled: false +- name: Ethernet52/1 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet28 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.135/31 + peer: DC1-SPINE4 + peer_interface: Ethernet28 + peer_type: spine + switchport: + enabled: false +hardware: + speed_groups: + - speed_group: '1' + serdes: 25G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 10G + - speed_group: '4' + serdes: 25G + - speed_group: 5/1 + serdes: 10G hostname: DC1_UNDEPLOYED_LEAF1A +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: false +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.21/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.21/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.21/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management42 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.121/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: my_custom_platform +mlag_configuration: + domain_id: DC1_UNDEPLOYED_LEAF1 + local_interface: Vlan4092 + peer_address: 10.255.252.25 + peer_link: Port-Channel571 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management42 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel571 + description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B_Po571 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 + groups: + - MLAG + - LEAF_PEER_L3 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.24/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65110' router_id: 192.168.255.21 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-PEERS type: ipv4 remote_as: '65110' - next_hop_self: true description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B + next_hop_self: true password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS @@ -75,33 +300,136 @@ router_bgp: description: DC1-SPINE4_Ethernet28 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.21:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.21:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.21:9 + route_targets: + both: + - '9:9' + redistribute_routes: + - learned + vlan: 110-112 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.21:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.21:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.21:20161 + route_targets: + both: + - 20161:20161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.21:20160 + route_targets: + both: + - 20160:20160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.21:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.21:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.21:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: 192.168.255.21:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 180 threshold: 5 - enabled: true expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.21:12 @@ -115,15 +443,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_A_DB_Zone rd: 192.168.255.21:13 route_targets: @@ -136,15 +464,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_A_OP_Zone rd: 192.168.255.21:9 route_targets: @@ -157,16 +485,16 @@ router_bgp: route_targets: - '9:9' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WAN_Zone rd: 192.168.255.21:14 route_targets: @@ -181,15 +509,15 @@ router_bgp: - '14:14' - 65000:789 router_id: 192.168.255.21 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_A_WEB_Zone rd: 192.168.255.21:11 route_targets: @@ -202,15 +530,15 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 172.31.11.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_B_OP_Zone rd: 192.168.255.21:20 route_targets: @@ -223,16 +551,16 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.21:21 route_targets: @@ -245,199 +573,64 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.21 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.25 - peer_group: MLAG-PEERS - description: DC1_UNDEPLOYED_LEAF1B updates: wait_install: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.21:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.21 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbors: - ip_address: 10.255.251.25 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true - - name: Tenant_C_WAN_Zone - rd: 192.168.255.21:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.21 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.25 - peer_group: MLAG-PEERS - description: DC1_UNDEPLOYED_LEAF1B - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.21:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.21:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.21:9 - route_targets: - both: - - '9:9' - redistribute_routes: - - learned - vlan: 110-112 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.21:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.21:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.21:20161 - route_targets: - both: - - 20161:20161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.21:20160 - route_targets: - both: - - 20160:20160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.21:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.21:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - name: Tenant_C_OP_Zone rd: 192.168.255.21:30 route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: Tenant_C_WAN_Zone - rd: 192.168.255.21:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 25G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 10G - - speed_group: '4' - serdes: 25G - - speed_group: 5/1 - serdes: 10G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.21 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.25 + peer_group: MLAG-PEERS + description: DC1_UNDEPLOYED_LEAF1B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: 192.168.255.21:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.21 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.25 + peer_group: MLAG-PEERS + description: DC1_UNDEPLOYED_LEAF1B + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1_UNDEPLOYED_LEAF1A spanning_tree: root_super: true mode: mstp @@ -445,594 +638,406 @@ spanning_tree: - id: '0' priority: 4096 no_spanning_tree_vlan: 4090,4092 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management42 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.121/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management42 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1_UNDEPLOYED_LEAF1A -vlans: -- id: 4090 - tenant: system - name: LEAF_PEER_L3 - trunk_groups: - - LEAF_PEER_L3 -- id: 4092 - tenant: system - name: MLAG_PEER - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_iBGP_Tenant_A_APP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_iBGP_Tenant_A_DB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 3008 - name: MLAG_iBGP_Tenant_A_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_iBGP_Tenant_A_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_iBGP_Tenant_A_WEB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_iBGP_Tenant_B_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_iBGP_Tenant_B_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_iBGP_Tenant_C_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_iBGP_Tenant_C_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.21 vlan_interfaces: - name: Vlan4090 description: MLAG_PEER_L3_PEERING shutdown: false - mtu: 1500 ip_address: 10.255.251.24/31 + mtu: 1500 - name: Vlan4092 description: MLAG_PEER shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.24/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 + tenant: Tenant_A + tags: + - app - name: Vlan3011 - tenant: Tenant_A - type: underlay_peering - shutdown: false description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_APP_Zone' + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.24/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_DB_Zone' + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.24/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan112 tenant: Tenant_A tags: - opzone +- name: Vlan112 description: Tenant_A_OP_Zone_3 shutdown: false - mtu: 1560 vrf: Tenant_A_OP_Zone ip_helpers: - ip_helper: 2.2.2.2 source_interface: lo101 vrf: MGMT -- name: Vlan3008 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3008 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_OP_Zone' + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.24/31 -- name: Vlan150 + mtu: 1500 tenant: Tenant_A - tags: - - wan + type: underlay_peering +- name: Vlan150 description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan3013 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - wan +- name: Vlan3013 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WAN_Zone' + shutdown: false vrf: Tenant_A_WAN_Zone - mtu: 1500 ip_address: 10.255.251.24/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false + vrf: Tenant_A_WEB_Zone ip_address_virtual: 10.1.20.1/24 ip_address_virtual_secondaries: - 10.2.20.1/24 - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WEB_Zone' + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ip_address: 172.31.11.24/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_OP_Zone' + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.24/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 tenant: Tenant_B tags: - wan - description: Tenant_B_WAN_Zone_1 +- name: Vlan3020 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan3020 + ip_address: 10.255.251.24/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.24/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.24/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4090 + name: LEAF_PEER_L3 + trunk_groups: + - LEAF_PEER_L3 + tenant: system +- id: 4092 + name: MLAG_PEER + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_iBGP_Tenant_A_APP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_iBGP_Tenant_A_DB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 3008 + name: MLAG_iBGP_Tenant_A_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_iBGP_Tenant_A_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_iBGP_Tenant_A_WEB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_iBGP_Tenant_B_OP_Zone + trunk_groups: + - LEAF_PEER_L3 tenant: Tenant_B - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.24/31 -- name: Vlan310 +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_iBGP_Tenant_B_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 +- id: 311 + name: Tenant_C_OP_Zone_2 tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 +- id: 2 + name: MLAG_iBGP_Tenant_C_OP_Zone + trunk_groups: + - LEAF_PEER_L3 tenant: Tenant_C - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.24/31 -- name: Vlan350 +- id: 350 + name: Tenant_C_WAN_Zone_1 tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 +- id: 3030 + name: MLAG_iBGP_Tenant_C_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.24/31 -port_channel_interfaces: -- name: Port-Channel571 - description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B_Po571 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - - LEAF_PEER_L3 - allowed_vlan: 1-4094 - shutdown: false -ethernet_interfaces: -- name: Ethernet57/1 - peer: DC1_UNDEPLOYED_LEAF1B - peer_interface: Ethernet57/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B_Ethernet57/1 - shutdown: false - channel_group: - id: 571 - mode: active - speed: 100g -- name: Ethernet58/1 - peer: DC1_UNDEPLOYED_LEAF1B - peer_interface: Ethernet58/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1B_Ethernet58/1 - shutdown: false - channel_group: - id: 571 - mode: active - speed: 100g -- name: Ethernet49/1 - peer: DC1-SPINE1 - peer_interface: Ethernet28 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet28 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.129/31 -- name: Ethernet50/1 - peer: DC1-SPINE2 - peer_interface: Ethernet28 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet28 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.131/31 -- name: Ethernet51/1 - peer: DC1-SPINE3 - peer_interface: Ethernet28 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet28 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.133/31 -- name: Ethernet52/1 - peer: DC1-SPINE4 - peer_interface: Ethernet28 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet28 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.135/31 -mlag_configuration: - domain_id: DC1_UNDEPLOYED_LEAF1 - local_interface: Vlan4092 - peer_address: 10.255.252.25 - peer_link: Port-Channel571 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.21/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.21/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.21/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.24/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: DC1_UNDEPLOYED_LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1090,8 +1095,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.21 -metadata: - platform: my_custom_platform diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1B.yml index c6ebe9bcda8..1d5819d6454 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1_UNDEPLOYED_LEAF1B.yml @@ -1,53 +1,278 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet57/1 + description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A_Ethernet57/1 + shutdown: false + speed: 100g + channel_group: + id: 571 + mode: active + peer: DC1_UNDEPLOYED_LEAF1A + peer_interface: Ethernet57/1 + peer_type: mlag_peer +- name: Ethernet58/1 + description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A_Ethernet58/1 + shutdown: false + speed: 100g + channel_group: + id: 571 + mode: active + peer: DC1_UNDEPLOYED_LEAF1A + peer_interface: Ethernet58/1 + peer_type: mlag_peer +- name: Ethernet49/1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet29 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.161/31 + peer: DC1-SPINE1 + peer_interface: Ethernet29 + peer_type: spine + switchport: + enabled: false +- name: Ethernet50/1 + description: P2P_LINK_TO_DC1-SPINE2_Ethernet29 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.163/31 + peer: DC1-SPINE2 + peer_interface: Ethernet29 + peer_type: spine + switchport: + enabled: false +- name: Ethernet51/1 + description: P2P_LINK_TO_DC1-SPINE3_Ethernet29 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.165/31 + peer: DC1-SPINE3 + peer_interface: Ethernet29 + peer_type: spine + switchport: + enabled: false +- name: Ethernet52/1 + description: P2P_LINK_TO_DC1-SPINE4_Ethernet29 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.167/31 + peer: DC1-SPINE4 + peer_interface: Ethernet29 + peer_type: spine + switchport: + enabled: false +hardware: + speed_groups: + - speed_group: '1' + serdes: 25G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 10G + - speed_group: '4' + serdes: 25G + - speed_group: 5/1 + serdes: 10G hostname: DC1_UNDEPLOYED_LEAF1B +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: false +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.22/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.21/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.22/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management42 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.122/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: my_custom_platform +mlag_configuration: + domain_id: DC1_UNDEPLOYED_LEAF1 + local_interface: Vlan4092 + peer_address: 10.255.252.24 + peer_link: Port-Channel571 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management42 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel571 + description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A_Po571 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 + groups: + - MLAG + - LEAF_PEER_L3 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.24/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65111' router_id: 192.168.255.22 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-PEERS type: ipv4 remote_as: '65111' - next_hop_self: true description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A + next_hop_self: true password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS @@ -75,33 +300,136 @@ router_bgp: description: DC1-SPINE4_Ethernet29 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.22:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.22:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.22:9 + route_targets: + both: + - '9:9' + redistribute_routes: + - learned + vlan: 110-112 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.22:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.22:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.22:20161 + route_targets: + both: + - 20161:20161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.22:20160 + route_targets: + both: + - 20160:20160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.22:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.22:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.22:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: 192.168.255.22:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 180 threshold: 5 - enabled: true expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.22:12 @@ -115,15 +443,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_A_DB_Zone rd: 192.168.255.22:13 route_targets: @@ -136,15 +464,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_A_OP_Zone rd: 192.168.255.22:9 route_targets: @@ -157,16 +485,16 @@ router_bgp: route_targets: - '9:9' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WAN_Zone rd: 192.168.255.22:14 route_targets: @@ -181,15 +509,15 @@ router_bgp: - '14:14' - 65000:789 router_id: 192.168.255.22 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_A_WEB_Zone rd: 192.168.255.22:11 route_targets: @@ -202,15 +530,15 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true + updates: + wait_install: true neighbors: - ip_address: 172.31.11.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true + redistribute: + connected: + enabled: true - name: Tenant_B_OP_Zone rd: 192.168.255.22:20 route_targets: @@ -223,16 +551,16 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.22:21 route_targets: @@ -245,199 +573,64 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.22 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.24 - peer_group: MLAG-PEERS - description: DC1_UNDEPLOYED_LEAF1A updates: wait_install: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.22:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.22 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbors: - ip_address: 10.255.251.24 peer_group: MLAG-PEERS description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true - - name: Tenant_C_WAN_Zone - rd: 192.168.255.22:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.22 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.24 - peer_group: MLAG-PEERS - description: DC1_UNDEPLOYED_LEAF1A - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.22:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.22:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.22:9 - route_targets: - both: - - '9:9' - redistribute_routes: - - learned - vlan: 110-112 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.22:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.22:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.22:20161 - route_targets: - both: - - 20161:20161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.22:20160 - route_targets: - both: - - 20160:20160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.22:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.22:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - name: Tenant_C_OP_Zone rd: 192.168.255.22:30 route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: Tenant_C_WAN_Zone - rd: 192.168.255.22:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 25G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 10G - - speed_group: '4' - serdes: 25G - - speed_group: 5/1 - serdes: 10G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.22 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.24 + peer_group: MLAG-PEERS + description: DC1_UNDEPLOYED_LEAF1A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: 192.168.255.22:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.22 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.24 + peer_group: MLAG-PEERS + description: DC1_UNDEPLOYED_LEAF1A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS DC1_UNDEPLOYED_LEAF1B spanning_tree: root_super: true mode: mstp @@ -445,594 +638,406 @@ spanning_tree: - id: '0' priority: 4096 no_spanning_tree_vlan: 4090,4092 -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management42 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.122/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management42 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS DC1_UNDEPLOYED_LEAF1B -vlans: -- id: 4090 - tenant: system - name: LEAF_PEER_L3 - trunk_groups: - - LEAF_PEER_L3 -- id: 4092 - tenant: system - name: MLAG_PEER - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_iBGP_Tenant_A_APP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_iBGP_Tenant_A_DB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 3008 - name: MLAG_iBGP_Tenant_A_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_iBGP_Tenant_A_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_iBGP_Tenant_A_WEB_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_iBGP_Tenant_B_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_iBGP_Tenant_B_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_iBGP_Tenant_C_OP_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_iBGP_Tenant_C_WAN_Zone - trunk_groups: - - LEAF_PEER_L3 - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.22 vlan_interfaces: - name: Vlan4090 description: MLAG_PEER_L3_PEERING shutdown: false - mtu: 1500 ip_address: 10.255.251.25/31 + mtu: 1500 - name: Vlan4092 description: MLAG_PEER shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.25/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 + tenant: Tenant_A + tags: + - app - name: Vlan3011 - tenant: Tenant_A - type: underlay_peering - shutdown: false description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_APP_Zone' + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.25/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_DB_Zone' + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.25/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan112 tenant: Tenant_A tags: - opzone +- name: Vlan112 description: Tenant_A_OP_Zone_3 shutdown: false - mtu: 1560 vrf: Tenant_A_OP_Zone ip_helpers: - ip_helper: 2.2.2.2 source_interface: lo101 vrf: MGMT -- name: Vlan3008 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3008 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_OP_Zone' + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.25/31 -- name: Vlan150 + mtu: 1500 tenant: Tenant_A - tags: - - wan + type: underlay_peering +- name: Vlan150 description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan3013 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - wan +- name: Vlan3013 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WAN_Zone' + shutdown: false vrf: Tenant_A_WAN_Zone - mtu: 1500 ip_address: 10.255.251.25/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false + vrf: Tenant_A_WEB_Zone ip_address_virtual: 10.1.20.1/24 ip_address_virtual_secondaries: - 10.2.20.1/24 - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_A_WEB_Zone' + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ip_address: 172.31.11.25/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_OP_Zone' + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.25/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 tenant: Tenant_B tags: - wan - description: Tenant_B_WAN_Zone_1 +- name: Vlan3020 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan3020 + ip_address: 10.255.251.25/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.25/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.251.25/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4090 + name: LEAF_PEER_L3 + trunk_groups: + - LEAF_PEER_L3 + tenant: system +- id: 4092 + name: MLAG_PEER + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_iBGP_Tenant_A_APP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_iBGP_Tenant_A_DB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 3008 + name: MLAG_iBGP_Tenant_A_OP_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_iBGP_Tenant_A_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_iBGP_Tenant_A_WEB_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_iBGP_Tenant_B_OP_Zone + trunk_groups: + - LEAF_PEER_L3 tenant: Tenant_B - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_B_WAN_Zone' - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.25/31 -- name: Vlan310 +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_iBGP_Tenant_B_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 +- id: 311 + name: Tenant_C_OP_Zone_2 tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 +- id: 2 + name: MLAG_iBGP_Tenant_C_OP_Zone + trunk_groups: + - LEAF_PEER_L3 tenant: Tenant_C - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_OP_Zone' - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.25/31 -- name: Vlan350 +- id: 350 + name: Tenant_C_WAN_Zone_1 tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 +- id: 3030 + name: MLAG_iBGP_Tenant_C_WAN_Zone + trunk_groups: + - LEAF_PEER_L3 + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - type: underlay_peering - shutdown: false - description: 'MLAG_PEER_L3_iBGP: vrf Tenant_C_WAN_Zone' - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.251.25/31 -port_channel_interfaces: -- name: Port-Channel571 - description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A_Po571 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - - LEAF_PEER_L3 - allowed_vlan: 1-4094 - shutdown: false -ethernet_interfaces: -- name: Ethernet57/1 - peer: DC1_UNDEPLOYED_LEAF1A - peer_interface: Ethernet57/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A_Ethernet57/1 - shutdown: false - channel_group: - id: 571 - mode: active - speed: 100g -- name: Ethernet58/1 - peer: DC1_UNDEPLOYED_LEAF1A - peer_interface: Ethernet58/1 - peer_type: mlag_peer - description: MLAG_PEER_DC1_UNDEPLOYED_LEAF1A_Ethernet58/1 - shutdown: false - channel_group: - id: 571 - mode: active - speed: 100g -- name: Ethernet49/1 - peer: DC1-SPINE1 - peer_interface: Ethernet29 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet29 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.161/31 -- name: Ethernet50/1 - peer: DC1-SPINE2 - peer_interface: Ethernet29 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE2_Ethernet29 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.163/31 -- name: Ethernet51/1 - peer: DC1-SPINE3 - peer_interface: Ethernet29 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE3_Ethernet29 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.165/31 -- name: Ethernet52/1 - peer: DC1-SPINE4 - peer_interface: Ethernet29 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE4_Ethernet29 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.167/31 -mlag_configuration: - domain_id: DC1_UNDEPLOYED_LEAF1 - local_interface: Vlan4092 - peer_address: 10.255.252.24 - peer_link: Port-Channel571 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.22/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.21/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.22/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.24/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: DC1_UNDEPLOYED_LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1090,8 +1095,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.22 -metadata: - platform: my_custom_platform diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF1.yml index b24d475bd03..0e615c91fed 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF1.yml @@ -1,42 +1,109 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: DUP-LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.0.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.10.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.0.0/24 eq 32 + - sequence: 20 + action: permit 10.10.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 10.0.0.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: Tenant_A + rd: 10.0.0.1:10100 + route_targets: + both: + - 10100:10100 + redistribute_routes: + - learned + - id: 200 + tenant: Tenant_A + rd: 10.0.0.1:10200 + route_targets: + both: + - 10200:10200 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: TEST rd: 10.0.0.1:10 @@ -53,82 +120,21 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 100 - tenant: Tenant_A - rd: 10.0.0.1:10100 - route_targets: - both: - - 10100:10100 - redistribute_routes: - - learned - - id: 200 - tenant: Tenant_A - rd: 10.0.0.1:10200 - route_targets: - both: - - 10200:10200 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: Duplicate_SVI_100_LEAF1 + shutdown: false + vrf: TEST + tenant: Tenant_A + tags: + - DUP-LEAF1 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: Tenant_A - ip_routing: true - description: TEST -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.0.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.10.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.0.0/24 eq 32 - - sequence: 20 - action: permit 10.10.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: Duplicate_SVI_100_LEAF1 @@ -136,23 +142,19 @@ vlans: - id: 200 name: Duplicate_L2VLAN_200_LEAF1 tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + description: TEST + ip_routing: true tenant: Tenant_A - tags: - - DUP-LEAF1 - description: Duplicate_SVI_100_LEAF1 - shutdown: false - vrf: TEST vxlan_interface: vxlan1: description: DUP-LEAF1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 10100 @@ -161,5 +163,3 @@ vxlan_interface: vrfs: - name: TEST vni: 10 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF2.yml index 25ce4c24f8e..a74ea39794c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DUP-LEAF2.yml @@ -1,42 +1,109 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: DUP-LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.0.2/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.10.0.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.0.0/24 eq 32 + - sequence: 20 + action: permit 10.10.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 10.0.0.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: Tenant_A + rd: 10.0.0.2:10100 + route_targets: + both: + - 10100:10100 + redistribute_routes: + - learned + - id: 200 + tenant: Tenant_A + rd: 10.0.0.2:10200 + route_targets: + both: + - 10200:10200 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: TEST rd: 10.0.0.2:10 @@ -53,82 +120,21 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 100 - tenant: Tenant_A - rd: 10.0.0.2:10100 - route_targets: - both: - - 10100:10100 - redistribute_routes: - - learned - - id: 200 - tenant: Tenant_A - rd: 10.0.0.2:10200 - route_targets: - both: - - 10200:10200 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: Duplicate_SVI_100_LEAF2 + shutdown: false + vrf: TEST + tenant: Tenant_A + tags: + - DUP-LEAF2 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: Tenant_A - ip_routing: true - description: TEST -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.0.2/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.10.0.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.0.0/24 eq 32 - - sequence: 20 - action: permit 10.10.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: Duplicate_SVI_100_LEAF2 @@ -136,23 +142,19 @@ vlans: - id: 200 name: Duplicate_L2VLAN_200_LEAF2 tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + description: TEST + ip_routing: true tenant: Tenant_A - tags: - - DUP-LEAF2 - description: Duplicate_SVI_100_LEAF2 - shutdown: false - vrf: TEST vxlan_interface: vxlan1: description: DUP-LEAF2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 10100 @@ -161,5 +163,3 @@ vxlan_interface: vrfs: - name: TEST vni: 10 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-DISABLED.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-DISABLED.yml index 6163568f284..0cf3c701593 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-DISABLED.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-DISABLED.yml @@ -1,38 +1,143 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-SPINE1_Ethernet6 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.11/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-SPINE1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false hostname: EVPN-MULTICAST-DISABLED +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 230 + querier: + enabled: true + address: 192.168.255.8 +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.8/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.8/32 +- name: Loopback33 + description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + shutdown: false + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.8/32 +- name: Loopback31 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.8/32 +- name: Loopback32 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.8/32 +- name: Loopback42 + description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + shutdown: false + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.8/32 +- name: Loopback41 + description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.8/32 +- name: Loopback55 + description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.8/32 +- name: Loopback60 + description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.8/32 +- name: Loopback52 + description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.8/32 +- name: Loopback51 + description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.8/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65106' router_id: 192.168.255.8 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.10 peer_group: IPv4-UNDERLAY-PEERS @@ -41,275 +146,49 @@ router_bgp: description: EVPN-MULTICAST-SPINE1_Ethernet6 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: EVPN-MULTICAST-SPINE1 description: EVPN-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.8:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.8:11 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 310 + tenant: Tenant_A + rd: 192.168.255.8:10310 route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.8:12 + both: + - 10310:10310 + redistribute_routes: + - learned + - id: 311 + tenant: Tenant_A + rd: 192.168.255.8:10311 route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.8:23 + both: + - 10311:10311 + redistribute_routes: + - learned + - id: 110 + tenant: Tenant_A + rd: 192.168.255.8:10110 route_targets: - import: - - address_family: evpn - route_targets: - - '23:23' - export: - - address_family: evpn - route_targets: - - '23:23' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.8:21 + both: + - 10110:10110 + redistribute_routes: + - learned + - id: 111 + tenant: Tenant_A + rd: 192.168.255.8:10111 route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.8:22 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:22' - export: - - address_family: evpn - route_targets: - - '22:22' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.8:33 - route_targets: - import: - - address_family: evpn - route_targets: - - '33:33' - export: - - address_family: evpn - route_targets: - - '33:33' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.8:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.8:32 - route_targets: - import: - - address_family: evpn - route_targets: - - '32:32' - export: - - address_family: evpn - route_targets: - - '32:32' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.8:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.8:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.8:55 - route_targets: - import: - - address_family: evpn - route_targets: - - '55:55' - export: - - address_family: evpn - route_targets: - - '55:55' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.8:60 - route_targets: - import: - - address_family: evpn - route_targets: - - 60:60 - export: - - address_family: evpn - route_targets: - - 60:60 - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.8:52 - route_targets: - import: - - address_family: evpn - route_targets: - - '52:52' - export: - - address_family: evpn - route_targets: - - '52:52' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.8:51 - route_targets: - import: - - address_family: evpn - route_targets: - - '51:51' - export: - - address_family: evpn - route_targets: - - '51:51' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - vlans: - - id: 310 - tenant: Tenant_A - rd: 192.168.255.8:10310 - route_targets: - both: - - 10310:10310 - redistribute_routes: - - learned - - id: 311 - tenant: Tenant_A - rd: 192.168.255.8:10311 - route_targets: - both: - - 10311:10311 - redistribute_routes: - - learned - - id: 110 - tenant: Tenant_A - rd: 192.168.255.8:10110 - route_targets: - both: - - 10110:10110 - redistribute_routes: - - learned - - id: 111 - tenant: Tenant_A - rd: 192.168.255.8:10111 - route_targets: - both: - - 10111:10111 - redistribute_routes: - - learned - - id: 210 - tenant: Tenant_A - rd: 192.168.255.8:10210 + both: + - 10111:10111 + redistribute_routes: + - learned + - id: 210 + tenant: Tenant_A + rd: 192.168.255.8:10210 route_targets: both: - 10210:10210 @@ -563,529 +442,676 @@ router_bgp: - 10252:10252 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: MULTICAST_DISABLED_310_311 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_DISABLED_310_311 -- name: MULTICAST_ENABLED_110_111 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_110_111 -- name: MULTICAST_ENABLED_210_DISABLED_211 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_210_DISABLED_211 -- name: MULTICAST_DISABLED_5_6 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_DISABLED_5_6 -- name: MULTICAST_ENABLED_1_2 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_1_2 -- name: MULTICAST_ENABLED_3_DISABLED_4 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_3_DISABLED_4 -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_DISABLED_330_331 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_130_131 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_DISABLED_240_241 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_L3_MULTICAST_TRANSIT - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - tenant: Tenant_E - ip_routing: true - description: PEG_L3_MULTICAST_ENABLED in Tenant E -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: EVPN-MULTICAST-SPINE1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_EVPN-MULTICAST-SPINE1_Ethernet6 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.11/31 - pim: - ipv4: - sparse_mode: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.8/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.8/32 -- name: Loopback33 - description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - shutdown: false - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.8/32 -- name: Loopback31 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.8/32 -- name: Loopback32 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.8/32 -- name: Loopback42 - description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - shutdown: false - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.8/32 -- name: Loopback41 - description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - shutdown: false - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.8/32 -- name: Loopback55 - description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - shutdown: false - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.8/32 -- name: Loopback60 - description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - shutdown: false - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.8/32 -- name: Loopback52 - description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT - shutdown: false - vrf: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.8/32 -- name: Loopback51 - description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - shutdown: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.8/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.8:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.8:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.8:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.8:23 + route_targets: + import: + - address_family: evpn + route_targets: + - '23:23' + export: + - address_family: evpn + route_targets: + - '23:23' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.8:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.8:22 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:22' + export: + - address_family: evpn + route_targets: + - '22:22' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.8:33 + route_targets: + import: + - address_family: evpn + route_targets: + - '33:33' + export: + - address_family: evpn + route_targets: + - '33:33' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.8:66 + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.8:32 + route_targets: + import: + - address_family: evpn + route_targets: + - '32:32' + export: + - address_family: evpn + route_targets: + - '32:32' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.8:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + rd: 192.168.255.8:41 + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + rd: 192.168.255.8:55 + route_targets: + import: + - address_family: evpn + route_targets: + - '55:55' + export: + - address_family: evpn + route_targets: + - '55:55' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + rd: 192.168.255.8:60 + route_targets: + import: + - address_family: evpn + route_targets: + - 60:60 + export: + - address_family: evpn + route_targets: + - 60:60 + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.8:52 + route_targets: + import: + - address_family: evpn + route_targets: + - '52:52' + export: + - address_family: evpn + route_targets: + - '52:52' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.8:51 + route_targets: + import: + - address_family: evpn + route_targets: + - '51:51' + export: + - address_family: evpn + route_targets: + - '51:51' + router_id: 192.168.255.8 + redistribute: + connected: + enabled: true +router_multicast: + ipv4: + routing: true +service_routing_protocols_model: multi-agent +standard_access_lists: +- name: RPS_ACL_VRF_Tenant_E_2 sequence_numbers: - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 310 - name: MULTICAST_DISABLED_310 - tenant: Tenant_A -- id: 311 - name: MULTICAST_DISABLED_311 - tenant: Tenant_A -- id: 110 - name: MULTICAST_ENABLED_110 - tenant: Tenant_A -- id: 111 - name: MULTICAST_ENABLED_111 - tenant: Tenant_A -- id: 210 - name: MULTICAST_ENABLED_210 - tenant: Tenant_A -- id: 211 - name: MULTICAST_DISABLED_211 - tenant: Tenant_A -- id: 256 - name: MULTICAST_DISABLED_256 - tenant: Tenant_A -- id: 257 - name: MULTICAST_ENABLED_257 - tenant: Tenant_A -- id: 4092 - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A -- id: 5 - name: MULTICAST_DISABLED_5 - tenant: Tenant_B -- id: 6 - name: MULTICAST_DISABLED_6 - tenant: Tenant_B -- id: 1 - name: MULTICAST_ENABLED_1 - tenant: Tenant_B -- id: 2 - name: MULTICAST_ENABLED_2 - tenant: Tenant_B -- id: 3 - name: MULTICAST_ENABLED_3 - tenant: Tenant_B -- id: 4 - name: MULTICAST_DISABLED_4 - tenant: Tenant_B -- id: 7 - name: MULTICAST_DISABLED_7 - tenant: Tenant_B -- id: 8 - name: MULTICAST_ENABLED_8 - tenant: Tenant_B -- id: 9 - name: MULTICAST_ENABLED_9 - tenant: Tenant_B -- id: 330 - name: L3_MULTICAST_DISABLED_330 - tenant: Tenant_C -- id: 331 - name: L3_MULTICAST_DISABLED_331 - tenant: Tenant_C -- id: 130 - name: L3_MULTICAST_ENABLED_130 - tenant: Tenant_C -- id: 131 - name: L3_MULTICAST_ENABLED_131 - tenant: Tenant_C -- id: 136 - name: L3_L2_MULTICAST_ENABLED_136 - tenant: Tenant_C -- id: 137 - name: L3_L2_MULTICAST_ENABLED_137 - tenant: Tenant_C -- id: 230 - name: L3_MULTICAST_ENABLED_230 - tenant: Tenant_C -- id: 231 - name: L3_MULTICAST_DISABLED_231 - tenant: Tenant_C -- id: 240 - name: L3_MULTICAST_DISABLED_240 - tenant: Tenant_D -- id: 241 - name: L3_MULTICAST_DISABLED_241 - tenant: Tenant_D -- id: 140 - name: L3_MULTICAST_ENABLED_140 - tenant: Tenant_D -- id: 141 - name: L3_MULTICAST_DISABLED_141 - tenant: Tenant_D -- id: 550 - name: L3_MULTICAST_ENABLED_550 - tenant: Tenant_E -- id: 260 - name: L3_MULTICAST_ENABLED_260 - tenant: Tenant_E -- id: 250 - name: L3_MULTICAST_ENABLED_250 - tenant: Tenant_E -- id: 150 - name: L3_MULTICAST_ENABLED_150 - tenant: Tenant_E -- id: 251 - name: MULTICAST_DISABLED_251 - tenant: Tenant_F -- id: 252 - name: MULTICAST_ENABLED_252 - tenant: Tenant_F -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 230 - querier: - enabled: true - address: 192.168.255.8 -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + action: permit 232.0.136.0/21 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.8 +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.8 +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.8 +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.8 +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.8 +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.8 +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.8 +- name: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.8 +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.8 vlan_interfaces: - name: Vlan310 - tenant: Tenant_A - tags: - - test_l3 description: MULTICAST_DISABLED_310 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan311 description: MULTICAST_DISABLED_311 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan110 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan110 description: MULTICAST_ENABLED_110 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan111 description: MULTICAST_ENABLED_111 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan210 + ip_address_virtual: 10.1.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan210 description: MULTICAST_ENABLED_210 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan211 description: MULTICAST_DISABLED_211 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan5 - tenant: Tenant_B + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_A tags: - test_l3 +- name: Vlan5 description: MULTICAST_DISABLED_5 shutdown: false - ip_address_virtual: 10.0.5.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan6 + ip_address_virtual: 10.0.5.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan6 description: MULTICAST_DISABLED_6 shutdown: false - ip_address_virtual: 10.0.6.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan1 + ip_address_virtual: 10.0.6.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan1 description: MULTICAST_ENABLED_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan2 description: MULTICAST_ENABLED_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan3 description: MULTICAST_ENABLED_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan4 description: MULTICAST_DISABLED_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan330 - tenant: Tenant_C + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_B tags: - test_l3 +- name: Vlan330 description: L3_MULTICAST_DISABLED_330 shutdown: false - ip_address_virtual: 10.3.33.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan331 + ip_address_virtual: 10.3.33.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan331 description: L3_MULTICAST_DISABLED_331 shutdown: false - ip_address_virtual: 10.3.34.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan130 + ip_address_virtual: 10.3.34.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan130 description: L3_MULTICAST_ENABLED_130 shutdown: false - ip_address_virtual: 10.1.13.1/24 vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan131 + ip_address_virtual: 10.1.13.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan131 description: L3_MULTICAST_ENABLED_131 shutdown: false vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan136 tenant: Tenant_C + tags: + - test_l3 +- name: Vlan136 description: L3_L2_MULTICAST_ENABLED_136 shutdown: false vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan137 tenant: Tenant_C +- name: Vlan137 description: L3_L2_MULTICAST_ENABLED_137 shutdown: false vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan230 tenant: Tenant_C - tags: - - test_l3 +- name: Vlan230 description: L3_MULTICAST_ENABLED_230 shutdown: false - ip_address_virtual: 10.2.23.1/24 vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan231 + ip_address_virtual: 10.2.23.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan231 description: L3_MULTICAST_DISABLED_231 shutdown: false - ip_address_virtual: 10.2.24.1/24 vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan240 - tenant: Tenant_D + ip_address_virtual: 10.2.24.1/24 + tenant: Tenant_C tags: - test_l3 +- name: Vlan240 description: L3_MULTICAST_DISABLED_240 shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan241 + ip_address_virtual: 10.1.24.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan241 description: L3_MULTICAST_DISABLED_241 shutdown: false - ip_address_virtual: 10.1.25.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan140 + ip_address_virtual: 10.1.25.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan140 description: L3_MULTICAST_ENABLED_140 shutdown: false - ip_address_virtual: 10.1.14.1/24 vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan141 + ip_address_virtual: 10.1.14.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan141 description: L3_MULTICAST_DISABLED_141 shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan550 - tenant: Tenant_E + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_D tags: - test_l3 +- name: Vlan550 description: L3_MULTICAST_ENABLED_550 shutdown: false - ip_address_virtual: 10.1.56.1/24 vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: Vlan260 + ip_address_virtual: 10.1.56.1/24 tenant: Tenant_E tags: - test_l3 +- name: Vlan260 description: L3_MULTICAST_ENABLED_260 shutdown: false - ip_address_virtual: 10.1.26.1/24 vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES -- name: Vlan250 + ip_address_virtual: 10.1.26.1/24 tenant: Tenant_E tags: - test_l3 +- name: Vlan250 description: L3_MULTICAST_ENABLED_250 shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: TEN_E_L3_MULTICAST_TRANSIT -- name: Vlan150 + ip_address_virtual: 10.1.15.1/24 tenant: Tenant_E tags: - test_l3 +- name: Vlan150 description: L3_MULTICAST_ENABLED_150 shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_E + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 310 + name: MULTICAST_DISABLED_310 + tenant: Tenant_A +- id: 311 + name: MULTICAST_DISABLED_311 + tenant: Tenant_A +- id: 110 + name: MULTICAST_ENABLED_110 + tenant: Tenant_A +- id: 111 + name: MULTICAST_ENABLED_111 + tenant: Tenant_A +- id: 210 + name: MULTICAST_ENABLED_210 + tenant: Tenant_A +- id: 211 + name: MULTICAST_DISABLED_211 + tenant: Tenant_A +- id: 256 + name: MULTICAST_DISABLED_256 + tenant: Tenant_A +- id: 257 + name: MULTICAST_ENABLED_257 + tenant: Tenant_A +- id: 4092 + name: MULTICAST_ENABLED_4092 + tenant: Tenant_A +- id: 5 + name: MULTICAST_DISABLED_5 + tenant: Tenant_B +- id: 6 + name: MULTICAST_DISABLED_6 + tenant: Tenant_B +- id: 1 + name: MULTICAST_ENABLED_1 + tenant: Tenant_B +- id: 2 + name: MULTICAST_ENABLED_2 + tenant: Tenant_B +- id: 3 + name: MULTICAST_ENABLED_3 + tenant: Tenant_B +- id: 4 + name: MULTICAST_DISABLED_4 + tenant: Tenant_B +- id: 7 + name: MULTICAST_DISABLED_7 + tenant: Tenant_B +- id: 8 + name: MULTICAST_ENABLED_8 + tenant: Tenant_B +- id: 9 + name: MULTICAST_ENABLED_9 + tenant: Tenant_B +- id: 330 + name: L3_MULTICAST_DISABLED_330 + tenant: Tenant_C +- id: 331 + name: L3_MULTICAST_DISABLED_331 + tenant: Tenant_C +- id: 130 + name: L3_MULTICAST_ENABLED_130 + tenant: Tenant_C +- id: 131 + name: L3_MULTICAST_ENABLED_131 + tenant: Tenant_C +- id: 136 + name: L3_L2_MULTICAST_ENABLED_136 + tenant: Tenant_C +- id: 137 + name: L3_L2_MULTICAST_ENABLED_137 + tenant: Tenant_C +- id: 230 + name: L3_MULTICAST_ENABLED_230 + tenant: Tenant_C +- id: 231 + name: L3_MULTICAST_DISABLED_231 + tenant: Tenant_C +- id: 240 + name: L3_MULTICAST_DISABLED_240 + tenant: Tenant_D +- id: 241 + name: L3_MULTICAST_DISABLED_241 + tenant: Tenant_D +- id: 140 + name: L3_MULTICAST_ENABLED_140 + tenant: Tenant_D +- id: 141 + name: L3_MULTICAST_DISABLED_141 + tenant: Tenant_D +- id: 550 + name: L3_MULTICAST_ENABLED_550 + tenant: Tenant_E +- id: 260 + name: L3_MULTICAST_ENABLED_260 + tenant: Tenant_E +- id: 250 + name: L3_MULTICAST_ENABLED_250 + tenant: Tenant_E +- id: 150 + name: L3_MULTICAST_ENABLED_150 + tenant: Tenant_E +- id: 251 + name: MULTICAST_DISABLED_251 + tenant: Tenant_F +- id: 252 + name: MULTICAST_ENABLED_252 + tenant: Tenant_F +vrfs: +- name: MGMT + ip_routing: false +- name: MULTICAST_DISABLED_310_311 + description: MULTICAST_DISABLED_310_311 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_110_111 + description: MULTICAST_ENABLED_110_111 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_210_DISABLED_211 + description: MULTICAST_ENABLED_210_DISABLED_211 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_DISABLED_5_6 + description: MULTICAST_DISABLED_5_6 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_1_2 + description: MULTICAST_ENABLED_1_2 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_3_DISABLED_4 + description: MULTICAST_ENABLED_3_DISABLED_4 + ip_routing: true + tenant: Tenant_B +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + description: L3_MULTICAST_DISABLED_330_331 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + description: L3_MULTICAST_ENABLED_130_131 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + description: L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_routing: true + tenant: Tenant_C +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + description: L3_MULTICAST_DISABLED_240_241 + ip_routing: true + tenant: Tenant_D +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + description: L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_routing: true + tenant: Tenant_D +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + description: L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_TRANSIT + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + description: PEG_L3_MULTICAST_ENABLED in Tenant E + ip_routing: true + tenant: Tenant_E vxlan_interface: vxlan1: description: EVPN-MULTICAST-DISABLED_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 310 vni: 10310 @@ -1190,29 +1216,3 @@ vxlan_interface: vni: 52 - name: TEN_E_PEG_L3_MULTICAST_ENABLED vni: 51 -virtual_source_nat_vrfs: -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.8 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.8 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.8 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.8 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.8 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.8 -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.8 -- name: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.8 -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.8 -standard_access_lists: -- name: RPS_ACL_VRF_Tenant_E_2 - sequence_numbers: - - sequence: 10 - action: permit 232.0.136.0/21 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L2LEAF1A.yml index 6f59bcf352a..07ce4ed698b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L2LEAF1A.yml @@ -1,64 +1,65 @@ -hostname: EVPN-MULTICAST-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: EVPN-MULTICAST-L3LEAF1A - peer_interface: Ethernet6 - peer_type: l3leaf description: L2_EVPN-MULTICAST-L3LEAF1A_Ethernet6 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: EVPN-MULTICAST-L3LEAF1B + peer: EVPN-MULTICAST-L3LEAF1A peer_interface: Ethernet6 peer_type: l3leaf +- name: Ethernet2 description: L2_EVPN-MULTICAST-L3LEAF1B_Ethernet6 shutdown: false channel_group: id: 1 mode: active + peer: EVPN-MULTICAST-L3LEAF1B + peer_interface: Ethernet6 + peer_type: l3leaf +hostname: EVPN-MULTICAST-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_EVPN_MULTICAST_L3LEAF1_Port-Channel6 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-9,110-111,130-131,136-137,140-141,150,210-211,230-231,240-241,250-252,256-257,260,310-311,330-331,550,4092 - shutdown: false +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 310 name: MULTICAST_DISABLED_310 @@ -168,7 +169,6 @@ vlans: - id: 252 name: MULTICAST_ENABLED_252 tenant: Tenant_F -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1A.yml index 293ca63b06c..2cb80bd1798 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1A.yml @@ -1,1610 +1,1690 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_EVPN-MULTICAST-L3LEAF1B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: EVPN-MULTICAST-L3LEAF1B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_EVPN-MULTICAST-L3LEAF1B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: EVPN-MULTICAST-L3LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-SPINE1_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.1/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-SPINE1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet6 + description: L2_EVPN-MULTICAST-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 6 + mode: active + peer: EVPN-MULTICAST-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet8 + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.1.55.0/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet10 + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.1.60.0/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet9 + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.1.52.0/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet7 + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.1.51.0/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false hostname: EVPN-MULTICAST-L3LEAF1A -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 110 + querier: enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: EVPN-MULTICAST-L3LEAF1B - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: EVPN-MULTICAST-L3LEAF1B - description: EVPN-MULTICAST-L3LEAF1B_Vlan4093 - - ip_address: 172.31.255.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: EVPN-MULTICAST-SPINE1 - description: EVPN-MULTICAST-SPINE1_Ethernet1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: EVPN-MULTICAST-SPINE1 - description: EVPN-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.3:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3012 - updates: - wait_install: true - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.3:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3010 - updates: - wait_install: true - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.3:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3011 - updates: - wait_install: true - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.3:23 - route_targets: - import: - - address_family: evpn - route_targets: - - '23:23' - export: - - address_family: evpn - route_targets: - - '23:23' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3022 - updates: - wait_install: true - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.3:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3020 - updates: - wait_install: true - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.3:22 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:22' - export: - - address_family: evpn - route_targets: - - '22:22' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3021 - updates: - wait_install: true - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.3:33 - route_targets: - import: - - address_family: evpn - route_targets: - - '33:33' - export: - - address_family: evpn - route_targets: - - '33:33' - evpn_multicast: false - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3032 - updates: - wait_install: true - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.3:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - evpn_multicast: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3065 - updates: - wait_install: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.3:32 - route_targets: - import: - - address_family: evpn - route_targets: - - '32:32' - export: - - address_family: evpn - route_targets: - - '32:32' - evpn_multicast: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3031 - updates: - wait_install: true - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.3:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - evpn_multicast: false - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3041 - updates: - wait_install: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.3:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - evpn_multicast: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3040 - updates: - wait_install: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.3:55 - route_targets: - import: - - address_family: evpn - route_targets: - - '55:55' - export: - - address_family: evpn - route_targets: - - '55:55' - evpn_multicast: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3054 - updates: - wait_install: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.3:60 - route_targets: - import: - - address_family: evpn - route_targets: - - 60:60 - export: - - address_family: evpn - route_targets: - - 60:60 - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3059 - updates: - wait_install: true - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.3:52 - route_targets: - import: - - address_family: evpn - route_targets: - - '52:52' - export: - - address_family: evpn - route_targets: - - '52:52' - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3051 - updates: - wait_install: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.3:51 - route_targets: - import: - - address_family: evpn - route_targets: - - '51:51' - export: - - address_family: evpn - route_targets: - - '51:51' - evpn_multicast: true - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1B_Vlan3050 - updates: - wait_install: true - vlan_aware_bundles: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.3:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 310-311 - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.3:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - - igmp - vlan: 110-111 - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.3:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - - igmp - vlan: 210-211 - - name: MULTICAST_DISABLED_256 - tenant: Tenant_A - rd: 192.168.255.3:10256 - route_targets: - both: - - 10256:10256 - redistribute_routes: - - learned - vlan: '256' - - name: MULTICAST_ENABLED_257 - tenant: Tenant_A - rd: 192.168.255.3:10257 - route_targets: - both: - - 10257:10257 - redistribute_routes: - - learned - - igmp - vlan: '257' - - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A - rd: 192.168.255.3:14092 - route_targets: - both: - - 14092:14092 - redistribute_routes: - - learned - - igmp - vlan: '4092' - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.3:23 - route_targets: - both: - - '23:23' - redistribute_routes: - - learned - vlan: 5-6 - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.3:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - - igmp - vlan: 1-2 - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.3:22 - route_targets: - both: - - '22:22' - redistribute_routes: - - learned - - igmp - vlan: 3-4 - - name: MULTICAST_DISABLED_7 - tenant: Tenant_B - rd: 192.168.255.3:10007 - route_targets: - both: - - 10007:10007 - redistribute_routes: - - learned - vlan: '7' - - name: MULTICAST_ENABLED_8 - tenant: Tenant_B - rd: 192.168.255.3:10008 - route_targets: - both: - - 10008:10008 - redistribute_routes: - - learned - - igmp - vlan: '8' - - name: MULTICAST_ENABLED_9 - tenant: Tenant_B - rd: 192.168.255.3:10009 - route_targets: - both: - - 10009:10009 - redistribute_routes: - - learned - - igmp - vlan: '9' - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.3:33 - route_targets: - both: - - '33:33' - redistribute_routes: - - learned - vlan: 330-331 - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.3:66 - route_targets: - both: - - 66:66 - redistribute_routes: - - learned - - igmp - vlan: 130-131,136-137 - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.3:32 - route_targets: - both: - - '32:32' - redistribute_routes: - - learned - vlan: 230-231 - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.3:42 - route_targets: - both: - - '42:42' - redistribute_routes: - - learned - vlan: 240-241 - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.3:41 - route_targets: - both: - - '41:41' - redistribute_routes: - - learned - vlan: 140-141 - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.3:55 - route_targets: - both: - - '55:55' - redistribute_routes: - - learned - vlan: '550' - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.3:60 - route_targets: - both: - - 60:60 - redistribute_routes: - - learned - vlan: '260' - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.3:52 - route_targets: - both: - - '52:52' - redistribute_routes: - - learned - vlan: '250' - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.3:51 - route_targets: - both: - - '51:51' - redistribute_routes: - - learned - vlan: '150' - - name: MULTICAST_DISABLED_251 - tenant: Tenant_F - rd: 192.168.255.3:10251 - route_targets: - both: - - 10251:10251 - redistribute_routes: - - learned - vlan: '251' - - name: MULTICAST_ENABLED_252 - tenant: Tenant_F - rd: 192.168.255.3:10252 - route_targets: - both: - - 10252:10252 - redistribute_routes: - - learned - - igmp - vlan: '252' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true - software_forwarding: sfe - vrfs: - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ipv4: - routing: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ipv4: - routing: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - routing: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: MULTICAST_DISABLED_310_311 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_DISABLED_310_311 -- name: MULTICAST_ENABLED_110_111 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_110_111 -- name: MULTICAST_ENABLED_210_DISABLED_211 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_210_DISABLED_211 -- name: MULTICAST_DISABLED_5_6 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_DISABLED_5_6 -- name: MULTICAST_ENABLED_1_2 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_1_2 -- name: MULTICAST_ENABLED_3_DISABLED_4 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_3_DISABLED_4 -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_DISABLED_330_331 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_130_131 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_DISABLED_240_241 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_L3_MULTICAST_TRANSIT - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - tenant: Tenant_E - ip_routing: true - description: PEG_L3_MULTICAST_ENABLED in Tenant E -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 310 - name: MULTICAST_DISABLED_310 - tenant: Tenant_A -- id: 311 - name: MULTICAST_DISABLED_311 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: MULTICAST_ENABLED_110 - tenant: Tenant_A -- id: 111 - name: MULTICAST_ENABLED_111 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 210 - name: MULTICAST_ENABLED_210 - tenant: Tenant_A -- id: 211 - name: MULTICAST_DISABLED_211 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 256 - name: MULTICAST_DISABLED_256 - tenant: Tenant_A -- id: 257 - name: MULTICAST_ENABLED_257 - tenant: Tenant_A -- id: 4092 - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A -- id: 5 - name: MULTICAST_DISABLED_5 - tenant: Tenant_B -- id: 6 - name: MULTICAST_DISABLED_6 - tenant: Tenant_B -- id: 3022 - name: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 1 - name: MULTICAST_ENABLED_1 - tenant: Tenant_B -- id: 2 - name: MULTICAST_ENABLED_2 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 3 - name: MULTICAST_ENABLED_3 - tenant: Tenant_B -- id: 4 - name: MULTICAST_DISABLED_4 - tenant: Tenant_B -- id: 3021 - name: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 7 - name: MULTICAST_DISABLED_7 - tenant: Tenant_B -- id: 8 - name: MULTICAST_ENABLED_8 - tenant: Tenant_B -- id: 9 - name: MULTICAST_ENABLED_9 - tenant: Tenant_B -- id: 330 - name: L3_MULTICAST_DISABLED_330 - tenant: Tenant_C -- id: 331 - name: L3_MULTICAST_DISABLED_331 - tenant: Tenant_C -- id: 3032 - name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 130 - name: L3_MULTICAST_ENABLED_130 - tenant: Tenant_C -- id: 131 - name: L3_MULTICAST_ENABLED_131 - tenant: Tenant_C -- id: 136 - name: L3_L2_MULTICAST_ENABLED_136 - tenant: Tenant_C -- id: 137 - name: L3_L2_MULTICAST_ENABLED_137 - tenant: Tenant_C -- id: 3065 - name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 230 - name: L3_MULTICAST_ENABLED_230 - tenant: Tenant_C -- id: 231 - name: L3_MULTICAST_DISABLED_231 - tenant: Tenant_C -- id: 3031 - name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 240 - name: L3_MULTICAST_DISABLED_240 - tenant: Tenant_D -- id: 241 - name: L3_MULTICAST_DISABLED_241 - tenant: Tenant_D -- id: 3041 - name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - trunk_groups: - - MLAG - tenant: Tenant_D -- id: 140 - name: L3_MULTICAST_ENABLED_140 - tenant: Tenant_D -- id: 141 - name: L3_MULTICAST_DISABLED_141 - tenant: Tenant_D -- id: 3040 - name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - trunk_groups: - - MLAG - tenant: Tenant_D -- id: 550 - name: L3_MULTICAST_ENABLED_550 - tenant: Tenant_E -- id: 3054 - name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 260 - name: L3_MULTICAST_ENABLED_260 - tenant: Tenant_E -- id: 3059 - name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 250 - name: L3_MULTICAST_ENABLED_250 - tenant: Tenant_E -- id: 3051 - name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 150 - name: L3_MULTICAST_ENABLED_150 - tenant: Tenant_E -- id: 3050 - name: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 251 - name: MULTICAST_DISABLED_251 - tenant: Tenant_F -- id: 252 - name: MULTICAST_ENABLED_252 - tenant: Tenant_F -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.0/31 - pim: - ipv4: - sparse_mode: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.0/31 -- name: Vlan310 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_DISABLED_310 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: MULTICAST_DISABLED_310_311 -- name: Vlan311 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_DISABLED_311 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: MULTICAST_DISABLED_310_311 -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 - vrf: MULTICAST_DISABLED_310_311 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_ENABLED_110 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: MULTICAST_ENABLED_110_111 -- name: Vlan111 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_ENABLED_111 - shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: MULTICAST_ENABLED_110_111 -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 - vrf: MULTICAST_ENABLED_110_111 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan210 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_ENABLED_210 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan211 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_DISABLED_211 - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering + address: 192.168.255.3 + fast_leave: true + - id: 111 + querier: + enabled: true + address: 192.168.255.3 + fast_leave: true + - id: 210 + querier: + enabled: true + address: 192.168.255.3 + fast_leave: true + - id: 257 + querier: + enabled: true + address: 192.168.255.3 + fast_leave: true + - id: 4092 + querier: + enabled: true + address: 192.168.255.3 + fast_leave: true + - id: 1 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + fast_leave: true + - id: 2 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 3 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 8 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 9 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 136 + querier: + enabled: true + address: 192.168.255.3 + - id: 137 + querier: + enabled: true + address: 192.168.255.3 + - id: 230 + querier: + enabled: true + address: 192.168.255.3 + - id: 252 + querier: + enabled: true + address: 192.168.255.3 + fast_leave: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 - vrf: MULTICAST_ENABLED_210_DISABLED_211 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan5 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_DISABLED_5 + ip_address: 192.168.255.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE shutdown: false - ip_address_virtual: 10.0.5.1/24 - vrf: MULTICAST_DISABLED_5_6 -- name: Vlan6 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_DISABLED_6 + ip_address: 192.168.254.3/32 +- name: Loopback33 + description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 shutdown: false - ip_address_virtual: 10.0.6.1/24 - vrf: MULTICAST_DISABLED_5_6 -- name: Vlan3022 - tenant: Tenant_B - type: underlay_peering + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.3/32 +- name: Loopback31 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 shutdown: false - description: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 - vrf: MULTICAST_DISABLED_5_6 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan1 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_ENABLED_1 + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.3/32 +- name: Loopback32 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 shutdown: false - ip_address_virtual: 10.0.1.1/24 - vrf: MULTICAST_ENABLED_1_2 -- name: Vlan2 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_ENABLED_2 + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.3/32 +- name: Loopback42 + description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 shutdown: false - ip_address_virtual: 10.0.2.1/24 - vrf: MULTICAST_ENABLED_1_2 -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.3/32 +- name: Loopback41 + description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 - vrf: MULTICAST_ENABLED_1_2 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan3 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_ENABLED_3 + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.3/32 +- name: Loopback55 + description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE shutdown: false - ip_address_virtual: 10.0.3.1/24 - vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan4 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_DISABLED_4 + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.3/32 +- name: Loopback60 + description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES shutdown: false - ip_address_virtual: 10.0.4.1/24 - vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan3021 - tenant: Tenant_B - type: underlay_peering + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.3/32 +- name: Loopback52 + description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 - vrf: MULTICAST_ENABLED_3_DISABLED_4 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan330 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_DISABLED_330 + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.3/32 +- name: Loopback51 + description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED shutdown: false - ip_address_virtual: 10.3.33.1/24 - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan331 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_DISABLED_331 + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT shutdown: false - ip_address_virtual: 10.3.34.1/24 - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan3032 - tenant: Tenant_C - type: underlay_peering + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: EVPN_MULTICAST_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.1 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_EVPN-MULTICAST-L3LEAF1B_Port-Channel3 shutdown: false - description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan130 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_ENABLED_130 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel6 + description: L2_EVPN-MULTICAST-L2LEAF1A_Port-Channel1 shutdown: false - ip_address_virtual: 10.1.13.1/24 - pim: + mlag: 6 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-9,110-111,130-131,136-137,140-141,150,210-211,230-231,240-241,250-252,256-257,260,310-311,330-331,550,4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.0/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65101' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: EVPN-MULTICAST-L3LEAF1B + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: EVPN-MULTICAST-L3LEAF1B + description: EVPN-MULTICAST-L3LEAF1B_Vlan4093 + - ip_address: 172.31.255.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: EVPN-MULTICAST-SPINE1 + description: EVPN-MULTICAST-SPINE1_Ethernet1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: EVPN-MULTICAST-SPINE1 + description: EVPN-MULTICAST-SPINE1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.3:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 310-311 + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.3:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + - igmp + vlan: 110-111 + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.3:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + - igmp + vlan: 210-211 + - name: MULTICAST_DISABLED_256 + tenant: Tenant_A + rd: 192.168.255.3:10256 + route_targets: + both: + - 10256:10256 + redistribute_routes: + - learned + vlan: '256' + - name: MULTICAST_ENABLED_257 + tenant: Tenant_A + rd: 192.168.255.3:10257 + route_targets: + both: + - 10257:10257 + redistribute_routes: + - learned + - igmp + vlan: '257' + - name: MULTICAST_ENABLED_4092 + tenant: Tenant_A + rd: 192.168.255.3:14092 + route_targets: + both: + - 14092:14092 + redistribute_routes: + - learned + - igmp + vlan: '4092' + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.3:23 + route_targets: + both: + - '23:23' + redistribute_routes: + - learned + vlan: 5-6 + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.3:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + - igmp + vlan: 1-2 + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.3:22 + route_targets: + both: + - '22:22' + redistribute_routes: + - learned + - igmp + vlan: 3-4 + - name: MULTICAST_DISABLED_7 + tenant: Tenant_B + rd: 192.168.255.3:10007 + route_targets: + both: + - 10007:10007 + redistribute_routes: + - learned + vlan: '7' + - name: MULTICAST_ENABLED_8 + tenant: Tenant_B + rd: 192.168.255.3:10008 + route_targets: + both: + - 10008:10008 + redistribute_routes: + - learned + - igmp + vlan: '8' + - name: MULTICAST_ENABLED_9 + tenant: Tenant_B + rd: 192.168.255.3:10009 + route_targets: + both: + - 10009:10009 + redistribute_routes: + - learned + - igmp + vlan: '9' + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.3:33 + route_targets: + both: + - '33:33' + redistribute_routes: + - learned + vlan: 330-331 + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.3:66 + route_targets: + both: + - 66:66 + redistribute_routes: + - learned + - igmp + vlan: 130-131,136-137 + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.3:32 + route_targets: + both: + - '32:32' + redistribute_routes: + - learned + vlan: 230-231 + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.3:42 + route_targets: + both: + - '42:42' + redistribute_routes: + - learned + vlan: 240-241 + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + rd: 192.168.255.3:41 + route_targets: + both: + - '41:41' + redistribute_routes: + - learned + vlan: 140-141 + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + rd: 192.168.255.3:55 + route_targets: + both: + - '55:55' + redistribute_routes: + - learned + vlan: '550' + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + rd: 192.168.255.3:60 + route_targets: + both: + - 60:60 + redistribute_routes: + - learned + vlan: '260' + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.3:52 + route_targets: + both: + - '52:52' + redistribute_routes: + - learned + vlan: '250' + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.3:51 + route_targets: + both: + - '51:51' + redistribute_routes: + - learned + vlan: '150' + - name: MULTICAST_DISABLED_251 + tenant: Tenant_F + rd: 192.168.255.3:10251 + route_targets: + both: + - 10251:10251 + redistribute_routes: + - learned + vlan: '251' + - name: MULTICAST_ENABLED_252 + tenant: Tenant_F + rd: 192.168.255.3:10252 + route_targets: + both: + - 10252:10252 + redistribute_routes: + - learned + - igmp + vlan: '252' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.3:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.3:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.3:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.3:23 + route_targets: + import: + - address_family: evpn + route_targets: + - '23:23' + export: + - address_family: evpn + route_targets: + - '23:23' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3022 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.3:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3020 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.3:22 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:22' + export: + - address_family: evpn + route_targets: + - '22:22' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3021 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.3:33 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '33:33' + export: + - address_family: evpn + route_targets: + - '33:33' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3032 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.3:66 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3065 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.3:32 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '32:32' + export: + - address_family: evpn + route_targets: + - '32:32' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3031 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.3:42 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3041 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + rd: 192.168.255.3:41 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3040 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + rd: 192.168.255.3:55 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '55:55' + export: + - address_family: evpn + route_targets: + - '55:55' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3054 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + rd: 192.168.255.3:60 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - 60:60 + export: + - address_family: evpn + route_targets: + - 60:60 + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3059 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.3:52 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - '52:52' + export: + - address_family: evpn + route_targets: + - '52:52' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3051 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.3:51 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '51:51' + export: + - address_family: evpn + route_targets: + - '51:51' + router_id: 192.168.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1B_Vlan3050 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_multicast: + ipv4: + routing: true + software_forwarding: sfe + vrfs: + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 ipv4: - sparse_mode: true - local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan131 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_ENABLED_131 - shutdown: false - ip_address: 10.1.14.2/24 - ip_virtual_router_addresses: - - 10.1.14.1 - pim: + routing: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 ipv4: - sparse_mode: true - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan136 - tenant: Tenant_C - description: L3_L2_MULTICAST_ENABLED_136 - shutdown: false - pim: + routing: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 ipv4: - sparse_mode: true - local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan137 - tenant: Tenant_C - description: L3_L2_MULTICAST_ENABLED_137 + routing: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + routing: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + routing: true +router_pim_sparse_mode: + vrfs: + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + rp_addresses: + - address: 10.20.20.20 + groups: + - 232.0.0.0/21 + - address: 10.40.40.40 + - address: 10.20.20.30 + access_lists: + - RP_ACL_VRF_OVERRIDE + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + rp_addresses: + - address: 10.30.30.30 + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + rp_addresses: + - address: 10.30.30.30 + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + rp_addresses: + - address: 10.1.50.100 + groups: + - 232.0.112.0/21 + - address: 10.1.51.130 + - address: 10.1.52.130 + - address: 10.1.51.140 + access_lists: + - RPS_ACL_VRF_Tenant_E_1 + - address: 10.1.52.140 + access_lists: + - RPS_ACL_VRF_Tenant_E_1 + - address: 10.1.50.150 + access_lists: + - RPS_ACL_VRF_Tenant_E_2 +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: sflow_vrf + destinations: + - destination: 10.10.10.12 + port: 1234 + run: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +standard_access_lists: +- name: RP_ACL_VRF_OVERRIDE + sequence_numbers: + - sequence: 10 + action: permit 232.1.0.0/21 +- name: RPS_ACL_VRF_Tenant_E_1 + sequence_numbers: + - sequence: 10 + action: permit 232.0.120.0/21 + - sequence: 20 + action: permit 232.0.128.0/21 +- name: RPS_ACL_VRF_Tenant_E_2 + sequence_numbers: + - sequence: 10 + action: permit 232.0.136.0/21 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.3 +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.3 +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.3 +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.3 +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.3 +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.3 +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.3 +- name: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.3 +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.3 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false + ip_address: 10.255.251.0/31 pim: ipv4: sparse_mode: true - local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan3065 - tenant: Tenant_C - type: underlay_peering + mtu: 9214 +- name: Vlan4094 + description: MLAG shutdown: false - description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.252.0/31 mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan230 - tenant: Tenant_C + no_autostate: true +- name: Vlan310 + description: MULTICAST_DISABLED_310 + shutdown: false + vrf: MULTICAST_DISABLED_310_311 + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_ENABLED_230 +- name: Vlan311 + description: MULTICAST_DISABLED_311 shutdown: false - ip_address_virtual: 10.2.23.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback32 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan231 - tenant: Tenant_C + vrf: MULTICAST_DISABLED_310_311 + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_231 +- name: Vlan3012 + description: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 shutdown: false - ip_address_virtual: 10.2.24.1/24 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan3031 - tenant: Tenant_C + vrf: MULTICAST_DISABLED_310_311 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_A type: underlay_peering +- name: Vlan110 + description: MULTICAST_ENABLED_110 shutdown: false - description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan240 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_110_111 + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_240 +- name: Vlan111 + description: MULTICAST_ENABLED_111 shutdown: false - ip_address_virtual: 10.1.24.1/24 - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan241 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_110_111 + ip_address_virtual: 10.1.11.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_241 +- name: Vlan3010 + description: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 shutdown: false - ip_address_virtual: 10.1.25.1/24 - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan3041 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_110_111 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_A type: underlay_peering +- name: Vlan210 + description: MULTICAST_ENABLED_210 shutdown: false - description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan140 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_210_DISABLED_211 + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_ENABLED_140 +- name: Vlan211 + description: MULTICAST_DISABLED_211 shutdown: false - ip_address_virtual: 10.1.14.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback41 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan141 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_210_DISABLED_211 + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_141 +- name: Vlan3011 + description: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 shutdown: false - ip_address_virtual: 10.1.15.1/24 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan3040 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_210_DISABLED_211 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_A type: underlay_peering +- name: Vlan5 + description: MULTICAST_DISABLED_5 shutdown: false - description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan550 - tenant: Tenant_E + vrf: MULTICAST_DISABLED_5_6 + ip_address_virtual: 10.0.5.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_550 - shutdown: false - ip_address_virtual: 10.1.56.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback55 - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: Vlan3054 - tenant: Tenant_E - type: underlay_peering +- name: Vlan6 + description: MULTICAST_DISABLED_6 shutdown: false - description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan260 - tenant: Tenant_E + vrf: MULTICAST_DISABLED_5_6 + ip_address_virtual: 10.0.6.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_260 +- name: Vlan3022 + description: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 shutdown: false - ip_address_virtual: 10.1.26.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback60 - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES -- name: Vlan3059 - tenant: Tenant_E + vrf: MULTICAST_DISABLED_5_6 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_B type: underlay_peering +- name: Vlan1 + description: MULTICAST_ENABLED_1 shutdown: false - description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan250 - tenant: Tenant_E + vrf: MULTICAST_ENABLED_1_2 + ip_address_virtual: 10.0.1.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_250 - shutdown: false - ip_address_virtual: 10.1.15.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback52 - vrf: TEN_E_L3_MULTICAST_TRANSIT -- name: Vlan3051 - tenant: Tenant_E - type: underlay_peering +- name: Vlan2 + description: MULTICAST_ENABLED_2 shutdown: false - description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT - vrf: TEN_E_L3_MULTICAST_TRANSIT - mtu: 9214 - ip_address: 10.255.251.0/31 -- name: Vlan150 - tenant: Tenant_E + vrf: MULTICAST_ENABLED_1_2 + ip_address_virtual: 10.0.2.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_150 +- name: Vlan3020 + description: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 shutdown: false - ip_address_virtual: 10.1.15.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback51 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED -- name: Vlan3050 - tenant: Tenant_E + vrf: MULTICAST_ENABLED_1_2 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_B type: underlay_peering +- name: Vlan3 + description: MULTICAST_ENABLED_3 shutdown: false - description: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - mtu: 9214 - ip_address: 10.255.251.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_EVPN-MULTICAST-L3LEAF1B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG + vrf: MULTICAST_ENABLED_3_DISABLED_4 + ip_address_virtual: 10.0.3.1/24 + tenant: Tenant_B + tags: + - test_l3 +- name: Vlan4 + description: MULTICAST_DISABLED_4 shutdown: false -- name: Port-Channel6 - description: L2_EVPN-MULTICAST-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-9,110-111,130-131,136-137,140-141,150,210-211,230-231,240-241,250-252,256-257,260,310-311,330-331,550,4092 + vrf: MULTICAST_ENABLED_3_DISABLED_4 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_B + tags: + - test_l3 +- name: Vlan3021 + description: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 shutdown: false - mlag: 6 -ethernet_interfaces: -- name: Ethernet3 - peer: EVPN-MULTICAST-L3LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_EVPN-MULTICAST-L3LEAF1B_Ethernet3 + vrf: MULTICAST_ENABLED_3_DISABLED_4 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_B + type: underlay_peering +- name: Vlan330 + description: L3_MULTICAST_DISABLED_330 shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: EVPN-MULTICAST-L3LEAF1B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_EVPN-MULTICAST-L3LEAF1B_Ethernet4 + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address_virtual: 10.3.33.1/24 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan331 + description: L3_MULTICAST_DISABLED_331 shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: EVPN-MULTICAST-SPINE1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_EVPN-MULTICAST-SPINE1_Ethernet1 + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address_virtual: 10.3.34.1/24 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan3032 + description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 shutdown: false + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.251.0/31 mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.1/31 + tenant: Tenant_C + type: underlay_peering +- name: Vlan130 + description: L3_MULTICAST_ENABLED_130 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address_virtual: 10.1.13.1/24 pim: ipv4: sparse_mode: true -- name: Ethernet6 - peer: EVPN-MULTICAST-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_EVPN-MULTICAST-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 6 - mode: active -- name: Ethernet8 - peer_type: l3_interface - ip_address: 10.1.55.0/31 + local_interface: Loopback31 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan131 + description: L3_MULTICAST_ENABLED_131 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.1.14.2/24 + ip_virtual_router_addresses: + - 10.1.14.1 pim: ipv4: sparse_mode: true -- name: Ethernet10 - peer_type: l3_interface - ip_address: 10.1.60.0/31 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan136 + description: L3_L2_MULTICAST_ENABLED_136 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 pim: ipv4: sparse_mode: true -- name: Ethernet9 - peer_type: l3_interface - ip_address: 10.1.52.0/31 + local_interface: Loopback31 + tenant: Tenant_C +- name: Vlan137 + description: L3_L2_MULTICAST_ENABLED_137 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_TRANSIT + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 pim: ipv4: sparse_mode: true -- name: Ethernet7 - peer_type: l3_interface - ip_address: 10.1.51.0/31 + local_interface: Loopback31 + tenant: Tenant_C +- name: Vlan3065 + description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_C + type: underlay_peering +- name: Vlan230 + description: L3_MULTICAST_ENABLED_230 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address_virtual: 10.2.23.1/24 pim: ipv4: sparse_mode: true -mlag_configuration: - domain_id: EVPN_MULTICAST_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.1 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + local_interface: Loopback32 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan231 + description: L3_MULTICAST_DISABLED_231 shutdown: false - ip_address: 192.168.254.3/32 -- name: Loopback33 - description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address_virtual: 10.2.24.1/24 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan3031 + description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 shutdown: false - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.3/32 -- name: Loopback31 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_C + type: underlay_peering +- name: Vlan240 + description: L3_MULTICAST_DISABLED_240 shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.3/32 -- name: Loopback32 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address_virtual: 10.1.24.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan241 + description: L3_MULTICAST_DISABLED_241 shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.3/32 -- name: Loopback42 - description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address_virtual: 10.1.25.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan3041 + description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 shutdown: false vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.3/32 -- name: Loopback41 - description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_D + type: underlay_peering +- name: Vlan140 + description: L3_MULTICAST_ENABLED_140 shutdown: false vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.3/32 -- name: Loopback55 - description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address_virtual: 10.1.14.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback41 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan141 + description: L3_MULTICAST_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan3040 + description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_D + type: underlay_peering +- name: Vlan550 + description: L3_MULTICAST_ENABLED_550 shutdown: false vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.3/32 -- name: Loopback60 - description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address_virtual: 10.1.56.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback55 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3054 + description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +- name: Vlan260 + description: L3_MULTICAST_ENABLED_260 shutdown: false vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.3/32 -- name: Loopback52 - description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT + ip_address_virtual: 10.1.26.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback60 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3059 + description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +- name: Vlan250 + description: L3_MULTICAST_ENABLED_250 shutdown: false vrf: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.3/32 -- name: Loopback51 - description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address_virtual: 10.1.15.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback52 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3051 + description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +- name: Vlan150 + description: L3_MULTICAST_ENABLED_150 shutdown: false vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.0/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 110 - querier: - enabled: true - address: 192.168.255.3 - fast_leave: true - - id: 111 - querier: - enabled: true - address: 192.168.255.3 - fast_leave: true - - id: 210 - querier: - enabled: true - address: 192.168.255.3 - fast_leave: true - - id: 257 - querier: - enabled: true - address: 192.168.255.3 - fast_leave: true - - id: 4092 - querier: - enabled: true - address: 192.168.255.3 - fast_leave: true - - id: 1 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - fast_leave: true - - id: 2 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 3 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 8 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 9 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 136 - querier: - enabled: true - address: 192.168.255.3 - - id: 137 - querier: - enabled: true - address: 192.168.255.3 - - id: 230 - querier: - enabled: true - address: 192.168.255.3 - - id: 252 - querier: - enabled: true - address: 192.168.255.3 - fast_leave: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + ip_address_virtual: 10.1.15.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback51 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3050 + description: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.251.0/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 310 + name: MULTICAST_DISABLED_310 + tenant: Tenant_A +- id: 311 + name: MULTICAST_DISABLED_311 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: MULTICAST_ENABLED_110 + tenant: Tenant_A +- id: 111 + name: MULTICAST_ENABLED_111 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 210 + name: MULTICAST_ENABLED_210 + tenant: Tenant_A +- id: 211 + name: MULTICAST_DISABLED_211 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 256 + name: MULTICAST_DISABLED_256 + tenant: Tenant_A +- id: 257 + name: MULTICAST_ENABLED_257 + tenant: Tenant_A +- id: 4092 + name: MULTICAST_ENABLED_4092 + tenant: Tenant_A +- id: 5 + name: MULTICAST_DISABLED_5 + tenant: Tenant_B +- id: 6 + name: MULTICAST_DISABLED_6 + tenant: Tenant_B +- id: 3022 + name: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 1 + name: MULTICAST_ENABLED_1 + tenant: Tenant_B +- id: 2 + name: MULTICAST_ENABLED_2 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 3 + name: MULTICAST_ENABLED_3 + tenant: Tenant_B +- id: 4 + name: MULTICAST_DISABLED_4 + tenant: Tenant_B +- id: 3021 + name: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 7 + name: MULTICAST_DISABLED_7 + tenant: Tenant_B +- id: 8 + name: MULTICAST_ENABLED_8 + tenant: Tenant_B +- id: 9 + name: MULTICAST_ENABLED_9 + tenant: Tenant_B +- id: 330 + name: L3_MULTICAST_DISABLED_330 + tenant: Tenant_C +- id: 331 + name: L3_MULTICAST_DISABLED_331 + tenant: Tenant_C +- id: 3032 + name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 130 + name: L3_MULTICAST_ENABLED_130 + tenant: Tenant_C +- id: 131 + name: L3_MULTICAST_ENABLED_131 + tenant: Tenant_C +- id: 136 + name: L3_L2_MULTICAST_ENABLED_136 + tenant: Tenant_C +- id: 137 + name: L3_L2_MULTICAST_ENABLED_137 + tenant: Tenant_C +- id: 3065 + name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 230 + name: L3_MULTICAST_ENABLED_230 + tenant: Tenant_C +- id: 231 + name: L3_MULTICAST_DISABLED_231 + tenant: Tenant_C +- id: 3031 + name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 240 + name: L3_MULTICAST_DISABLED_240 + tenant: Tenant_D +- id: 241 + name: L3_MULTICAST_DISABLED_241 + tenant: Tenant_D +- id: 3041 + name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + trunk_groups: + - MLAG + tenant: Tenant_D +- id: 140 + name: L3_MULTICAST_ENABLED_140 + tenant: Tenant_D +- id: 141 + name: L3_MULTICAST_DISABLED_141 + tenant: Tenant_D +- id: 3040 + name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + trunk_groups: + - MLAG + tenant: Tenant_D +- id: 550 + name: L3_MULTICAST_ENABLED_550 + tenant: Tenant_E +- id: 3054 + name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 260 + name: L3_MULTICAST_ENABLED_260 + tenant: Tenant_E +- id: 3059 + name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 250 + name: L3_MULTICAST_ENABLED_250 + tenant: Tenant_E +- id: 3051 + name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 150 + name: L3_MULTICAST_ENABLED_150 + tenant: Tenant_E +- id: 3050 + name: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 251 + name: MULTICAST_DISABLED_251 + tenant: Tenant_F +- id: 252 + name: MULTICAST_ENABLED_252 + tenant: Tenant_F +vrfs: +- name: MGMT + ip_routing: false +- name: MULTICAST_DISABLED_310_311 + description: MULTICAST_DISABLED_310_311 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_110_111 + description: MULTICAST_ENABLED_110_111 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_210_DISABLED_211 + description: MULTICAST_ENABLED_210_DISABLED_211 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_DISABLED_5_6 + description: MULTICAST_DISABLED_5_6 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_1_2 + description: MULTICAST_ENABLED_1_2 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_3_DISABLED_4 + description: MULTICAST_ENABLED_3_DISABLED_4 + ip_routing: true + tenant: Tenant_B +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + description: L3_MULTICAST_DISABLED_330_331 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + description: L3_MULTICAST_ENABLED_130_131 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + description: L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_routing: true + tenant: Tenant_C +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + description: L3_MULTICAST_DISABLED_240_241 + ip_routing: true + tenant: Tenant_D +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + description: L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_routing: true + tenant: Tenant_D +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + description: L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_TRANSIT + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + description: PEG_L3_MULTICAST_ENABLED in Tenant E + ip_routing: true + tenant: Tenant_E vxlan_interface: vxlan1: description: EVPN-MULTICAST-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback0 mlag_source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 310 @@ -1730,83 +1810,3 @@ vxlan_interface: - name: TEN_E_PEG_L3_MULTICAST_ENABLED vni: 51 multicast_group: 232.0.96.50 -virtual_source_nat_vrfs: -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.3 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.3 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.3 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.3 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.3 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.3 -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.3 -- name: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.3 -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.3 -router_pim_sparse_mode: - vrfs: - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - rp_addresses: - - address: 10.20.20.20 - groups: - - 232.0.0.0/21 - - address: 10.40.40.40 - - address: 10.20.20.30 - access_lists: - - RP_ACL_VRF_OVERRIDE - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - rp_addresses: - - address: 10.30.30.30 - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - rp_addresses: - - address: 10.30.30.30 - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - rp_addresses: - - address: 10.1.50.100 - groups: - - 232.0.112.0/21 - - address: 10.1.51.130 - - address: 10.1.52.130 - - address: 10.1.51.140 - access_lists: - - RPS_ACL_VRF_Tenant_E_1 - - address: 10.1.52.140 - access_lists: - - RPS_ACL_VRF_Tenant_E_1 - - address: 10.1.50.150 - access_lists: - - RPS_ACL_VRF_Tenant_E_2 -standard_access_lists: -- name: RP_ACL_VRF_OVERRIDE - sequence_numbers: - - sequence: 10 - action: permit 232.1.0.0/21 -- name: RPS_ACL_VRF_Tenant_E_1 - sequence_numbers: - - sequence: 10 - action: permit 232.0.120.0/21 - - sequence: 20 - action: permit 232.0.128.0/21 -- name: RPS_ACL_VRF_Tenant_E_2 - sequence_numbers: - - sequence: 10 - action: permit 232.0.136.0/21 -sflow: - run: true - vrfs: - - name: sflow_vrf - destinations: - - destination: 10.10.10.12 - port: 1234 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1B.yml index 93fc68e2b3f..0f15c84f3ee 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF1B.yml @@ -1,1610 +1,1690 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_EVPN-MULTICAST-L3LEAF1A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: EVPN-MULTICAST-L3LEAF1A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_EVPN-MULTICAST-L3LEAF1A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: EVPN-MULTICAST-L3LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-SPINE1_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.3/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-SPINE1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet6 + description: L2_EVPN-MULTICAST-L2LEAF1A_Ethernet2 + shutdown: false + channel_group: + id: 6 + mode: active + peer: EVPN-MULTICAST-L2LEAF1A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet8 + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.1.55.2/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet10 + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.1.60.2/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet9 + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.1.52.2/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet7 + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.1.51.2/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false hostname: EVPN-MULTICAST-L3LEAF1B -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 110 + querier: enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: EVPN-MULTICAST-L3LEAF1A - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: EVPN-MULTICAST-L3LEAF1A - description: EVPN-MULTICAST-L3LEAF1A_Vlan4093 - - ip_address: 172.31.255.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: EVPN-MULTICAST-SPINE1 - description: EVPN-MULTICAST-SPINE1_Ethernet2 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: EVPN-MULTICAST-SPINE1 - description: EVPN-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.4:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3012 - updates: - wait_install: true - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.4:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3010 - updates: - wait_install: true - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.4:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3011 - updates: - wait_install: true - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.4:23 - route_targets: - import: - - address_family: evpn - route_targets: - - '23:23' - export: - - address_family: evpn - route_targets: - - '23:23' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3022 - updates: - wait_install: true - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.4:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3020 - updates: - wait_install: true - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.4:22 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:22' - export: - - address_family: evpn - route_targets: - - '22:22' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3021 - updates: - wait_install: true - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.4:33 - route_targets: - import: - - address_family: evpn - route_targets: - - '33:33' - export: - - address_family: evpn - route_targets: - - '33:33' - evpn_multicast: false - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3032 - updates: - wait_install: true - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.4:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - evpn_multicast: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3065 - updates: - wait_install: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.4:32 - route_targets: - import: - - address_family: evpn - route_targets: - - '32:32' - export: - - address_family: evpn - route_targets: - - '32:32' - evpn_multicast: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3031 - updates: - wait_install: true - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.4:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - evpn_multicast: false - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3041 - updates: - wait_install: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.4:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - evpn_multicast: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3040 - updates: - wait_install: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.4:55 - route_targets: - import: - - address_family: evpn - route_targets: - - '55:55' - export: - - address_family: evpn - route_targets: - - '55:55' - evpn_multicast: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3054 - updates: - wait_install: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.4:60 - route_targets: - import: - - address_family: evpn - route_targets: - - 60:60 - export: - - address_family: evpn - route_targets: - - 60:60 - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3059 - updates: - wait_install: true - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.4:52 - route_targets: - import: - - address_family: evpn - route_targets: - - '52:52' - export: - - address_family: evpn - route_targets: - - '52:52' - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3051 - updates: - wait_install: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.4:51 - route_targets: - import: - - address_family: evpn - route_targets: - - '51:51' - export: - - address_family: evpn - route_targets: - - '51:51' - evpn_multicast: true - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: EVPN-MULTICAST-L3LEAF1A_Vlan3050 - updates: - wait_install: true - vlan_aware_bundles: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.4:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 310-311 - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.4:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - - igmp - vlan: 110-111 - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.4:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - - igmp - vlan: 210-211 - - name: MULTICAST_DISABLED_256 - tenant: Tenant_A - rd: 192.168.255.4:10256 - route_targets: - both: - - 10256:10256 - redistribute_routes: - - learned - vlan: '256' - - name: MULTICAST_ENABLED_257 - tenant: Tenant_A - rd: 192.168.255.4:10257 - route_targets: - both: - - 10257:10257 - redistribute_routes: - - learned - - igmp - vlan: '257' - - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A - rd: 192.168.255.4:14092 - route_targets: - both: - - 14092:14092 - redistribute_routes: - - learned - - igmp - vlan: '4092' - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.4:23 - route_targets: - both: - - '23:23' - redistribute_routes: - - learned - vlan: 5-6 - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.4:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - - igmp - vlan: 1-2 - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.4:22 - route_targets: - both: - - '22:22' - redistribute_routes: - - learned - - igmp - vlan: 3-4 - - name: MULTICAST_DISABLED_7 - tenant: Tenant_B - rd: 192.168.255.4:10007 - route_targets: - both: - - 10007:10007 - redistribute_routes: - - learned - vlan: '7' - - name: MULTICAST_ENABLED_8 - tenant: Tenant_B - rd: 192.168.255.4:10008 - route_targets: - both: - - 10008:10008 - redistribute_routes: - - learned - - igmp - vlan: '8' - - name: MULTICAST_ENABLED_9 - tenant: Tenant_B - rd: 192.168.255.4:10009 - route_targets: - both: - - 10009:10009 - redistribute_routes: - - learned - - igmp - vlan: '9' - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.4:33 - route_targets: - both: - - '33:33' - redistribute_routes: - - learned - vlan: 330-331 - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.4:66 - route_targets: - both: - - 66:66 - redistribute_routes: - - learned - - igmp - vlan: 130-131,136-137 - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.4:32 - route_targets: - both: - - '32:32' - redistribute_routes: - - learned - vlan: 230-231 - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.4:42 - route_targets: - both: - - '42:42' - redistribute_routes: - - learned - vlan: 240-241 - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.4:41 - route_targets: - both: - - '41:41' - redistribute_routes: - - learned - vlan: 140-141 - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.4:55 - route_targets: - both: - - '55:55' - redistribute_routes: - - learned - vlan: '550' - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.4:60 - route_targets: - both: - - 60:60 - redistribute_routes: - - learned - vlan: '260' - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.4:52 - route_targets: - both: - - '52:52' - redistribute_routes: - - learned - vlan: '250' - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.4:51 - route_targets: - both: - - '51:51' - redistribute_routes: - - learned - vlan: '150' - - name: MULTICAST_DISABLED_251 - tenant: Tenant_F - rd: 192.168.255.4:10251 - route_targets: - both: - - 10251:10251 - redistribute_routes: - - learned - vlan: '251' - - name: MULTICAST_ENABLED_252 - tenant: Tenant_F - rd: 192.168.255.4:10252 - route_targets: - both: - - 10252:10252 - redistribute_routes: - - learned - - igmp - vlan: '252' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true - software_forwarding: sfe - vrfs: - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ipv4: - routing: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ipv4: - routing: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - routing: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: MULTICAST_DISABLED_310_311 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_DISABLED_310_311 -- name: MULTICAST_ENABLED_110_111 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_110_111 -- name: MULTICAST_ENABLED_210_DISABLED_211 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_210_DISABLED_211 -- name: MULTICAST_DISABLED_5_6 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_DISABLED_5_6 -- name: MULTICAST_ENABLED_1_2 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_1_2 -- name: MULTICAST_ENABLED_3_DISABLED_4 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_3_DISABLED_4 -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_DISABLED_330_331 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_130_131 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_DISABLED_240_241 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_L3_MULTICAST_TRANSIT - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - tenant: Tenant_E - ip_routing: true - description: PEG_L3_MULTICAST_ENABLED in Tenant E -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 310 - name: MULTICAST_DISABLED_310 - tenant: Tenant_A -- id: 311 - name: MULTICAST_DISABLED_311 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: MULTICAST_ENABLED_110 - tenant: Tenant_A -- id: 111 - name: MULTICAST_ENABLED_111 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 210 - name: MULTICAST_ENABLED_210 - tenant: Tenant_A -- id: 211 - name: MULTICAST_DISABLED_211 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 256 - name: MULTICAST_DISABLED_256 - tenant: Tenant_A -- id: 257 - name: MULTICAST_ENABLED_257 - tenant: Tenant_A -- id: 4092 - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A -- id: 5 - name: MULTICAST_DISABLED_5 - tenant: Tenant_B -- id: 6 - name: MULTICAST_DISABLED_6 - tenant: Tenant_B -- id: 3022 - name: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 1 - name: MULTICAST_ENABLED_1 - tenant: Tenant_B -- id: 2 - name: MULTICAST_ENABLED_2 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 3 - name: MULTICAST_ENABLED_3 - tenant: Tenant_B -- id: 4 - name: MULTICAST_DISABLED_4 - tenant: Tenant_B -- id: 3021 - name: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 7 - name: MULTICAST_DISABLED_7 - tenant: Tenant_B -- id: 8 - name: MULTICAST_ENABLED_8 - tenant: Tenant_B -- id: 9 - name: MULTICAST_ENABLED_9 - tenant: Tenant_B -- id: 330 - name: L3_MULTICAST_DISABLED_330 - tenant: Tenant_C -- id: 331 - name: L3_MULTICAST_DISABLED_331 - tenant: Tenant_C -- id: 3032 - name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 130 - name: L3_MULTICAST_ENABLED_130 - tenant: Tenant_C -- id: 131 - name: L3_MULTICAST_ENABLED_131 - tenant: Tenant_C -- id: 136 - name: L3_L2_MULTICAST_ENABLED_136 - tenant: Tenant_C -- id: 137 - name: L3_L2_MULTICAST_ENABLED_137 - tenant: Tenant_C -- id: 3065 - name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 230 - name: L3_MULTICAST_ENABLED_230 - tenant: Tenant_C -- id: 231 - name: L3_MULTICAST_DISABLED_231 - tenant: Tenant_C -- id: 3031 - name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 240 - name: L3_MULTICAST_DISABLED_240 - tenant: Tenant_D -- id: 241 - name: L3_MULTICAST_DISABLED_241 - tenant: Tenant_D -- id: 3041 - name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - trunk_groups: - - MLAG - tenant: Tenant_D -- id: 140 - name: L3_MULTICAST_ENABLED_140 - tenant: Tenant_D -- id: 141 - name: L3_MULTICAST_DISABLED_141 - tenant: Tenant_D -- id: 3040 - name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - trunk_groups: - - MLAG - tenant: Tenant_D -- id: 550 - name: L3_MULTICAST_ENABLED_550 - tenant: Tenant_E -- id: 3054 - name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 260 - name: L3_MULTICAST_ENABLED_260 - tenant: Tenant_E -- id: 3059 - name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 250 - name: L3_MULTICAST_ENABLED_250 - tenant: Tenant_E -- id: 3051 - name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 150 - name: L3_MULTICAST_ENABLED_150 - tenant: Tenant_E -- id: 3050 - name: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - trunk_groups: - - MLAG - tenant: Tenant_E -- id: 251 - name: MULTICAST_DISABLED_251 - tenant: Tenant_F -- id: 252 - name: MULTICAST_ENABLED_252 - tenant: Tenant_F -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.1/31 - pim: - ipv4: - sparse_mode: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.1/31 -- name: Vlan310 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_DISABLED_310 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: MULTICAST_DISABLED_310_311 -- name: Vlan311 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_DISABLED_311 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: MULTICAST_DISABLED_310_311 -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 - vrf: MULTICAST_DISABLED_310_311 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_ENABLED_110 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: MULTICAST_ENABLED_110_111 -- name: Vlan111 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_ENABLED_111 - shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: MULTICAST_ENABLED_110_111 -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 - vrf: MULTICAST_ENABLED_110_111 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan210 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_ENABLED_210 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan211 - tenant: Tenant_A - tags: - - test_l3 - description: MULTICAST_DISABLED_211 - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering + address: 192.168.255.4 + fast_leave: true + - id: 111 + querier: + enabled: true + address: 192.168.255.4 + fast_leave: true + - id: 210 + querier: + enabled: true + address: 192.168.255.4 + fast_leave: true + - id: 257 + querier: + enabled: true + address: 192.168.255.4 + fast_leave: true + - id: 4092 + querier: + enabled: true + address: 192.168.255.4 + fast_leave: true + - id: 1 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + fast_leave: true + - id: 2 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 3 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 8 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 9 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 136 + querier: + enabled: true + address: 192.168.255.4 + - id: 137 + querier: + enabled: true + address: 192.168.255.4 + - id: 230 + querier: + enabled: true + address: 192.168.255.4 + - id: 252 + querier: + enabled: true + address: 192.168.255.4 + fast_leave: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 - vrf: MULTICAST_ENABLED_210_DISABLED_211 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan5 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_DISABLED_5 + ip_address: 192.168.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE shutdown: false - ip_address_virtual: 10.0.5.1/24 - vrf: MULTICAST_DISABLED_5_6 -- name: Vlan6 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_DISABLED_6 + ip_address: 192.168.254.3/32 +- name: Loopback33 + description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 shutdown: false - ip_address_virtual: 10.0.6.1/24 - vrf: MULTICAST_DISABLED_5_6 -- name: Vlan3022 - tenant: Tenant_B - type: underlay_peering + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.4/32 +- name: Loopback31 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 shutdown: false - description: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 - vrf: MULTICAST_DISABLED_5_6 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan1 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_ENABLED_1 + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.4/32 +- name: Loopback32 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 shutdown: false - ip_address_virtual: 10.0.1.1/24 - vrf: MULTICAST_ENABLED_1_2 -- name: Vlan2 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_ENABLED_2 + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.4/32 +- name: Loopback42 + description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 shutdown: false - ip_address_virtual: 10.0.2.1/24 - vrf: MULTICAST_ENABLED_1_2 -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.4/32 +- name: Loopback41 + description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 - vrf: MULTICAST_ENABLED_1_2 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan3 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_ENABLED_3 + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.4/32 +- name: Loopback55 + description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE shutdown: false - ip_address_virtual: 10.0.3.1/24 - vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan4 - tenant: Tenant_B - tags: - - test_l3 - description: MULTICAST_DISABLED_4 + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.4/32 +- name: Loopback60 + description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES shutdown: false - ip_address_virtual: 10.0.4.1/24 - vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan3021 - tenant: Tenant_B - type: underlay_peering + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.4/32 +- name: Loopback52 + description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT shutdown: false - description: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 - vrf: MULTICAST_ENABLED_3_DISABLED_4 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan330 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_DISABLED_330 + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.4/32 +- name: Loopback51 + description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED shutdown: false - ip_address_virtual: 10.3.33.1/24 - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan331 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_DISABLED_331 + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT shutdown: false - ip_address_virtual: 10.3.34.1/24 - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan3032 - tenant: Tenant_C - type: underlay_peering + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: EVPN_MULTICAST_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.0 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_EVPN-MULTICAST-L3LEAF1A_Port-Channel3 shutdown: false - description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan130 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_ENABLED_130 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel6 + description: L2_EVPN-MULTICAST-L2LEAF1A_Port-Channel1 shutdown: false - ip_address_virtual: 10.1.13.1/24 - pim: + mlag: 6 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-9,110-111,130-131,136-137,140-141,150,210-211,230-231,240-241,250-252,256-257,260,310-311,330-331,550,4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.0/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65101' + router_id: 192.168.255.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: EVPN-MULTICAST-L3LEAF1A + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: EVPN-MULTICAST-L3LEAF1A + description: EVPN-MULTICAST-L3LEAF1A_Vlan4093 + - ip_address: 172.31.255.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: EVPN-MULTICAST-SPINE1 + description: EVPN-MULTICAST-SPINE1_Ethernet2 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: EVPN-MULTICAST-SPINE1 + description: EVPN-MULTICAST-SPINE1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.4:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 310-311 + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.4:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + - igmp + vlan: 110-111 + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.4:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + - igmp + vlan: 210-211 + - name: MULTICAST_DISABLED_256 + tenant: Tenant_A + rd: 192.168.255.4:10256 + route_targets: + both: + - 10256:10256 + redistribute_routes: + - learned + vlan: '256' + - name: MULTICAST_ENABLED_257 + tenant: Tenant_A + rd: 192.168.255.4:10257 + route_targets: + both: + - 10257:10257 + redistribute_routes: + - learned + - igmp + vlan: '257' + - name: MULTICAST_ENABLED_4092 + tenant: Tenant_A + rd: 192.168.255.4:14092 + route_targets: + both: + - 14092:14092 + redistribute_routes: + - learned + - igmp + vlan: '4092' + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.4:23 + route_targets: + both: + - '23:23' + redistribute_routes: + - learned + vlan: 5-6 + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.4:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + - igmp + vlan: 1-2 + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.4:22 + route_targets: + both: + - '22:22' + redistribute_routes: + - learned + - igmp + vlan: 3-4 + - name: MULTICAST_DISABLED_7 + tenant: Tenant_B + rd: 192.168.255.4:10007 + route_targets: + both: + - 10007:10007 + redistribute_routes: + - learned + vlan: '7' + - name: MULTICAST_ENABLED_8 + tenant: Tenant_B + rd: 192.168.255.4:10008 + route_targets: + both: + - 10008:10008 + redistribute_routes: + - learned + - igmp + vlan: '8' + - name: MULTICAST_ENABLED_9 + tenant: Tenant_B + rd: 192.168.255.4:10009 + route_targets: + both: + - 10009:10009 + redistribute_routes: + - learned + - igmp + vlan: '9' + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.4:33 + route_targets: + both: + - '33:33' + redistribute_routes: + - learned + vlan: 330-331 + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.4:66 + route_targets: + both: + - 66:66 + redistribute_routes: + - learned + - igmp + vlan: 130-131,136-137 + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.4:32 + route_targets: + both: + - '32:32' + redistribute_routes: + - learned + vlan: 230-231 + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.4:42 + route_targets: + both: + - '42:42' + redistribute_routes: + - learned + vlan: 240-241 + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + rd: 192.168.255.4:41 + route_targets: + both: + - '41:41' + redistribute_routes: + - learned + vlan: 140-141 + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + rd: 192.168.255.4:55 + route_targets: + both: + - '55:55' + redistribute_routes: + - learned + vlan: '550' + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + rd: 192.168.255.4:60 + route_targets: + both: + - 60:60 + redistribute_routes: + - learned + vlan: '260' + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.4:52 + route_targets: + both: + - '52:52' + redistribute_routes: + - learned + vlan: '250' + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.4:51 + route_targets: + both: + - '51:51' + redistribute_routes: + - learned + vlan: '150' + - name: MULTICAST_DISABLED_251 + tenant: Tenant_F + rd: 192.168.255.4:10251 + route_targets: + both: + - 10251:10251 + redistribute_routes: + - learned + vlan: '251' + - name: MULTICAST_ENABLED_252 + tenant: Tenant_F + rd: 192.168.255.4:10252 + route_targets: + both: + - 10252:10252 + redistribute_routes: + - learned + - igmp + vlan: '252' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.4:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.4:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.4:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.4:23 + route_targets: + import: + - address_family: evpn + route_targets: + - '23:23' + export: + - address_family: evpn + route_targets: + - '23:23' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3022 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.4:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3020 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.4:22 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:22' + export: + - address_family: evpn + route_targets: + - '22:22' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3021 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.4:33 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '33:33' + export: + - address_family: evpn + route_targets: + - '33:33' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3032 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.4:66 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3065 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.4:32 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '32:32' + export: + - address_family: evpn + route_targets: + - '32:32' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3031 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.4:42 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3041 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + rd: 192.168.255.4:41 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3040 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + rd: 192.168.255.4:55 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '55:55' + export: + - address_family: evpn + route_targets: + - '55:55' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3054 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + rd: 192.168.255.4:60 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - 60:60 + export: + - address_family: evpn + route_targets: + - 60:60 + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3059 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.4:52 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - '52:52' + export: + - address_family: evpn + route_targets: + - '52:52' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3051 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.4:51 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '51:51' + export: + - address_family: evpn + route_targets: + - '51:51' + router_id: 192.168.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: EVPN-MULTICAST-L3LEAF1A_Vlan3050 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_multicast: + ipv4: + routing: true + software_forwarding: sfe + vrfs: + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 ipv4: - sparse_mode: true - local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan131 - tenant: Tenant_C - tags: - - test_l3 - description: L3_MULTICAST_ENABLED_131 - shutdown: false - ip_address: 10.1.14.3/24 - ip_virtual_router_addresses: - - 10.1.14.1 - pim: + routing: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 ipv4: - sparse_mode: true - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan136 - tenant: Tenant_C - description: L3_L2_MULTICAST_ENABLED_136 - shutdown: false - pim: + routing: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 ipv4: - sparse_mode: true - local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan137 - tenant: Tenant_C - description: L3_L2_MULTICAST_ENABLED_137 + routing: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + routing: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + routing: true +router_pim_sparse_mode: + vrfs: + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + rp_addresses: + - address: 10.20.20.20 + groups: + - 232.0.0.0/21 + - address: 10.40.40.40 + - address: 10.20.20.30 + access_lists: + - RP_ACL_VRF_OVERRIDE + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + rp_addresses: + - address: 10.30.30.30 + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + rp_addresses: + - address: 10.30.30.30 + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + rp_addresses: + - address: 10.1.50.100 + groups: + - 232.0.112.0/21 + - address: 10.1.51.130 + - address: 10.1.52.130 + - address: 10.1.51.140 + access_lists: + - RPS_ACL_VRF_Tenant_E_1 + - address: 10.1.52.140 + access_lists: + - RPS_ACL_VRF_Tenant_E_1 + - address: 10.1.50.150 + access_lists: + - RPS_ACL_VRF_Tenant_E_2 +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: sflow_vrf + destinations: + - destination: 10.10.10.12 + port: 1234 + run: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +standard_access_lists: +- name: RP_ACL_VRF_OVERRIDE + sequence_numbers: + - sequence: 10 + action: permit 232.1.0.0/21 +- name: RPS_ACL_VRF_Tenant_E_1 + sequence_numbers: + - sequence: 10 + action: permit 232.0.120.0/21 + - sequence: 20 + action: permit 232.0.128.0/21 +- name: RPS_ACL_VRF_Tenant_E_2 + sequence_numbers: + - sequence: 10 + action: permit 232.0.136.0/21 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.4 +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.4 +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.4 +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.4 +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.4 +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.4 +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.4 +- name: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.4 +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.4 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false + ip_address: 10.255.251.1/31 pim: ipv4: sparse_mode: true - local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan3065 - tenant: Tenant_C - type: underlay_peering + mtu: 9214 +- name: Vlan4094 + description: MLAG shutdown: false - description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.252.1/31 mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan230 - tenant: Tenant_C + no_autostate: true +- name: Vlan310 + description: MULTICAST_DISABLED_310 + shutdown: false + vrf: MULTICAST_DISABLED_310_311 + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_ENABLED_230 +- name: Vlan311 + description: MULTICAST_DISABLED_311 shutdown: false - ip_address_virtual: 10.2.23.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback32 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan231 - tenant: Tenant_C + vrf: MULTICAST_DISABLED_310_311 + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_231 +- name: Vlan3012 + description: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 shutdown: false - ip_address_virtual: 10.2.24.1/24 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan3031 - tenant: Tenant_C + vrf: MULTICAST_DISABLED_310_311 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_A type: underlay_peering +- name: Vlan110 + description: MULTICAST_ENABLED_110 shutdown: false - description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan240 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_110_111 + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_240 +- name: Vlan111 + description: MULTICAST_ENABLED_111 shutdown: false - ip_address_virtual: 10.1.24.1/24 - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan241 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_110_111 + ip_address_virtual: 10.1.11.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_241 +- name: Vlan3010 + description: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 shutdown: false - ip_address_virtual: 10.1.25.1/24 - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan3041 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_110_111 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_A type: underlay_peering +- name: Vlan210 + description: MULTICAST_ENABLED_210 shutdown: false - description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan140 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_210_DISABLED_211 + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_ENABLED_140 +- name: Vlan211 + description: MULTICAST_DISABLED_211 shutdown: false - ip_address_virtual: 10.1.14.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback41 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan141 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_210_DISABLED_211 + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_A tags: - test_l3 - description: L3_MULTICAST_DISABLED_141 +- name: Vlan3011 + description: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 shutdown: false - ip_address_virtual: 10.1.15.1/24 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan3040 - tenant: Tenant_D + vrf: MULTICAST_ENABLED_210_DISABLED_211 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_A type: underlay_peering +- name: Vlan5 + description: MULTICAST_DISABLED_5 shutdown: false - description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan550 - tenant: Tenant_E + vrf: MULTICAST_DISABLED_5_6 + ip_address_virtual: 10.0.5.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_550 - shutdown: false - ip_address_virtual: 10.1.56.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback55 - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: Vlan3054 - tenant: Tenant_E - type: underlay_peering +- name: Vlan6 + description: MULTICAST_DISABLED_6 shutdown: false - description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan260 - tenant: Tenant_E + vrf: MULTICAST_DISABLED_5_6 + ip_address_virtual: 10.0.6.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_260 +- name: Vlan3022 + description: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 shutdown: false - ip_address_virtual: 10.1.26.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback60 - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES -- name: Vlan3059 - tenant: Tenant_E + vrf: MULTICAST_DISABLED_5_6 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_B type: underlay_peering +- name: Vlan1 + description: MULTICAST_ENABLED_1 shutdown: false - description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan250 - tenant: Tenant_E + vrf: MULTICAST_ENABLED_1_2 + ip_address_virtual: 10.0.1.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_250 - shutdown: false - ip_address_virtual: 10.1.15.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback52 - vrf: TEN_E_L3_MULTICAST_TRANSIT -- name: Vlan3051 - tenant: Tenant_E - type: underlay_peering +- name: Vlan2 + description: MULTICAST_ENABLED_2 shutdown: false - description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT - vrf: TEN_E_L3_MULTICAST_TRANSIT - mtu: 9214 - ip_address: 10.255.251.1/31 -- name: Vlan150 - tenant: Tenant_E + vrf: MULTICAST_ENABLED_1_2 + ip_address_virtual: 10.0.2.1/24 + tenant: Tenant_B tags: - test_l3 - description: L3_MULTICAST_ENABLED_150 +- name: Vlan3020 + description: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 shutdown: false - ip_address_virtual: 10.1.15.1/24 - pim: - ipv4: - sparse_mode: true - local_interface: Loopback51 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED -- name: Vlan3050 - tenant: Tenant_E + vrf: MULTICAST_ENABLED_1_2 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_B type: underlay_peering +- name: Vlan3 + description: MULTICAST_ENABLED_3 shutdown: false - description: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - mtu: 9214 - ip_address: 10.255.251.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_EVPN-MULTICAST-L3LEAF1A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG + vrf: MULTICAST_ENABLED_3_DISABLED_4 + ip_address_virtual: 10.0.3.1/24 + tenant: Tenant_B + tags: + - test_l3 +- name: Vlan4 + description: MULTICAST_DISABLED_4 shutdown: false -- name: Port-Channel6 - description: L2_EVPN-MULTICAST-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-9,110-111,130-131,136-137,140-141,150,210-211,230-231,240-241,250-252,256-257,260,310-311,330-331,550,4092 + vrf: MULTICAST_ENABLED_3_DISABLED_4 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_B + tags: + - test_l3 +- name: Vlan3021 + description: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 shutdown: false - mlag: 6 -ethernet_interfaces: -- name: Ethernet3 - peer: EVPN-MULTICAST-L3LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_EVPN-MULTICAST-L3LEAF1A_Ethernet3 + vrf: MULTICAST_ENABLED_3_DISABLED_4 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_B + type: underlay_peering +- name: Vlan330 + description: L3_MULTICAST_DISABLED_330 shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: EVPN-MULTICAST-L3LEAF1A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_EVPN-MULTICAST-L3LEAF1A_Ethernet4 + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address_virtual: 10.3.33.1/24 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan331 + description: L3_MULTICAST_DISABLED_331 shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: EVPN-MULTICAST-SPINE1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_EVPN-MULTICAST-SPINE1_Ethernet2 + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address_virtual: 10.3.34.1/24 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan3032 + description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 shutdown: false + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.251.1/31 mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.3/31 + tenant: Tenant_C + type: underlay_peering +- name: Vlan130 + description: L3_MULTICAST_ENABLED_130 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address_virtual: 10.1.13.1/24 pim: ipv4: sparse_mode: true -- name: Ethernet6 - peer: EVPN-MULTICAST-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_EVPN-MULTICAST-L2LEAF1A_Ethernet2 - shutdown: false - channel_group: - id: 6 - mode: active -- name: Ethernet8 - peer_type: l3_interface - ip_address: 10.1.55.2/31 + local_interface: Loopback31 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan131 + description: L3_MULTICAST_ENABLED_131 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.1.14.3/24 + ip_virtual_router_addresses: + - 10.1.14.1 pim: ipv4: sparse_mode: true -- name: Ethernet10 - peer_type: l3_interface - ip_address: 10.1.60.2/31 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan136 + description: L3_L2_MULTICAST_ENABLED_136 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 pim: ipv4: sparse_mode: true -- name: Ethernet9 - peer_type: l3_interface - ip_address: 10.1.52.2/31 + local_interface: Loopback31 + tenant: Tenant_C +- name: Vlan137 + description: L3_L2_MULTICAST_ENABLED_137 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_TRANSIT + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 pim: ipv4: sparse_mode: true -- name: Ethernet7 - peer_type: l3_interface - ip_address: 10.1.51.2/31 + local_interface: Loopback31 + tenant: Tenant_C +- name: Vlan3065 + description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_C + type: underlay_peering +- name: Vlan230 + description: L3_MULTICAST_ENABLED_230 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address_virtual: 10.2.23.1/24 pim: ipv4: sparse_mode: true -mlag_configuration: - domain_id: EVPN_MULTICAST_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.0 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + local_interface: Loopback32 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan231 + description: L3_MULTICAST_DISABLED_231 shutdown: false - ip_address: 192.168.254.3/32 -- name: Loopback33 - description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address_virtual: 10.2.24.1/24 + tenant: Tenant_C + tags: + - test_l3 +- name: Vlan3031 + description: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 shutdown: false - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.4/32 -- name: Loopback31 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_C + type: underlay_peering +- name: Vlan240 + description: L3_MULTICAST_DISABLED_240 shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.4/32 -- name: Loopback32 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address_virtual: 10.1.24.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan241 + description: L3_MULTICAST_DISABLED_241 shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.4/32 -- name: Loopback42 - description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address_virtual: 10.1.25.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan3041 + description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 shutdown: false vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.4/32 -- name: Loopback41 - description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_D + type: underlay_peering +- name: Vlan140 + description: L3_MULTICAST_ENABLED_140 shutdown: false vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.4/32 -- name: Loopback55 - description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address_virtual: 10.1.14.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback41 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan141 + description: L3_MULTICAST_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan3040 + description: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_D + type: underlay_peering +- name: Vlan550 + description: L3_MULTICAST_ENABLED_550 shutdown: false vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.4/32 -- name: Loopback60 - description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address_virtual: 10.1.56.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback55 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3054 + description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +- name: Vlan260 + description: L3_MULTICAST_ENABLED_260 shutdown: false vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.4/32 -- name: Loopback52 - description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT + ip_address_virtual: 10.1.26.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback60 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3059 + description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +- name: Vlan250 + description: L3_MULTICAST_ENABLED_250 shutdown: false vrf: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.4/32 -- name: Loopback51 - description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address_virtual: 10.1.15.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback52 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3051 + description: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +- name: Vlan150 + description: L3_MULTICAST_ENABLED_150 shutdown: false vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.0/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 110 - querier: - enabled: true - address: 192.168.255.4 - fast_leave: true - - id: 111 - querier: - enabled: true - address: 192.168.255.4 - fast_leave: true - - id: 210 - querier: - enabled: true - address: 192.168.255.4 - fast_leave: true - - id: 257 - querier: - enabled: true - address: 192.168.255.4 - fast_leave: true - - id: 4092 - querier: - enabled: true - address: 192.168.255.4 - fast_leave: true - - id: 1 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - fast_leave: true - - id: 2 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 3 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 8 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 9 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 136 - querier: - enabled: true - address: 192.168.255.4 - - id: 137 - querier: - enabled: true - address: 192.168.255.4 - - id: 230 - querier: - enabled: true - address: 192.168.255.4 - - id: 252 - querier: - enabled: true - address: 192.168.255.4 - fast_leave: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + ip_address_virtual: 10.1.15.1/24 + pim: + ipv4: + sparse_mode: true + local_interface: Loopback51 + tenant: Tenant_E + tags: + - test_l3 +- name: Vlan3050 + description: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.251.1/31 + mtu: 9214 + tenant: Tenant_E + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 310 + name: MULTICAST_DISABLED_310 + tenant: Tenant_A +- id: 311 + name: MULTICAST_DISABLED_311 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_MULTICAST_DISABLED_310_311 + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: MULTICAST_ENABLED_110 + tenant: Tenant_A +- id: 111 + name: MULTICAST_ENABLED_111 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_MULTICAST_ENABLED_110_111 + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 210 + name: MULTICAST_ENABLED_210 + tenant: Tenant_A +- id: 211 + name: MULTICAST_DISABLED_211 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_MULTICAST_ENABLED_210_DISABLED_211 + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 256 + name: MULTICAST_DISABLED_256 + tenant: Tenant_A +- id: 257 + name: MULTICAST_ENABLED_257 + tenant: Tenant_A +- id: 4092 + name: MULTICAST_ENABLED_4092 + tenant: Tenant_A +- id: 5 + name: MULTICAST_DISABLED_5 + tenant: Tenant_B +- id: 6 + name: MULTICAST_DISABLED_6 + tenant: Tenant_B +- id: 3022 + name: MLAG_L3_VRF_MULTICAST_DISABLED_5_6 + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 1 + name: MULTICAST_ENABLED_1 + tenant: Tenant_B +- id: 2 + name: MULTICAST_ENABLED_2 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_MULTICAST_ENABLED_1_2 + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 3 + name: MULTICAST_ENABLED_3 + tenant: Tenant_B +- id: 4 + name: MULTICAST_DISABLED_4 + tenant: Tenant_B +- id: 3021 + name: MLAG_L3_VRF_MULTICAST_ENABLED_3_DISABLED_4 + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 7 + name: MULTICAST_DISABLED_7 + tenant: Tenant_B +- id: 8 + name: MULTICAST_ENABLED_8 + tenant: Tenant_B +- id: 9 + name: MULTICAST_ENABLED_9 + tenant: Tenant_B +- id: 330 + name: L3_MULTICAST_DISABLED_330 + tenant: Tenant_C +- id: 331 + name: L3_MULTICAST_DISABLED_331 + tenant: Tenant_C +- id: 3032 + name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 130 + name: L3_MULTICAST_ENABLED_130 + tenant: Tenant_C +- id: 131 + name: L3_MULTICAST_ENABLED_131 + tenant: Tenant_C +- id: 136 + name: L3_L2_MULTICAST_ENABLED_136 + tenant: Tenant_C +- id: 137 + name: L3_L2_MULTICAST_ENABLED_137 + tenant: Tenant_C +- id: 3065 + name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 230 + name: L3_MULTICAST_ENABLED_230 + tenant: Tenant_C +- id: 231 + name: L3_MULTICAST_DISABLED_231 + tenant: Tenant_C +- id: 3031 + name: MLAG_L3_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 240 + name: L3_MULTICAST_DISABLED_240 + tenant: Tenant_D +- id: 241 + name: L3_MULTICAST_DISABLED_241 + tenant: Tenant_D +- id: 3041 + name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + trunk_groups: + - MLAG + tenant: Tenant_D +- id: 140 + name: L3_MULTICAST_ENABLED_140 + tenant: Tenant_D +- id: 141 + name: L3_MULTICAST_DISABLED_141 + tenant: Tenant_D +- id: 3040 + name: MLAG_L3_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + trunk_groups: + - MLAG + tenant: Tenant_D +- id: 550 + name: L3_MULTICAST_ENABLED_550 + tenant: Tenant_E +- id: 3054 + name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 260 + name: L3_MULTICAST_ENABLED_260 + tenant: Tenant_E +- id: 3059 + name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 250 + name: L3_MULTICAST_ENABLED_250 + tenant: Tenant_E +- id: 3051 + name: MLAG_L3_VRF_TEN_E_L3_MULTICAST_TRANSIT + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 150 + name: L3_MULTICAST_ENABLED_150 + tenant: Tenant_E +- id: 3050 + name: MLAG_L3_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + trunk_groups: + - MLAG + tenant: Tenant_E +- id: 251 + name: MULTICAST_DISABLED_251 + tenant: Tenant_F +- id: 252 + name: MULTICAST_ENABLED_252 + tenant: Tenant_F +vrfs: +- name: MGMT + ip_routing: false +- name: MULTICAST_DISABLED_310_311 + description: MULTICAST_DISABLED_310_311 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_110_111 + description: MULTICAST_ENABLED_110_111 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_210_DISABLED_211 + description: MULTICAST_ENABLED_210_DISABLED_211 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_DISABLED_5_6 + description: MULTICAST_DISABLED_5_6 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_1_2 + description: MULTICAST_ENABLED_1_2 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_3_DISABLED_4 + description: MULTICAST_ENABLED_3_DISABLED_4 + ip_routing: true + tenant: Tenant_B +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + description: L3_MULTICAST_DISABLED_330_331 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + description: L3_MULTICAST_ENABLED_130_131 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + description: L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_routing: true + tenant: Tenant_C +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + description: L3_MULTICAST_DISABLED_240_241 + ip_routing: true + tenant: Tenant_D +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + description: L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_routing: true + tenant: Tenant_D +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + description: L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_TRANSIT + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + description: PEG_L3_MULTICAST_ENABLED in Tenant E + ip_routing: true + tenant: Tenant_E vxlan_interface: vxlan1: description: EVPN-MULTICAST-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback0 mlag_source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 310 @@ -1730,83 +1810,3 @@ vxlan_interface: - name: TEN_E_PEG_L3_MULTICAST_ENABLED vni: 51 multicast_group: 232.0.96.50 -virtual_source_nat_vrfs: -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.4 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.4 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.4 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.4 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.4 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.4 -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.4 -- name: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.4 -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.4 -router_pim_sparse_mode: - vrfs: - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - rp_addresses: - - address: 10.20.20.20 - groups: - - 232.0.0.0/21 - - address: 10.40.40.40 - - address: 10.20.20.30 - access_lists: - - RP_ACL_VRF_OVERRIDE - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - rp_addresses: - - address: 10.30.30.30 - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - rp_addresses: - - address: 10.30.30.30 - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - rp_addresses: - - address: 10.1.50.100 - groups: - - 232.0.112.0/21 - - address: 10.1.51.130 - - address: 10.1.52.130 - - address: 10.1.51.140 - access_lists: - - RPS_ACL_VRF_Tenant_E_1 - - address: 10.1.52.140 - access_lists: - - RPS_ACL_VRF_Tenant_E_1 - - address: 10.1.50.150 - access_lists: - - RPS_ACL_VRF_Tenant_E_2 -standard_access_lists: -- name: RP_ACL_VRF_OVERRIDE - sequence_numbers: - - sequence: 10 - action: permit 232.1.0.0/21 -- name: RPS_ACL_VRF_Tenant_E_1 - sequence_numbers: - - sequence: 10 - action: permit 232.0.120.0/21 - - sequence: 20 - action: permit 232.0.128.0/21 -- name: RPS_ACL_VRF_Tenant_E_2 - sequence_numbers: - - sequence: 10 - action: permit 232.0.136.0/21 -sflow: - run: true - vrfs: - - name: sflow_vrf - destinations: - - destination: 10.10.10.12 - port: 1234 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF2A.yml index 7b88830b10d..44b7f12eb95 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF2A.yml @@ -1,38 +1,210 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-SPINE1_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.5/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false hostname: EVPN-MULTICAST-L3LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 110 + querier: + enabled: true + address: 192.168.255.5 + fast_leave: true + - id: 111 + querier: + enabled: true + address: 192.168.255.5 + fast_leave: true + - id: 210 + querier: + enabled: true + address: 192.168.255.5 + fast_leave: true + - id: 257 + querier: + enabled: true + address: 192.168.255.5 + fast_leave: true + - id: 4092 + querier: + enabled: true + address: 192.168.255.5 + fast_leave: true + - id: 1 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + fast_leave: true + - id: 2 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 3 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 8 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 9 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 136 + querier: + enabled: true + address: 192.168.255.5 + - id: 137 + querier: + enabled: true + address: 192.168.255.5 + - id: 230 + querier: + enabled: true + address: 192.168.255.5 + - id: 252 + querier: + enabled: true + address: 192.168.255.5 + fast_leave: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.5/32 +- name: Loopback33 + description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + shutdown: false + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.5/32 +- name: Loopback31 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.5/32 +- name: Loopback32 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.5/32 +- name: Loopback42 + description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + shutdown: false + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.5/32 +- name: Loopback41 + description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.5/32 +- name: Loopback55 + description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.5/32 +- name: Loopback60 + description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.5/32 +- name: Loopback52 + description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.5/32 +- name: Loopback51 + description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: 7050X3 +platform: + trident: + forwarding_table_partition: flexible exact-match 16384 l2-shared 98304 l3-shared 131072 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.4 peer_group: IPv4-UNDERLAY-PEERS @@ -41,260 +213,25 @@ router_bgp: description: EVPN-MULTICAST-SPINE1_Ethernet3 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: EVPN-MULTICAST-SPINE1 description: EVPN-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.5:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.5:11 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 310 + tenant: Tenant_A + rd: 192.168.255.5:10310 route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.5:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.5:23 - route_targets: - import: - - address_family: evpn - route_targets: - - '23:23' - export: - - address_family: evpn - route_targets: - - '23:23' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.5:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.5:22 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:22' - export: - - address_family: evpn - route_targets: - - '22:22' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.5:33 - route_targets: - import: - - address_family: evpn - route_targets: - - '33:33' - export: - - address_family: evpn - route_targets: - - '33:33' - evpn_multicast: false - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.5:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.5:32 - route_targets: - import: - - address_family: evpn - route_targets: - - '32:32' - export: - - address_family: evpn - route_targets: - - '32:32' - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.5:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - evpn_multicast: false - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.5:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.5:55 - route_targets: - import: - - address_family: evpn - route_targets: - - '55:55' - export: - - address_family: evpn - route_targets: - - '55:55' - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.5:60 - route_targets: - import: - - address_family: evpn - route_targets: - - 60:60 - export: - - address_family: evpn - route_targets: - - 60:60 - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.5:52 - route_targets: - import: - - address_family: evpn - route_targets: - - '52:52' - export: - - address_family: evpn - route_targets: - - '52:52' - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.5:51 - route_targets: - import: - - address_family: evpn - route_targets: - - '51:51' - export: - - address_family: evpn - route_targets: - - '51:51' - evpn_multicast: true - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - vlans: - - id: 310 - tenant: Tenant_A - rd: 192.168.255.5:10310 - route_targets: - both: - - 10310:10310 - redistribute_routes: - - learned - - id: 311 - tenant: Tenant_A - rd: 192.168.255.5:10311 + both: + - 10310:10310 + redistribute_routes: + - learned + - id: 311 + tenant: Tenant_A + rd: 192.168.255.5:10311 route_targets: both: - 10311:10311 @@ -584,659 +521,766 @@ router_bgp: redistribute_routes: - learned - igmp -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true - software_forwarding: sfe + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ipv4: - routing: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ipv4: - routing: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - routing: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: MULTICAST_DISABLED_310_311 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_DISABLED_310_311 -- name: MULTICAST_ENABLED_110_111 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_110_111 -- name: MULTICAST_ENABLED_210_DISABLED_211 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_210_DISABLED_211 -- name: MULTICAST_DISABLED_5_6 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_DISABLED_5_6 -- name: MULTICAST_ENABLED_1_2 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_1_2 -- name: MULTICAST_ENABLED_3_DISABLED_4 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_3_DISABLED_4 -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_DISABLED_330_331 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_130_131 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_DISABLED_240_241 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_L3_MULTICAST_TRANSIT - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - tenant: Tenant_E - ip_routing: true - description: PEG_L3_MULTICAST_ENABLED in Tenant E -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.1 - type: oob -platform: - trident: - forwarding_table_partition: flexible exact-match 16384 l2-shared 98304 l3-shared 131072 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: EVPN-MULTICAST-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_EVPN-MULTICAST-SPINE1_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.5/31 - pim: - ipv4: - sparse_mode: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.5/32 -- name: Loopback33 - description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - shutdown: false - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.5/32 -- name: Loopback31 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.5/32 -- name: Loopback32 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.5/32 -- name: Loopback42 - description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - shutdown: false - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.5/32 -- name: Loopback41 - description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - shutdown: false - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.5/32 -- name: Loopback55 - description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - shutdown: false - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.5/32 -- name: Loopback60 - description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - shutdown: false - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.5/32 -- name: Loopback52 - description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT - shutdown: false - vrf: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.5/32 -- name: Loopback51 - description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - shutdown: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 310 - name: MULTICAST_DISABLED_310 - tenant: Tenant_A -- id: 311 - name: MULTICAST_DISABLED_311 - tenant: Tenant_A -- id: 110 - name: MULTICAST_ENABLED_110 - tenant: Tenant_A -- id: 111 - name: MULTICAST_ENABLED_111 - tenant: Tenant_A -- id: 210 - name: MULTICAST_ENABLED_210 - tenant: Tenant_A -- id: 211 - name: MULTICAST_DISABLED_211 - tenant: Tenant_A -- id: 256 - name: MULTICAST_DISABLED_256 - tenant: Tenant_A -- id: 257 - name: MULTICAST_ENABLED_257 - tenant: Tenant_A -- id: 4092 - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A -- id: 5 - name: MULTICAST_DISABLED_5 - tenant: Tenant_B -- id: 6 - name: MULTICAST_DISABLED_6 - tenant: Tenant_B -- id: 1 - name: MULTICAST_ENABLED_1 - tenant: Tenant_B -- id: 2 - name: MULTICAST_ENABLED_2 - tenant: Tenant_B -- id: 3 - name: MULTICAST_ENABLED_3 - tenant: Tenant_B -- id: 4 - name: MULTICAST_DISABLED_4 - tenant: Tenant_B -- id: 7 - name: MULTICAST_DISABLED_7 - tenant: Tenant_B -- id: 8 - name: MULTICAST_ENABLED_8 - tenant: Tenant_B -- id: 9 - name: MULTICAST_ENABLED_9 - tenant: Tenant_B -- id: 330 - name: L3_MULTICAST_DISABLED_330 - tenant: Tenant_C -- id: 331 - name: L3_MULTICAST_DISABLED_331 - tenant: Tenant_C -- id: 130 - name: L3_MULTICAST_ENABLED_130 - tenant: Tenant_C -- id: 131 - name: L3_MULTICAST_ENABLED_131 - tenant: Tenant_C -- id: 136 - name: L3_L2_MULTICAST_ENABLED_136 - tenant: Tenant_C -- id: 137 - name: L3_L2_MULTICAST_ENABLED_137 - tenant: Tenant_C -- id: 230 - name: L3_MULTICAST_ENABLED_230 - tenant: Tenant_C -- id: 231 - name: L3_MULTICAST_DISABLED_231 - tenant: Tenant_C -- id: 240 - name: L3_MULTICAST_DISABLED_240 - tenant: Tenant_D -- id: 241 - name: L3_MULTICAST_DISABLED_241 - tenant: Tenant_D -- id: 140 - name: L3_MULTICAST_ENABLED_140 - tenant: Tenant_D -- id: 141 - name: L3_MULTICAST_DISABLED_141 - tenant: Tenant_D -- id: 550 - name: L3_MULTICAST_ENABLED_550 - tenant: Tenant_E -- id: 260 - name: L3_MULTICAST_ENABLED_260 - tenant: Tenant_E -- id: 250 - name: L3_MULTICAST_ENABLED_250 - tenant: Tenant_E -- id: 150 - name: L3_MULTICAST_ENABLED_150 - tenant: Tenant_E -- id: 251 - name: MULTICAST_DISABLED_251 - tenant: Tenant_F -- id: 252 - name: MULTICAST_ENABLED_252 - tenant: Tenant_F -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 110 - querier: - enabled: true - address: 192.168.255.5 - fast_leave: true - - id: 111 - querier: - enabled: true - address: 192.168.255.5 - fast_leave: true - - id: 210 - querier: - enabled: true - address: 192.168.255.5 - fast_leave: true - - id: 257 - querier: - enabled: true - address: 192.168.255.5 - fast_leave: true - - id: 4092 - querier: - enabled: true - address: 192.168.255.5 - fast_leave: true - - id: 1 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - fast_leave: true - - id: 2 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 3 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 8 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 9 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 136 - querier: - enabled: true - address: 192.168.255.5 - - id: 137 - querier: - enabled: true - address: 192.168.255.5 - - id: 230 - querier: - enabled: true - address: 192.168.255.5 - - id: 252 - querier: - enabled: true - address: 192.168.255.5 - fast_leave: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.5:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.5:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.5:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.5:23 + route_targets: + import: + - address_family: evpn + route_targets: + - '23:23' + export: + - address_family: evpn + route_targets: + - '23:23' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.5:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.5:22 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:22' + export: + - address_family: evpn + route_targets: + - '22:22' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.5:33 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '33:33' + export: + - address_family: evpn + route_targets: + - '33:33' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.5:66 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.5:32 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '32:32' + export: + - address_family: evpn + route_targets: + - '32:32' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.5:42 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + rd: 192.168.255.5:41 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + rd: 192.168.255.5:55 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '55:55' + export: + - address_family: evpn + route_targets: + - '55:55' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + rd: 192.168.255.5:60 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - 60:60 + export: + - address_family: evpn + route_targets: + - 60:60 + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.5:52 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '52:52' + export: + - address_family: evpn + route_targets: + - '52:52' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.5:51 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '51:51' + export: + - address_family: evpn + route_targets: + - '51:51' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true +router_multicast: + ipv4: + routing: true + software_forwarding: sfe + vrfs: + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ipv4: + routing: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ipv4: + routing: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + routing: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + routing: true +router_pim_sparse_mode: + vrfs: + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + rp_addresses: + - address: 10.20.20.20 + groups: + - 232.0.0.0/21 + - address: 10.40.40.40 + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + rp_addresses: + - address: 10.1.50.100 + groups: + - 232.0.112.0/21 + - address: 10.1.50.150 + access_lists: + - RPS_ACL_VRF_Tenant_E_2 +service_routing_protocols_model: multi-agent +standard_access_lists: +- name: RPS_ACL_VRF_Tenant_E_2 + sequence_numbers: + - sequence: 10 + action: permit 232.0.136.0/21 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.5 +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.5 +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.5 +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.5 +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.5 +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.5 +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.5 +- name: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.5 +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.5 vlan_interfaces: - name: Vlan310 - tenant: Tenant_A - tags: - - test_l3 description: MULTICAST_DISABLED_310 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan311 description: MULTICAST_DISABLED_311 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan110 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan110 description: MULTICAST_ENABLED_110 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan111 description: MULTICAST_ENABLED_111 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan210 + ip_address_virtual: 10.1.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan210 description: MULTICAST_ENABLED_210 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan211 description: MULTICAST_DISABLED_211 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan5 - tenant: Tenant_B + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_A tags: - test_l3 +- name: Vlan5 description: MULTICAST_DISABLED_5 shutdown: false - ip_address_virtual: 10.0.5.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan6 + ip_address_virtual: 10.0.5.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan6 description: MULTICAST_DISABLED_6 shutdown: false - ip_address_virtual: 10.0.6.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan1 + ip_address_virtual: 10.0.6.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan1 description: MULTICAST_ENABLED_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan2 description: MULTICAST_ENABLED_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan3 description: MULTICAST_ENABLED_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan4 description: MULTICAST_DISABLED_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan330 - tenant: Tenant_C + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_B tags: - test_l3 +- name: Vlan330 description: L3_MULTICAST_DISABLED_330 shutdown: false - ip_address_virtual: 10.3.33.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan331 + ip_address_virtual: 10.3.33.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan331 description: L3_MULTICAST_DISABLED_331 shutdown: false - ip_address_virtual: 10.3.34.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan130 + ip_address_virtual: 10.3.34.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan130 description: L3_MULTICAST_ENABLED_130 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_address_virtual: 10.1.13.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan131 tenant: Tenant_C tags: - test_l3 +- name: Vlan131 description: L3_MULTICAST_ENABLED_131 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_address: 10.1.14.4/24 ip_virtual_router_addresses: - 10.1.14.1 ip_igmp: true - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan136 tenant: Tenant_C + tags: + - test_l3 +- name: Vlan136 description: L3_L2_MULTICAST_ENABLED_136 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan137 tenant: Tenant_C +- name: Vlan137 description: L3_L2_MULTICAST_ENABLED_137 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan230 tenant: Tenant_C - tags: - - test_l3 +- name: Vlan230 description: L3_MULTICAST_ENABLED_230 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 ip_address_virtual: 10.2.23.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback32 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan231 tenant: Tenant_C tags: - test_l3 +- name: Vlan231 description: L3_MULTICAST_DISABLED_231 shutdown: false - ip_address_virtual: 10.2.24.1/24 vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan240 - tenant: Tenant_D + ip_address_virtual: 10.2.24.1/24 + tenant: Tenant_C tags: - test_l3 +- name: Vlan240 description: L3_MULTICAST_DISABLED_240 shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan241 + ip_address_virtual: 10.1.24.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan241 description: L3_MULTICAST_DISABLED_241 shutdown: false - ip_address_virtual: 10.1.25.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan140 + ip_address_virtual: 10.1.25.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan140 description: L3_MULTICAST_ENABLED_140 shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 ip_address_virtual: 10.1.14.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback41 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan141 tenant: Tenant_D tags: - test_l3 +- name: Vlan141 description: L3_MULTICAST_DISABLED_141 shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan550 - tenant: Tenant_E + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_D tags: - test_l3 +- name: Vlan550 description: L3_MULTICAST_ENABLED_550 shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE ip_address_virtual: 10.1.56.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback55 - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: Vlan260 tenant: Tenant_E tags: - test_l3 +- name: Vlan260 description: L3_MULTICAST_ENABLED_260 shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES ip_address_virtual: 10.1.26.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback60 - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES -- name: Vlan250 tenant: Tenant_E tags: - test_l3 +- name: Vlan250 description: L3_MULTICAST_ENABLED_250 shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT ip_address_virtual: 10.1.15.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback52 - vrf: TEN_E_L3_MULTICAST_TRANSIT -- name: Vlan150 tenant: Tenant_E tags: - test_l3 +- name: Vlan150 description: L3_MULTICAST_ENABLED_150 shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED ip_address_virtual: 10.1.15.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback51 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + tenant: Tenant_E + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 310 + name: MULTICAST_DISABLED_310 + tenant: Tenant_A +- id: 311 + name: MULTICAST_DISABLED_311 + tenant: Tenant_A +- id: 110 + name: MULTICAST_ENABLED_110 + tenant: Tenant_A +- id: 111 + name: MULTICAST_ENABLED_111 + tenant: Tenant_A +- id: 210 + name: MULTICAST_ENABLED_210 + tenant: Tenant_A +- id: 211 + name: MULTICAST_DISABLED_211 + tenant: Tenant_A +- id: 256 + name: MULTICAST_DISABLED_256 + tenant: Tenant_A +- id: 257 + name: MULTICAST_ENABLED_257 + tenant: Tenant_A +- id: 4092 + name: MULTICAST_ENABLED_4092 + tenant: Tenant_A +- id: 5 + name: MULTICAST_DISABLED_5 + tenant: Tenant_B +- id: 6 + name: MULTICAST_DISABLED_6 + tenant: Tenant_B +- id: 1 + name: MULTICAST_ENABLED_1 + tenant: Tenant_B +- id: 2 + name: MULTICAST_ENABLED_2 + tenant: Tenant_B +- id: 3 + name: MULTICAST_ENABLED_3 + tenant: Tenant_B +- id: 4 + name: MULTICAST_DISABLED_4 + tenant: Tenant_B +- id: 7 + name: MULTICAST_DISABLED_7 + tenant: Tenant_B +- id: 8 + name: MULTICAST_ENABLED_8 + tenant: Tenant_B +- id: 9 + name: MULTICAST_ENABLED_9 + tenant: Tenant_B +- id: 330 + name: L3_MULTICAST_DISABLED_330 + tenant: Tenant_C +- id: 331 + name: L3_MULTICAST_DISABLED_331 + tenant: Tenant_C +- id: 130 + name: L3_MULTICAST_ENABLED_130 + tenant: Tenant_C +- id: 131 + name: L3_MULTICAST_ENABLED_131 + tenant: Tenant_C +- id: 136 + name: L3_L2_MULTICAST_ENABLED_136 + tenant: Tenant_C +- id: 137 + name: L3_L2_MULTICAST_ENABLED_137 + tenant: Tenant_C +- id: 230 + name: L3_MULTICAST_ENABLED_230 + tenant: Tenant_C +- id: 231 + name: L3_MULTICAST_DISABLED_231 + tenant: Tenant_C +- id: 240 + name: L3_MULTICAST_DISABLED_240 + tenant: Tenant_D +- id: 241 + name: L3_MULTICAST_DISABLED_241 + tenant: Tenant_D +- id: 140 + name: L3_MULTICAST_ENABLED_140 + tenant: Tenant_D +- id: 141 + name: L3_MULTICAST_DISABLED_141 + tenant: Tenant_D +- id: 550 + name: L3_MULTICAST_ENABLED_550 + tenant: Tenant_E +- id: 260 + name: L3_MULTICAST_ENABLED_260 + tenant: Tenant_E +- id: 250 + name: L3_MULTICAST_ENABLED_250 + tenant: Tenant_E +- id: 150 + name: L3_MULTICAST_ENABLED_150 + tenant: Tenant_E +- id: 251 + name: MULTICAST_DISABLED_251 + tenant: Tenant_F +- id: 252 + name: MULTICAST_ENABLED_252 + tenant: Tenant_F +vrfs: +- name: MGMT + ip_routing: false +- name: MULTICAST_DISABLED_310_311 + description: MULTICAST_DISABLED_310_311 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_110_111 + description: MULTICAST_ENABLED_110_111 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_210_DISABLED_211 + description: MULTICAST_ENABLED_210_DISABLED_211 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_DISABLED_5_6 + description: MULTICAST_DISABLED_5_6 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_1_2 + description: MULTICAST_ENABLED_1_2 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_3_DISABLED_4 + description: MULTICAST_ENABLED_3_DISABLED_4 + ip_routing: true + tenant: Tenant_B +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + description: L3_MULTICAST_DISABLED_330_331 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + description: L3_MULTICAST_ENABLED_130_131 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + description: L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_routing: true + tenant: Tenant_C +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + description: L3_MULTICAST_DISABLED_240_241 + ip_routing: true + tenant: Tenant_D +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + description: L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_routing: true + tenant: Tenant_D +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + description: L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_TRANSIT + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + description: PEG_L3_MULTICAST_ENABLED in Tenant E + ip_routing: true + tenant: Tenant_E vxlan_interface: vxlan1: description: EVPN-MULTICAST-L3LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 310 vni: 10310 @@ -1361,47 +1405,3 @@ vxlan_interface: - name: TEN_E_PEG_L3_MULTICAST_ENABLED vni: 51 multicast_group: 232.0.96.50 -virtual_source_nat_vrfs: -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.5 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.5 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.5 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.5 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.5 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.5 -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.5 -- name: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.5 -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.5 -router_pim_sparse_mode: - vrfs: - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - rp_addresses: - - address: 10.20.20.20 - groups: - - 232.0.0.0/21 - - address: 10.40.40.40 - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - rp_addresses: - - address: 10.1.50.100 - groups: - - 232.0.112.0/21 - - address: 10.1.50.150 - access_lists: - - RPS_ACL_VRF_Tenant_E_2 -standard_access_lists: -- name: RPS_ACL_VRF_Tenant_E_2 - sequence_numbers: - - sequence: 10 - action: permit 232.0.136.0/21 -metadata: - platform: 7050X3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3A.yml index e6f159f77fc..53dd1f7ef62 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3A.yml @@ -1,38 +1,245 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-SPINE1_Ethernet4 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.7/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-SPINE1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet9 + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.2.52.0/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet7.10 + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + encapsulation_dot1q: + vlan: 10 + ip_address: 10.1.51.4/31 + peer_type: l3_interface + sflow: + enable: true +- name: Ethernet8 + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.1.51.4/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet7 + shutdown: false + peer_type: l3_interface + switchport: + enabled: false hostname: EVPN-MULTICAST-L3LEAF3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 110 + querier: + enabled: true + address: 192.168.255.6 + fast_leave: true + - id: 111 + querier: + enabled: true + address: 192.168.255.6 + fast_leave: true + - id: 210 + querier: + enabled: true + address: 192.168.255.6 + fast_leave: true + - id: 257 + querier: + enabled: true + address: 192.168.255.6 + fast_leave: true + - id: 4092 + querier: + enabled: true + address: 192.168.255.6 + fast_leave: true + - id: 1 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + fast_leave: true + - id: 2 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 3 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 8 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 9 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 136 + querier: + enabled: true + address: 192.168.255.6 + - id: 137 + querier: + enabled: true + address: 192.168.255.6 + - id: 230 + querier: + enabled: true + address: 192.168.255.6 + - id: 252 + querier: + enabled: true + address: 192.168.255.6 + fast_leave: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 +- name: Loopback33 + description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + shutdown: false + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.6/32 +- name: Loopback31 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.6/32 +- name: Loopback32 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.6/32 +- name: Loopback42 + description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + shutdown: false + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.6/32 +- name: Loopback41 + description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.6/32 +- name: Loopback55 + description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.6/32 +- name: Loopback60 + description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.6/32 +- name: Loopback52 + description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.6/32 +- name: Loopback51 + description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65104' router_id: 192.168.255.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.6 peer_group: IPv4-UNDERLAY-PEERS @@ -41,258 +248,17 @@ router_bgp: description: EVPN-MULTICAST-SPINE1_Ethernet4 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: EVPN-MULTICAST-SPINE1 description: EVPN-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.6:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.6:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.6:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.6:23 - route_targets: - import: - - address_family: evpn - route_targets: - - '23:23' - export: - - address_family: evpn - route_targets: - - '23:23' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.6:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.6:22 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:22' - export: - - address_family: evpn - route_targets: - - '22:22' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.6:33 - route_targets: - import: - - address_family: evpn - route_targets: - - '33:33' - export: - - address_family: evpn - route_targets: - - '33:33' - evpn_multicast: false - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.6:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - evpn_multicast: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.6:32 - route_targets: - import: - - address_family: evpn - route_targets: - - '32:32' - export: - - address_family: evpn - route_targets: - - '32:32' - evpn_multicast: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.6:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - evpn_multicast: false - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.6:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - evpn_multicast: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.6:55 - route_targets: - import: - - address_family: evpn - route_targets: - - '55:55' - export: - - address_family: evpn - route_targets: - - '55:55' - evpn_multicast: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.6:60 - route_targets: - import: - - address_family: evpn - route_targets: - - 60:60 - export: - - address_family: evpn - route_targets: - - 60:60 - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.6:52 - route_targets: - import: - - address_family: evpn - route_targets: - - '52:52' - export: - - address_family: evpn - route_targets: - - '52:52' - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.6:51 - route_targets: - import: - - address_family: evpn - route_targets: - - '51:51' - export: - - address_family: evpn - route_targets: - - '51:51' - evpn_multicast: true - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - vlans: - - id: 310 - tenant: Tenant_A - rd: 192.168.255.6:10310 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 310 + tenant: Tenant_A + rd: 192.168.255.6:10310 route_targets: both: - 10310:10310 @@ -590,694 +556,795 @@ router_bgp: redistribute_routes: - learned - igmp -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true - software_forwarding: sfe - vrfs: - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ipv4: - routing: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ipv4: - routing: true + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.6:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.6:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.6:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.6:23 + route_targets: + import: + - address_family: evpn + route_targets: + - '23:23' + export: + - address_family: evpn + route_targets: + - '23:23' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.6:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.6:22 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:22' + export: + - address_family: evpn + route_targets: + - '22:22' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.6:33 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '33:33' + export: + - address_family: evpn + route_targets: + - '33:33' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.6:66 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.6:32 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '32:32' + export: + - address_family: evpn + route_targets: + - '32:32' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.6:42 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ipv4: - routing: true + rd: 192.168.255.6:41 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - routing: true + rd: 192.168.255.6:55 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '55:55' + export: + - address_family: evpn + route_targets: + - '55:55' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - routing: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: MULTICAST_DISABLED_310_311 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_DISABLED_310_311 -- name: MULTICAST_ENABLED_110_111 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_110_111 -- name: MULTICAST_ENABLED_210_DISABLED_211 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_210_DISABLED_211 -- name: MULTICAST_DISABLED_5_6 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_DISABLED_5_6 -- name: MULTICAST_ENABLED_1_2 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_1_2 -- name: MULTICAST_ENABLED_3_DISABLED_4 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_3_DISABLED_4 -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_DISABLED_330_331 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_130_131 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_DISABLED_240_241 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_L3_MULTICAST_TRANSIT - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - tenant: Tenant_E - ip_routing: true - description: PEG_L3_MULTICAST_ENABLED in Tenant E -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: EVPN-MULTICAST-SPINE1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_EVPN-MULTICAST-SPINE1_Ethernet4 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.7/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet9 - peer_type: l3_interface - ip_address: 10.2.52.0/31 - shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_TRANSIT - pim: - ipv4: - sparse_mode: true -- name: Ethernet7.10 - peer_type: l3_interface - ip_address: 10.1.51.4/31 - shutdown: false - sflow: - enable: true - encapsulation_dot1q: - vlan: 10 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED -- name: Ethernet8 - peer_type: l3_interface - ip_address: 10.1.51.4/31 - shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - pim: - ipv4: - sparse_mode: true -- name: Ethernet7 - switchport: - enabled: false - peer_type: l3_interface - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.6/32 -- name: Loopback33 - description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - shutdown: false - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.6/32 -- name: Loopback31 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.6/32 -- name: Loopback32 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.6/32 -- name: Loopback42 - description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - shutdown: false - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.6/32 -- name: Loopback41 - description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - shutdown: false - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.6/32 -- name: Loopback55 - description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - shutdown: false - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.6/32 -- name: Loopback60 - description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - shutdown: false - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.6/32 -- name: Loopback52 - description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT - shutdown: false - vrf: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.6/32 -- name: Loopback51 - description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - shutdown: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 310 - name: MULTICAST_DISABLED_310 - tenant: Tenant_A -- id: 311 - name: MULTICAST_DISABLED_311 - tenant: Tenant_A -- id: 110 - name: MULTICAST_ENABLED_110 - tenant: Tenant_A -- id: 111 - name: MULTICAST_ENABLED_111 - tenant: Tenant_A -- id: 210 - name: MULTICAST_ENABLED_210 - tenant: Tenant_A -- id: 211 - name: MULTICAST_DISABLED_211 - tenant: Tenant_A -- id: 256 - name: MULTICAST_DISABLED_256 - tenant: Tenant_A -- id: 257 - name: MULTICAST_ENABLED_257 - tenant: Tenant_A -- id: 4092 - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A -- id: 5 - name: MULTICAST_DISABLED_5 - tenant: Tenant_B -- id: 6 - name: MULTICAST_DISABLED_6 - tenant: Tenant_B -- id: 1 - name: MULTICAST_ENABLED_1 - tenant: Tenant_B -- id: 2 - name: MULTICAST_ENABLED_2 - tenant: Tenant_B -- id: 3 - name: MULTICAST_ENABLED_3 - tenant: Tenant_B -- id: 4 - name: MULTICAST_DISABLED_4 - tenant: Tenant_B -- id: 7 - name: MULTICAST_DISABLED_7 - tenant: Tenant_B -- id: 8 - name: MULTICAST_ENABLED_8 - tenant: Tenant_B -- id: 9 - name: MULTICAST_ENABLED_9 - tenant: Tenant_B -- id: 330 - name: L3_MULTICAST_DISABLED_330 - tenant: Tenant_C -- id: 331 - name: L3_MULTICAST_DISABLED_331 - tenant: Tenant_C -- id: 130 - name: L3_MULTICAST_ENABLED_130 - tenant: Tenant_C -- id: 131 - name: L3_MULTICAST_ENABLED_131 - tenant: Tenant_C -- id: 136 - name: L3_L2_MULTICAST_ENABLED_136 - tenant: Tenant_C -- id: 137 - name: L3_L2_MULTICAST_ENABLED_137 - tenant: Tenant_C -- id: 230 - name: L3_MULTICAST_ENABLED_230 - tenant: Tenant_C -- id: 231 - name: L3_MULTICAST_DISABLED_231 - tenant: Tenant_C -- id: 240 - name: L3_MULTICAST_DISABLED_240 - tenant: Tenant_D -- id: 241 - name: L3_MULTICAST_DISABLED_241 - tenant: Tenant_D -- id: 140 - name: L3_MULTICAST_ENABLED_140 - tenant: Tenant_D -- id: 141 - name: L3_MULTICAST_DISABLED_141 - tenant: Tenant_D -- id: 550 - name: L3_MULTICAST_ENABLED_550 - tenant: Tenant_E -- id: 260 - name: L3_MULTICAST_ENABLED_260 - tenant: Tenant_E -- id: 250 - name: L3_MULTICAST_ENABLED_250 - tenant: Tenant_E -- id: 150 - name: L3_MULTICAST_ENABLED_150 - tenant: Tenant_E -- id: 251 - name: MULTICAST_DISABLED_251 - tenant: Tenant_F -- id: 252 - name: MULTICAST_ENABLED_252 - tenant: Tenant_F -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 110 - querier: - enabled: true - address: 192.168.255.6 - fast_leave: true - - id: 111 - querier: - enabled: true - address: 192.168.255.6 - fast_leave: true - - id: 210 - querier: - enabled: true - address: 192.168.255.6 - fast_leave: true - - id: 257 - querier: - enabled: true - address: 192.168.255.6 - fast_leave: true - - id: 4092 - querier: - enabled: true - address: 192.168.255.6 - fast_leave: true - - id: 1 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - fast_leave: true - - id: 2 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 3 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 8 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 9 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 136 - querier: - enabled: true - address: 192.168.255.6 - - id: 137 - querier: - enabled: true - address: 192.168.255.6 - - id: 230 - querier: - enabled: true - address: 192.168.255.6 - - id: 252 - querier: - enabled: true - address: 192.168.255.6 - fast_leave: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + rd: 192.168.255.6:60 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - 60:60 + export: + - address_family: evpn + route_targets: + - 60:60 + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.6:52 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - '52:52' + export: + - address_family: evpn + route_targets: + - '52:52' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.6:51 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '51:51' + export: + - address_family: evpn + route_targets: + - '51:51' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true +router_multicast: + ipv4: + routing: true + software_forwarding: sfe + vrfs: + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ipv4: + routing: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ipv4: + routing: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + routing: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + routing: true +router_pim_sparse_mode: + vrfs: + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + rp_addresses: + - address: 10.20.20.20 + groups: + - 232.0.0.0/21 + - address: 10.40.40.40 + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + rp_addresses: + - address: 10.60.60.60 + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + rp_addresses: + - address: 10.60.60.60 + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + rp_addresses: + - address: 10.1.51.129 + groups: + - 232.0.104.0/21 + - 232.0.96.0/21 + - address: 10.1.52.129 + groups: + - 232.0.104.0/21 + - 232.0.96.0/21 + - address: 10.1.50.100 + groups: + - 232.0.112.0/21 + - address: 10.1.50.150 + access_lists: + - RPS_ACL_VRF_Tenant_E_2 +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: sflow_vrf + destinations: + - destination: 10.10.10.12 + port: 1234 + run: true +standard_access_lists: +- name: RPS_ACL_VRF_Tenant_E_2 + sequence_numbers: + - sequence: 10 + action: permit 232.0.136.0/21 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.6 +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.6 +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.6 +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.6 +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.6 +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.6 +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.6 +- name: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.6 +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.6 vlan_interfaces: - name: Vlan310 - tenant: Tenant_A - tags: - - test_l3 description: MULTICAST_DISABLED_310 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan311 description: MULTICAST_DISABLED_311 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan110 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan110 description: MULTICAST_ENABLED_110 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan111 description: MULTICAST_ENABLED_111 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan210 + ip_address_virtual: 10.1.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan210 description: MULTICAST_ENABLED_210 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan211 description: MULTICAST_DISABLED_211 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan5 - tenant: Tenant_B + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_A tags: - test_l3 +- name: Vlan5 description: MULTICAST_DISABLED_5 shutdown: false - ip_address_virtual: 10.0.5.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan6 + ip_address_virtual: 10.0.5.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan6 description: MULTICAST_DISABLED_6 shutdown: false - ip_address_virtual: 10.0.6.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan1 + ip_address_virtual: 10.0.6.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan1 description: MULTICAST_ENABLED_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan2 description: MULTICAST_ENABLED_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan3 description: MULTICAST_ENABLED_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan4 description: MULTICAST_DISABLED_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan330 - tenant: Tenant_C + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_B tags: - test_l3 +- name: Vlan330 description: L3_MULTICAST_DISABLED_330 shutdown: false - ip_address_virtual: 10.3.33.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan331 + ip_address_virtual: 10.3.33.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan331 description: L3_MULTICAST_DISABLED_331 shutdown: false - ip_address_virtual: 10.3.34.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan130 + ip_address_virtual: 10.3.34.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan130 description: L3_MULTICAST_ENABLED_130 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_address_virtual: 10.1.13.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan131 tenant: Tenant_C tags: - test_l3 +- name: Vlan131 description: L3_MULTICAST_ENABLED_131 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_address: 10.1.14.5/24 ip_virtual_router_addresses: - 10.1.14.1 ip_igmp: true - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan136 tenant: Tenant_C + tags: + - test_l3 +- name: Vlan136 description: L3_L2_MULTICAST_ENABLED_136 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan137 tenant: Tenant_C +- name: Vlan137 description: L3_L2_MULTICAST_ENABLED_137 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan230 tenant: Tenant_C - tags: - - test_l3 +- name: Vlan230 description: L3_MULTICAST_ENABLED_230 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 ip_address_virtual: 10.2.23.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback32 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan231 tenant: Tenant_C tags: - test_l3 +- name: Vlan231 description: L3_MULTICAST_DISABLED_231 shutdown: false - ip_address_virtual: 10.2.24.1/24 vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan240 - tenant: Tenant_D + ip_address_virtual: 10.2.24.1/24 + tenant: Tenant_C tags: - test_l3 +- name: Vlan240 description: L3_MULTICAST_DISABLED_240 shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan241 + ip_address_virtual: 10.1.24.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan241 description: L3_MULTICAST_DISABLED_241 shutdown: false - ip_address_virtual: 10.1.25.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan140 + ip_address_virtual: 10.1.25.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan140 description: L3_MULTICAST_ENABLED_140 shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 ip_address_virtual: 10.1.14.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback41 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan141 tenant: Tenant_D tags: - test_l3 +- name: Vlan141 description: L3_MULTICAST_DISABLED_141 shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan550 - tenant: Tenant_E + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_D tags: - test_l3 +- name: Vlan550 description: L3_MULTICAST_ENABLED_550 shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE ip_address_virtual: 10.1.56.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback55 - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: Vlan260 tenant: Tenant_E tags: - test_l3 +- name: Vlan260 description: L3_MULTICAST_ENABLED_260 shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES ip_address_virtual: 10.1.26.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback60 - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES -- name: Vlan250 tenant: Tenant_E tags: - test_l3 +- name: Vlan250 description: L3_MULTICAST_ENABLED_250 shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT ip_address_virtual: 10.1.15.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback52 - vrf: TEN_E_L3_MULTICAST_TRANSIT -- name: Vlan150 tenant: Tenant_E tags: - test_l3 +- name: Vlan150 description: L3_MULTICAST_ENABLED_150 shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED ip_address_virtual: 10.1.15.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback51 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + tenant: Tenant_E + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 310 + name: MULTICAST_DISABLED_310 + tenant: Tenant_A +- id: 311 + name: MULTICAST_DISABLED_311 + tenant: Tenant_A +- id: 110 + name: MULTICAST_ENABLED_110 + tenant: Tenant_A +- id: 111 + name: MULTICAST_ENABLED_111 + tenant: Tenant_A +- id: 210 + name: MULTICAST_ENABLED_210 + tenant: Tenant_A +- id: 211 + name: MULTICAST_DISABLED_211 + tenant: Tenant_A +- id: 256 + name: MULTICAST_DISABLED_256 + tenant: Tenant_A +- id: 257 + name: MULTICAST_ENABLED_257 + tenant: Tenant_A +- id: 4092 + name: MULTICAST_ENABLED_4092 + tenant: Tenant_A +- id: 5 + name: MULTICAST_DISABLED_5 + tenant: Tenant_B +- id: 6 + name: MULTICAST_DISABLED_6 + tenant: Tenant_B +- id: 1 + name: MULTICAST_ENABLED_1 + tenant: Tenant_B +- id: 2 + name: MULTICAST_ENABLED_2 + tenant: Tenant_B +- id: 3 + name: MULTICAST_ENABLED_3 + tenant: Tenant_B +- id: 4 + name: MULTICAST_DISABLED_4 + tenant: Tenant_B +- id: 7 + name: MULTICAST_DISABLED_7 + tenant: Tenant_B +- id: 8 + name: MULTICAST_ENABLED_8 + tenant: Tenant_B +- id: 9 + name: MULTICAST_ENABLED_9 + tenant: Tenant_B +- id: 330 + name: L3_MULTICAST_DISABLED_330 + tenant: Tenant_C +- id: 331 + name: L3_MULTICAST_DISABLED_331 + tenant: Tenant_C +- id: 130 + name: L3_MULTICAST_ENABLED_130 + tenant: Tenant_C +- id: 131 + name: L3_MULTICAST_ENABLED_131 + tenant: Tenant_C +- id: 136 + name: L3_L2_MULTICAST_ENABLED_136 + tenant: Tenant_C +- id: 137 + name: L3_L2_MULTICAST_ENABLED_137 + tenant: Tenant_C +- id: 230 + name: L3_MULTICAST_ENABLED_230 + tenant: Tenant_C +- id: 231 + name: L3_MULTICAST_DISABLED_231 + tenant: Tenant_C +- id: 240 + name: L3_MULTICAST_DISABLED_240 + tenant: Tenant_D +- id: 241 + name: L3_MULTICAST_DISABLED_241 + tenant: Tenant_D +- id: 140 + name: L3_MULTICAST_ENABLED_140 + tenant: Tenant_D +- id: 141 + name: L3_MULTICAST_DISABLED_141 + tenant: Tenant_D +- id: 550 + name: L3_MULTICAST_ENABLED_550 + tenant: Tenant_E +- id: 260 + name: L3_MULTICAST_ENABLED_260 + tenant: Tenant_E +- id: 250 + name: L3_MULTICAST_ENABLED_250 + tenant: Tenant_E +- id: 150 + name: L3_MULTICAST_ENABLED_150 + tenant: Tenant_E +- id: 251 + name: MULTICAST_DISABLED_251 + tenant: Tenant_F +- id: 252 + name: MULTICAST_ENABLED_252 + tenant: Tenant_F +vrfs: +- name: MGMT + ip_routing: false +- name: MULTICAST_DISABLED_310_311 + description: MULTICAST_DISABLED_310_311 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_110_111 + description: MULTICAST_ENABLED_110_111 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_210_DISABLED_211 + description: MULTICAST_ENABLED_210_DISABLED_211 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_DISABLED_5_6 + description: MULTICAST_DISABLED_5_6 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_1_2 + description: MULTICAST_ENABLED_1_2 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_3_DISABLED_4 + description: MULTICAST_ENABLED_3_DISABLED_4 + ip_routing: true + tenant: Tenant_B +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + description: L3_MULTICAST_DISABLED_330_331 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + description: L3_MULTICAST_ENABLED_130_131 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + description: L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_routing: true + tenant: Tenant_C +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + description: L3_MULTICAST_DISABLED_240_241 + ip_routing: true + tenant: Tenant_D +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + description: L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_routing: true + tenant: Tenant_D +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + description: L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_TRANSIT + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + description: PEG_L3_MULTICAST_ENABLED in Tenant E + ip_routing: true + tenant: Tenant_E vxlan_interface: vxlan1: description: EVPN-MULTICAST-L3LEAF3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 310 vni: 10310 @@ -1402,70 +1469,3 @@ vxlan_interface: - name: TEN_E_PEG_L3_MULTICAST_ENABLED vni: 51 multicast_group: 232.0.96.50 -virtual_source_nat_vrfs: -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.6 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.6 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.6 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.6 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.6 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.6 -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.6 -- name: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.6 -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.6 -router_pim_sparse_mode: - vrfs: - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - rp_addresses: - - address: 10.20.20.20 - groups: - - 232.0.0.0/21 - - address: 10.40.40.40 - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - rp_addresses: - - address: 10.60.60.60 - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - rp_addresses: - - address: 10.60.60.60 - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - rp_addresses: - - address: 10.1.51.129 - groups: - - 232.0.104.0/21 - - 232.0.96.0/21 - - address: 10.1.52.129 - groups: - - 232.0.104.0/21 - - 232.0.96.0/21 - - address: 10.1.50.100 - groups: - - 232.0.112.0/21 - - address: 10.1.50.150 - access_lists: - - RPS_ACL_VRF_Tenant_E_2 -standard_access_lists: -- name: RPS_ACL_VRF_Tenant_E_2 - sequence_numbers: - - sequence: 10 - action: permit 232.0.136.0/21 -sflow: - run: true - vrfs: - - name: sflow_vrf - destinations: - - destination: 10.10.10.12 - port: 1234 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3B.yml index 9c9af4e239a..7fdc95bf239 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-L3LEAF3B.yml @@ -1,38 +1,245 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-SPINE1_Ethernet5 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.9/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet9 + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.2.52.2/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet7.10 + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + encapsulation_dot1q: + vlan: 10 + ip_address: 10.1.51.6/31 + peer_type: l3_interface + sflow: + enable: true +- name: Ethernet8 + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.1.51.6/31 + pim: + ipv4: + sparse_mode: true + peer_type: l3_interface + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet7 + shutdown: false + peer_type: l3_interface + switchport: + enabled: false hostname: EVPN-MULTICAST-L3LEAF3B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 110 + querier: + enabled: true + address: 192.168.255.7 + fast_leave: true + - id: 111 + querier: + enabled: true + address: 192.168.255.7 + fast_leave: true + - id: 210 + querier: + enabled: true + address: 192.168.255.7 + fast_leave: true + - id: 257 + querier: + enabled: true + address: 192.168.255.7 + fast_leave: true + - id: 4092 + querier: + enabled: true + address: 192.168.255.7 + fast_leave: true + - id: 1 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + fast_leave: true + - id: 2 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 3 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 8 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 9 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 136 + querier: + enabled: true + address: 192.168.255.7 + - id: 137 + querier: + enabled: true + address: 192.168.255.7 + - id: 230 + querier: + enabled: true + address: 192.168.255.7 + - id: 252 + querier: + enabled: true + address: 192.168.255.7 + fast_leave: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.7/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.7/32 +- name: Loopback33 + description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 + shutdown: false + vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.7/32 +- name: Loopback31 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.7/32 +- name: Loopback32 + description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.7/32 +- name: Loopback42 + description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 + shutdown: false + vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.7/32 +- name: Loopback41 + description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.7/32 +- name: Loopback55 + description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.7/32 +- name: Loopback60 + description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.7/32 +- name: Loopback52 + description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT + shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.7/32 +- name: Loopback51 + description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED + shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65105' router_id: 192.168.255.7 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.8 peer_group: IPv4-UNDERLAY-PEERS @@ -41,258 +248,17 @@ router_bgp: description: EVPN-MULTICAST-SPINE1_Ethernet5 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: EVPN-MULTICAST-SPINE1 description: EVPN-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: MULTICAST_DISABLED_310_311 - rd: 192.168.255.7:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_110_111 - rd: 192.168.255.7:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_210_DISABLED_211 - rd: 192.168.255.7:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: MULTICAST_DISABLED_5_6 - rd: 192.168.255.7:23 - route_targets: - import: - - address_family: evpn - route_targets: - - '23:23' - export: - - address_family: evpn - route_targets: - - '23:23' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_1_2 - rd: 192.168.255.7:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: MULTICAST_ENABLED_3_DISABLED_4 - rd: 192.168.255.7:22 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:22' - export: - - address_family: evpn - route_targets: - - '22:22' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_DISABLED_330_331 - rd: 192.168.255.7:33 - route_targets: - import: - - address_family: evpn - route_targets: - - '33:33' - export: - - address_family: evpn - route_targets: - - '33:33' - evpn_multicast: false - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - rd: 192.168.255.7:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - evpn_multicast: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - rd: 192.168.255.7:32 - route_targets: - import: - - address_family: evpn - route_targets: - - '32:32' - export: - - address_family: evpn - route_targets: - - '32:32' - evpn_multicast: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_DISABLED_240_241 - rd: 192.168.255.7:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - evpn_multicast: false - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - rd: 192.168.255.7:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - evpn_multicast: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - rd: 192.168.255.7:55 - route_targets: - import: - - address_family: evpn - route_targets: - - '55:55' - export: - - address_family: evpn - route_targets: - - '55:55' - evpn_multicast: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - rd: 192.168.255.7:60 - route_targets: - import: - - address_family: evpn - route_targets: - - 60:60 - export: - - address_family: evpn - route_targets: - - 60:60 - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_E_L3_MULTICAST_TRANSIT - rd: 192.168.255.7:52 - route_targets: - import: - - address_family: evpn - route_targets: - - '52:52' - export: - - address_family: evpn - route_targets: - - '52:52' - evpn_multicast: true - evpn_multicast_address_family: - ipv4: - transit: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - rd: 192.168.255.7:51 - route_targets: - import: - - address_family: evpn - route_targets: - - '51:51' - export: - - address_family: evpn - route_targets: - - '51:51' - evpn_multicast: true - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - vlans: - - id: 310 - tenant: Tenant_A - rd: 192.168.255.7:10310 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 310 + tenant: Tenant_A + rd: 192.168.255.7:10310 route_targets: both: - 10310:10310 @@ -590,694 +556,795 @@ router_bgp: redistribute_routes: - learned - igmp -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true - software_forwarding: sfe - vrfs: - - name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ipv4: - routing: true - - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ipv4: - routing: true + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: MULTICAST_DISABLED_310_311 + rd: 192.168.255.7:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_110_111 + rd: 192.168.255.7:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_210_DISABLED_211 + rd: 192.168.255.7:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: MULTICAST_DISABLED_5_6 + rd: 192.168.255.7:23 + route_targets: + import: + - address_family: evpn + route_targets: + - '23:23' + export: + - address_family: evpn + route_targets: + - '23:23' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_1_2 + rd: 192.168.255.7:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: MULTICAST_ENABLED_3_DISABLED_4 + rd: 192.168.255.7:22 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:22' + export: + - address_family: evpn + route_targets: + - '22:22' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_DISABLED_330_331 + rd: 192.168.255.7:33 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '33:33' + export: + - address_family: evpn + route_targets: + - '33:33' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + rd: 192.168.255.7:66 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + rd: 192.168.255.7:32 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '32:32' + export: + - address_family: evpn + route_targets: + - '32:32' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: TEN_D_L3_MULTICAST_DISABLED_240_241 + rd: 192.168.255.7:42 + evpn_multicast: false + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ipv4: - routing: true + rd: 192.168.255.7:41 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - routing: true + rd: 192.168.255.7:55 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '55:55' + export: + - address_family: evpn + route_targets: + - '55:55' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - routing: true - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - routing: true - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: MULTICAST_DISABLED_310_311 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_DISABLED_310_311 -- name: MULTICAST_ENABLED_110_111 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_110_111 -- name: MULTICAST_ENABLED_210_DISABLED_211 - tenant: Tenant_A - ip_routing: true - description: MULTICAST_ENABLED_210_DISABLED_211 -- name: MULTICAST_DISABLED_5_6 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_DISABLED_5_6 -- name: MULTICAST_ENABLED_1_2 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_1_2 -- name: MULTICAST_ENABLED_3_DISABLED_4 - tenant: Tenant_B - ip_routing: true - description: MULTICAST_ENABLED_3_DISABLED_4 -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_DISABLED_330_331 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_130_131 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - tenant: Tenant_C - ip_routing: true - description: L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_DISABLED_240_241 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - tenant: Tenant_D - ip_routing: true - description: L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_L3_MULTICAST_TRANSIT - tenant: Tenant_E - ip_routing: true - description: L3_MULTICAST_TRANSIT -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - tenant: Tenant_E - ip_routing: true - description: PEG_L3_MULTICAST_ENABLED in Tenant E -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: EVPN-MULTICAST-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_EVPN-MULTICAST-SPINE1_Ethernet5 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.9/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet9 - peer_type: l3_interface - ip_address: 10.2.52.2/31 - shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_L3_MULTICAST_TRANSIT - pim: - ipv4: - sparse_mode: true -- name: Ethernet7.10 - peer_type: l3_interface - ip_address: 10.1.51.6/31 - shutdown: false - sflow: - enable: true - encapsulation_dot1q: - vlan: 10 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED -- name: Ethernet8 - peer_type: l3_interface - ip_address: 10.1.51.6/31 - shutdown: false - sflow: - enable: true - switchport: - enabled: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - pim: - ipv4: - sparse_mode: true -- name: Ethernet7 - switchport: - enabled: false - peer_type: l3_interface - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.7/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.7/32 -- name: Loopback33 - description: DIAG_VRF_TEN_C_L3_MULTICAST_DISABLED_330_331 - shutdown: false - vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.7/32 -- name: Loopback31 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_130_131 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.7/32 -- name: Loopback32 - description: DIAG_VRF_TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - shutdown: false - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.7/32 -- name: Loopback42 - description: DIAG_VRF_TEN_D_L3_MULTICAST_DISABLED_240_241 - shutdown: false - vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.7/32 -- name: Loopback41 - description: DIAG_VRF_TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - shutdown: false - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.7/32 -- name: Loopback55 - description: DIAG_VRF_TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - shutdown: false - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.7/32 -- name: Loopback60 - description: DIAG_VRF_TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - shutdown: false - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.7/32 -- name: Loopback52 - description: DIAG_VRF_TEN_E_L3_MULTICAST_TRANSIT - shutdown: false - vrf: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.7/32 -- name: Loopback51 - description: DIAG_VRF_TEN_E_PEG_L3_MULTICAST_ENABLED - shutdown: false - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.7/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 310 - name: MULTICAST_DISABLED_310 - tenant: Tenant_A -- id: 311 - name: MULTICAST_DISABLED_311 - tenant: Tenant_A -- id: 110 - name: MULTICAST_ENABLED_110 - tenant: Tenant_A -- id: 111 - name: MULTICAST_ENABLED_111 - tenant: Tenant_A -- id: 210 - name: MULTICAST_ENABLED_210 - tenant: Tenant_A -- id: 211 - name: MULTICAST_DISABLED_211 - tenant: Tenant_A -- id: 256 - name: MULTICAST_DISABLED_256 - tenant: Tenant_A -- id: 257 - name: MULTICAST_ENABLED_257 - tenant: Tenant_A -- id: 4092 - name: MULTICAST_ENABLED_4092 - tenant: Tenant_A -- id: 5 - name: MULTICAST_DISABLED_5 - tenant: Tenant_B -- id: 6 - name: MULTICAST_DISABLED_6 - tenant: Tenant_B -- id: 1 - name: MULTICAST_ENABLED_1 - tenant: Tenant_B -- id: 2 - name: MULTICAST_ENABLED_2 - tenant: Tenant_B -- id: 3 - name: MULTICAST_ENABLED_3 - tenant: Tenant_B -- id: 4 - name: MULTICAST_DISABLED_4 - tenant: Tenant_B -- id: 7 - name: MULTICAST_DISABLED_7 - tenant: Tenant_B -- id: 8 - name: MULTICAST_ENABLED_8 - tenant: Tenant_B -- id: 9 - name: MULTICAST_ENABLED_9 - tenant: Tenant_B -- id: 330 - name: L3_MULTICAST_DISABLED_330 - tenant: Tenant_C -- id: 331 - name: L3_MULTICAST_DISABLED_331 - tenant: Tenant_C -- id: 130 - name: L3_MULTICAST_ENABLED_130 - tenant: Tenant_C -- id: 131 - name: L3_MULTICAST_ENABLED_131 - tenant: Tenant_C -- id: 136 - name: L3_L2_MULTICAST_ENABLED_136 - tenant: Tenant_C -- id: 137 - name: L3_L2_MULTICAST_ENABLED_137 - tenant: Tenant_C -- id: 230 - name: L3_MULTICAST_ENABLED_230 - tenant: Tenant_C -- id: 231 - name: L3_MULTICAST_DISABLED_231 - tenant: Tenant_C -- id: 240 - name: L3_MULTICAST_DISABLED_240 - tenant: Tenant_D -- id: 241 - name: L3_MULTICAST_DISABLED_241 - tenant: Tenant_D -- id: 140 - name: L3_MULTICAST_ENABLED_140 - tenant: Tenant_D -- id: 141 - name: L3_MULTICAST_DISABLED_141 - tenant: Tenant_D -- id: 550 - name: L3_MULTICAST_ENABLED_550 - tenant: Tenant_E -- id: 260 - name: L3_MULTICAST_ENABLED_260 - tenant: Tenant_E -- id: 250 - name: L3_MULTICAST_ENABLED_250 - tenant: Tenant_E -- id: 150 - name: L3_MULTICAST_ENABLED_150 - tenant: Tenant_E -- id: 251 - name: MULTICAST_DISABLED_251 - tenant: Tenant_F -- id: 252 - name: MULTICAST_ENABLED_252 - tenant: Tenant_F -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 110 - querier: - enabled: true - address: 192.168.255.7 - fast_leave: true - - id: 111 - querier: - enabled: true - address: 192.168.255.7 - fast_leave: true - - id: 210 - querier: - enabled: true - address: 192.168.255.7 - fast_leave: true - - id: 257 - querier: - enabled: true - address: 192.168.255.7 - fast_leave: true - - id: 4092 - querier: - enabled: true - address: 192.168.255.7 - fast_leave: true - - id: 1 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - fast_leave: true - - id: 2 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 3 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 8 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 9 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 136 - querier: - enabled: true - address: 192.168.255.7 - - id: 137 - querier: - enabled: true - address: 192.168.255.7 - - id: 230 - querier: - enabled: true - address: 192.168.255.7 - - id: 252 - querier: - enabled: true - address: 192.168.255.7 - fast_leave: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + rd: 192.168.255.7:60 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - 60:60 + export: + - address_family: evpn + route_targets: + - 60:60 + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: TEN_E_L3_MULTICAST_TRANSIT + rd: 192.168.255.7:52 + evpn_multicast: true + evpn_multicast_address_family: + ipv4: + transit: true + route_targets: + import: + - address_family: evpn + route_targets: + - '52:52' + export: + - address_family: evpn + route_targets: + - '52:52' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + rd: 192.168.255.7:51 + evpn_multicast: true + route_targets: + import: + - address_family: evpn + route_targets: + - '51:51' + export: + - address_family: evpn + route_targets: + - '51:51' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true +router_multicast: + ipv4: + routing: true + software_forwarding: sfe + vrfs: + - name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ipv4: + routing: true + - name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ipv4: + routing: true + - name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + routing: true + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + routing: true + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + routing: true +router_pim_sparse_mode: + vrfs: + - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ipv4: + rp_addresses: + - address: 10.20.20.20 + groups: + - 232.0.0.0/21 + - address: 10.40.40.40 + - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ipv4: + rp_addresses: + - address: 10.60.60.60 + - name: TEN_E_L3_MULTICAST_TRANSIT + ipv4: + rp_addresses: + - address: 10.60.60.60 + - name: TEN_E_PEG_L3_MULTICAST_ENABLED + ipv4: + rp_addresses: + - address: 10.1.51.129 + groups: + - 232.0.104.0/21 + - 232.0.96.0/21 + - address: 10.1.52.129 + groups: + - 232.0.104.0/21 + - 232.0.96.0/21 + - address: 10.1.50.100 + groups: + - 232.0.112.0/21 + - address: 10.1.50.150 + access_lists: + - RPS_ACL_VRF_Tenant_E_2 +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: sflow_vrf + destinations: + - destination: 10.10.10.12 + port: 1234 + run: true +standard_access_lists: +- name: RPS_ACL_VRF_Tenant_E_2 + sequence_numbers: + - sequence: 10 + action: permit 232.0.136.0/21 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + ip_address: 10.255.3.7 +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + ip_address: 10.255.1.7 +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_address: 10.255.2.7 +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + ip_address: 10.255.42.7 +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_address: 10.255.41.7 +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_address: 10.255.55.7 +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + ip_address: 10.255.60.7 +- name: TEN_E_L3_MULTICAST_TRANSIT + ip_address: 10.255.52.7 +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + ip_address: 10.255.51.7 vlan_interfaces: - name: Vlan310 - tenant: Tenant_A - tags: - - test_l3 description: MULTICAST_DISABLED_310 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan311 description: MULTICAST_DISABLED_311 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: MULTICAST_DISABLED_310_311 -- name: Vlan110 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan110 description: MULTICAST_ENABLED_110 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan111 description: MULTICAST_ENABLED_111 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: MULTICAST_ENABLED_110_111 -- name: Vlan210 + ip_address_virtual: 10.1.11.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan210 description: MULTICAST_ENABLED_210 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan211 description: MULTICAST_DISABLED_211 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: MULTICAST_ENABLED_210_DISABLED_211 -- name: Vlan5 - tenant: Tenant_B + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_A tags: - test_l3 +- name: Vlan5 description: MULTICAST_DISABLED_5 shutdown: false - ip_address_virtual: 10.0.5.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan6 + ip_address_virtual: 10.0.5.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan6 description: MULTICAST_DISABLED_6 shutdown: false - ip_address_virtual: 10.0.6.1/24 vrf: MULTICAST_DISABLED_5_6 -- name: Vlan1 + ip_address_virtual: 10.0.6.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan1 description: MULTICAST_ENABLED_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan2 description: MULTICAST_ENABLED_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: MULTICAST_ENABLED_1_2 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan3 description: MULTICAST_ENABLED_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_B tags: - test_l3 +- name: Vlan4 description: MULTICAST_DISABLED_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: MULTICAST_ENABLED_3_DISABLED_4 -- name: Vlan330 - tenant: Tenant_C + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_B tags: - test_l3 +- name: Vlan330 description: L3_MULTICAST_DISABLED_330 shutdown: false - ip_address_virtual: 10.3.33.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan331 + ip_address_virtual: 10.3.33.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan331 description: L3_MULTICAST_DISABLED_331 shutdown: false - ip_address_virtual: 10.3.34.1/24 vrf: TEN_C_L3_MULTICAST_DISABLED_330_331 -- name: Vlan130 + ip_address_virtual: 10.3.34.1/24 tenant: Tenant_C tags: - test_l3 +- name: Vlan130 description: L3_MULTICAST_ENABLED_130 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_address_virtual: 10.1.13.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan131 tenant: Tenant_C tags: - test_l3 +- name: Vlan131 description: L3_MULTICAST_ENABLED_131 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_address: 10.1.14.6/24 ip_virtual_router_addresses: - 10.1.14.1 ip_igmp: true - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan136 tenant: Tenant_C + tags: + - test_l3 +- name: Vlan136 description: L3_L2_MULTICAST_ENABLED_136 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan137 tenant: Tenant_C +- name: Vlan137 description: L3_L2_MULTICAST_ENABLED_137 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 ip_igmp: true pim: ipv4: local_interface: Loopback31 - vrf: TEN_C_L3_MULTICAST_ENABLED_130_131 -- name: Vlan230 tenant: Tenant_C - tags: - - test_l3 +- name: Vlan230 description: L3_MULTICAST_ENABLED_230 shutdown: false + vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 ip_address_virtual: 10.2.23.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback32 - vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan231 tenant: Tenant_C tags: - test_l3 +- name: Vlan231 description: L3_MULTICAST_DISABLED_231 shutdown: false - ip_address_virtual: 10.2.24.1/24 vrf: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 -- name: Vlan240 - tenant: Tenant_D + ip_address_virtual: 10.2.24.1/24 + tenant: Tenant_C tags: - test_l3 +- name: Vlan240 description: L3_MULTICAST_DISABLED_240 shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan241 + ip_address_virtual: 10.1.24.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan241 description: L3_MULTICAST_DISABLED_241 shutdown: false - ip_address_virtual: 10.1.25.1/24 vrf: TEN_D_L3_MULTICAST_DISABLED_240_241 -- name: Vlan140 + ip_address_virtual: 10.1.25.1/24 tenant: Tenant_D tags: - test_l3 +- name: Vlan140 description: L3_MULTICAST_ENABLED_140 shutdown: false + vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 ip_address_virtual: 10.1.14.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback41 - vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan141 tenant: Tenant_D tags: - test_l3 +- name: Vlan141 description: L3_MULTICAST_DISABLED_141 shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 -- name: Vlan550 - tenant: Tenant_E + ip_address_virtual: 10.1.15.1/24 + tenant: Tenant_D tags: - test_l3 +- name: Vlan550 description: L3_MULTICAST_ENABLED_550 shutdown: false + vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE ip_address_virtual: 10.1.56.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback55 - vrf: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE -- name: Vlan260 tenant: Tenant_E tags: - test_l3 +- name: Vlan260 description: L3_MULTICAST_ENABLED_260 shutdown: false + vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES ip_address_virtual: 10.1.26.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback60 - vrf: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES -- name: Vlan250 tenant: Tenant_E tags: - test_l3 +- name: Vlan250 description: L3_MULTICAST_ENABLED_250 shutdown: false + vrf: TEN_E_L3_MULTICAST_TRANSIT ip_address_virtual: 10.1.15.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback52 - vrf: TEN_E_L3_MULTICAST_TRANSIT -- name: Vlan150 tenant: Tenant_E tags: - test_l3 +- name: Vlan150 description: L3_MULTICAST_ENABLED_150 shutdown: false + vrf: TEN_E_PEG_L3_MULTICAST_ENABLED ip_address_virtual: 10.1.15.1/24 ip_igmp: true pim: ipv4: local_interface: Loopback51 - vrf: TEN_E_PEG_L3_MULTICAST_ENABLED + tenant: Tenant_E + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 310 + name: MULTICAST_DISABLED_310 + tenant: Tenant_A +- id: 311 + name: MULTICAST_DISABLED_311 + tenant: Tenant_A +- id: 110 + name: MULTICAST_ENABLED_110 + tenant: Tenant_A +- id: 111 + name: MULTICAST_ENABLED_111 + tenant: Tenant_A +- id: 210 + name: MULTICAST_ENABLED_210 + tenant: Tenant_A +- id: 211 + name: MULTICAST_DISABLED_211 + tenant: Tenant_A +- id: 256 + name: MULTICAST_DISABLED_256 + tenant: Tenant_A +- id: 257 + name: MULTICAST_ENABLED_257 + tenant: Tenant_A +- id: 4092 + name: MULTICAST_ENABLED_4092 + tenant: Tenant_A +- id: 5 + name: MULTICAST_DISABLED_5 + tenant: Tenant_B +- id: 6 + name: MULTICAST_DISABLED_6 + tenant: Tenant_B +- id: 1 + name: MULTICAST_ENABLED_1 + tenant: Tenant_B +- id: 2 + name: MULTICAST_ENABLED_2 + tenant: Tenant_B +- id: 3 + name: MULTICAST_ENABLED_3 + tenant: Tenant_B +- id: 4 + name: MULTICAST_DISABLED_4 + tenant: Tenant_B +- id: 7 + name: MULTICAST_DISABLED_7 + tenant: Tenant_B +- id: 8 + name: MULTICAST_ENABLED_8 + tenant: Tenant_B +- id: 9 + name: MULTICAST_ENABLED_9 + tenant: Tenant_B +- id: 330 + name: L3_MULTICAST_DISABLED_330 + tenant: Tenant_C +- id: 331 + name: L3_MULTICAST_DISABLED_331 + tenant: Tenant_C +- id: 130 + name: L3_MULTICAST_ENABLED_130 + tenant: Tenant_C +- id: 131 + name: L3_MULTICAST_ENABLED_131 + tenant: Tenant_C +- id: 136 + name: L3_L2_MULTICAST_ENABLED_136 + tenant: Tenant_C +- id: 137 + name: L3_L2_MULTICAST_ENABLED_137 + tenant: Tenant_C +- id: 230 + name: L3_MULTICAST_ENABLED_230 + tenant: Tenant_C +- id: 231 + name: L3_MULTICAST_DISABLED_231 + tenant: Tenant_C +- id: 240 + name: L3_MULTICAST_DISABLED_240 + tenant: Tenant_D +- id: 241 + name: L3_MULTICAST_DISABLED_241 + tenant: Tenant_D +- id: 140 + name: L3_MULTICAST_ENABLED_140 + tenant: Tenant_D +- id: 141 + name: L3_MULTICAST_DISABLED_141 + tenant: Tenant_D +- id: 550 + name: L3_MULTICAST_ENABLED_550 + tenant: Tenant_E +- id: 260 + name: L3_MULTICAST_ENABLED_260 + tenant: Tenant_E +- id: 250 + name: L3_MULTICAST_ENABLED_250 + tenant: Tenant_E +- id: 150 + name: L3_MULTICAST_ENABLED_150 + tenant: Tenant_E +- id: 251 + name: MULTICAST_DISABLED_251 + tenant: Tenant_F +- id: 252 + name: MULTICAST_ENABLED_252 + tenant: Tenant_F +vrfs: +- name: MGMT + ip_routing: false +- name: MULTICAST_DISABLED_310_311 + description: MULTICAST_DISABLED_310_311 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_110_111 + description: MULTICAST_ENABLED_110_111 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_ENABLED_210_DISABLED_211 + description: MULTICAST_ENABLED_210_DISABLED_211 + ip_routing: true + tenant: Tenant_A +- name: MULTICAST_DISABLED_5_6 + description: MULTICAST_DISABLED_5_6 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_1_2 + description: MULTICAST_ENABLED_1_2 + ip_routing: true + tenant: Tenant_B +- name: MULTICAST_ENABLED_3_DISABLED_4 + description: MULTICAST_ENABLED_3_DISABLED_4 + ip_routing: true + tenant: Tenant_B +- name: TEN_C_L3_MULTICAST_DISABLED_330_331 + description: L3_MULTICAST_DISABLED_330_331 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_130_131 + description: L3_MULTICAST_ENABLED_130_131 + ip_routing: true + tenant: Tenant_C +- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 + description: L3_MULTICAST_ENABLED_230_DISABLED_231 + ip_routing: true + tenant: Tenant_C +- name: TEN_D_L3_MULTICAST_DISABLED_240_241 + description: L3_MULTICAST_DISABLED_240_241 + ip_routing: true + tenant: Tenant_D +- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 + description: L3_MULTICAST_ENABLED_140_DISABLED_141 + ip_routing: true + tenant: Tenant_D +- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE + description: L3_MULTICAST_ENABLED_PEG_OVERRIDE + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_L3_MULTICAST_TRANSIT + description: L3_MULTICAST_TRANSIT + ip_routing: true + tenant: Tenant_E +- name: TEN_E_PEG_L3_MULTICAST_ENABLED + description: PEG_L3_MULTICAST_ENABLED in Tenant E + ip_routing: true + tenant: Tenant_E vxlan_interface: vxlan1: description: EVPN-MULTICAST-L3LEAF3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 310 vni: 10310 @@ -1402,70 +1469,3 @@ vxlan_interface: - name: TEN_E_PEG_L3_MULTICAST_ENABLED vni: 51 multicast_group: 232.0.96.50 -virtual_source_nat_vrfs: -- name: TEN_C_L3_MULTICAST_DISABLED_330_331 - ip_address: 10.255.3.7 -- name: TEN_C_L3_MULTICAST_ENABLED_130_131 - ip_address: 10.255.1.7 -- name: TEN_C_L3_MULTICAST_ENABLED_230_DISABLED_231 - ip_address: 10.255.2.7 -- name: TEN_D_L3_MULTICAST_DISABLED_240_241 - ip_address: 10.255.42.7 -- name: TEN_D_L3_MULTICAST_ENABLED_140_DISABLED_141 - ip_address: 10.255.41.7 -- name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ip_address: 10.255.55.7 -- name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ip_address: 10.255.60.7 -- name: TEN_E_L3_MULTICAST_TRANSIT - ip_address: 10.255.52.7 -- name: TEN_E_PEG_L3_MULTICAST_ENABLED - ip_address: 10.255.51.7 -router_pim_sparse_mode: - vrfs: - - name: TEN_E_L3_MULTICAST_ENABLED_PEG_OVERRIDE - ipv4: - rp_addresses: - - address: 10.20.20.20 - groups: - - 232.0.0.0/21 - - address: 10.40.40.40 - - name: TEN_E_L3_MULTICAST_EVPN_PEG_RP_NODES - ipv4: - rp_addresses: - - address: 10.60.60.60 - - name: TEN_E_L3_MULTICAST_TRANSIT - ipv4: - rp_addresses: - - address: 10.60.60.60 - - name: TEN_E_PEG_L3_MULTICAST_ENABLED - ipv4: - rp_addresses: - - address: 10.1.51.129 - groups: - - 232.0.104.0/21 - - 232.0.96.0/21 - - address: 10.1.52.129 - groups: - - 232.0.104.0/21 - - 232.0.96.0/21 - - address: 10.1.50.100 - groups: - - 232.0.112.0/21 - - address: 10.1.50.150 - access_lists: - - RPS_ACL_VRF_Tenant_E_2 -standard_access_lists: -- name: RPS_ACL_VRF_Tenant_E_2 - sequence_numbers: - - sequence: 10 - action: permit 232.0.136.0/21 -sflow: - run: true - vrfs: - - name: sflow_vrf - destinations: - - destination: 10.10.10.12 - port: 1234 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-SPINE1.yml index 474b895c599..283c6e4d870 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/EVPN-MULTICAST-SPINE1.yml @@ -1,39 +1,150 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_EVPN-MULTICAST-L3LEAF1A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.0/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-L3LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_EVPN-MULTICAST-L3LEAF1B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.2/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_EVPN-MULTICAST-L3LEAF2A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.4/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-L3LEAF2A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_EVPN-MULTICAST-L3LEAF3A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.6/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-L3LEAF3A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_EVPN-MULTICAST-L3LEAF3B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.8/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-L3LEAF3B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_EVPN-MULTICAST-DISABLED_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.10/31 + pim: + ipv4: + sparse_mode: true + peer: EVPN-MULTICAST-DISABLED + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: EVPN-MULTICAST-SPINE1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -67,175 +178,64 @@ router_bgp: description: EVPN-MULTICAST-DISABLED_Ethernet1 - ip_address: 192.168.255.8 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' peer: EVPN-MULTICAST-DISABLED description: EVPN-MULTICAST-DISABLED_Loopback0 - remote_as: '65106' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: EVPN-MULTICAST-L3LEAF1A description: EVPN-MULTICAST-L3LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: EVPN-MULTICAST-L3LEAF1B description: EVPN-MULTICAST-L3LEAF1B_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: EVPN-MULTICAST-L3LEAF2A description: EVPN-MULTICAST-L3LEAF2A_Loopback0 - remote_as: '65103' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: EVPN-MULTICAST-L3LEAF3A description: EVPN-MULTICAST-L3LEAF3A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.7 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' peer: EVPN-MULTICAST-L3LEAF3B description: EVPN-MULTICAST-L3LEAF3B_Loopback0 - remote_as: '65105' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +router_multicast: + ipv4: + routing: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: EVPN-MULTICAST-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_EVPN-MULTICAST-L3LEAF1A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.0/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet2 - peer: EVPN-MULTICAST-L3LEAF1B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_EVPN-MULTICAST-L3LEAF1B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.2/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet3 - peer: EVPN-MULTICAST-L3LEAF2A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_EVPN-MULTICAST-L3LEAF2A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.4/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet4 - peer: EVPN-MULTICAST-L3LEAF3A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_EVPN-MULTICAST-L3LEAF3A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.6/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet5 - peer: EVPN-MULTICAST-L3LEAF3B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_EVPN-MULTICAST-L3LEAF3B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.8/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet6 - peer: EVPN-MULTICAST-DISABLED - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_EVPN-MULTICAST-DISABLED_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.10/31 - pim: - ipv4: - sparse_mode: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L2LEAF1A.yml index 30f2905ef76..e928261462c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L2LEAF1A.yml @@ -1,55 +1,54 @@ -hostname: IGMP-QUERIER-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: IGMP-QUERIER-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf description: L2_IGMP-QUERIER-L3LEAF1A_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: IGMP-QUERIER-L3LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf +hostname: IGMP-QUERIER-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 port_channel_interfaces: - name: Port-Channel1 description: L2_IGMP-QUERIER-L3LEAF1A_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-3,11-12,21-23,101-103,111-113,121-123 - shutdown: false +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 1 name: VLAN_1 @@ -102,5 +101,6 @@ vlans: - id: 123 name: VLAN_123 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L3LEAF1A.yml index a48072a3f94..6c89e227f9d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/IGMP-QUERIER-L3LEAF1A.yml @@ -1,88 +1,176 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_IGMP-QUERIER-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: IGMP-QUERIER-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf hostname: IGMP-QUERIER-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 1 + querier: + enabled: true + address: 192.168.255.1 + - id: 2 + querier: + enabled: true + address: 192.168.255.1 + version: 3 + - id: 3 + querier: + enabled: false + - id: 101 + querier: + enabled: true + address: 192.168.255.1 + - id: 102 + querier: + enabled: true + address: 192.168.255.1 + version: 3 + - id: 103 + querier: + enabled: false + - id: 11 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 12 + querier: + enabled: true + address: 1.1.1.1 + version: 2 + - id: 111 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 112 + querier: + enabled: true + address: 1.1.1.1 + version: 2 + - id: 113 + querier: + enabled: false + - id: 21 + querier: + enabled: true + address: 192.168.255.1 + - id: 22 + querier: + enabled: true + address: 1.1.1.1 + version: 3 + - id: 23 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 121 + querier: + enabled: true + address: 2.2.2.2 + version: 1 + - id: 122 + querier: + enabled: true + address: 192.168.255.1 + - id: 123 + querier: + enabled: false +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel1 + description: L2_IGMP-QUERIER-L2LEAF1A_Port-Channel1 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-3,11-12,21-23,101-103,111-113,121-123 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: IGMP_QUERIER_TEST_1 - rd: 192.168.255.1:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true - - name: IGMP_QUERIER_TEST_2 - rd: 192.168.255.1:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true - - name: IGMP_QUERIER_TEST_3 - rd: 192.168.255.1:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -220,97 +308,138 @@ router_bgp: - 40123:40123 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: IGMP_QUERIER_TEST_1 - tenant: Tenant_A - ip_routing: true - description: IGMP_QUERIER_TEST_1 -- name: IGMP_QUERIER_TEST_2 - tenant: Tenant_B - ip_routing: true - description: IGMP_QUERIER_TEST_2 -- name: IGMP_QUERIER_TEST_3 - tenant: Tenant_D - ip_routing: true - description: IGMP_QUERIER_TEST_3 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: IGMP_QUERIER_TEST_1 + rd: 192.168.255.1:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true + - name: IGMP_QUERIER_TEST_2 + rd: 192.168.255.1:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true + - name: IGMP_QUERIER_TEST_3 + rd: 192.168.255.1:41 + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: IGMP-QUERIER-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_IGMP-QUERIER-L2LEAF1A_Ethernet1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan1 + description: VLAN_1 shutdown: false - channel_group: - id: 1 - mode: active -port_channel_interfaces: -- name: Port-Channel1 - description: L2_IGMP-QUERIER-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-3,11-12,21-23,101-103,111-113,121-123 + vrf: IGMP_QUERIER_TEST_1 + ip_address_virtual: 10.0.1.1/24 + tenant: Tenant_A + tags: + - test_l3 +- name: Vlan2 + description: VLAN_2 shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: IGMP_QUERIER_TEST_1 + ip_address_virtual: 10.0.2.1/24 + tenant: Tenant_A + tags: + - test_l3 +- name: Vlan3 + description: VLAN_3 shutdown: false - ip_address: 192.168.255.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: IGMP_QUERIER_TEST_1 + ip_address_virtual: 10.0.3.1/24 + tenant: Tenant_A + tags: + - test_l3 +- name: Vlan11 + description: VLAN_11 shutdown: false - ip_address: 192.168.254.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + vrf: IGMP_QUERIER_TEST_2 + ip_address_virtual: 10.0.11.1/24 + tenant: Tenant_B + tags: + - test_l3 +- name: Vlan12 + description: VLAN_12 + shutdown: false + vrf: IGMP_QUERIER_TEST_2 + ip_address_virtual: 10.0.12.1/24 + tenant: Tenant_B + tags: + - test_l3 +- name: Vlan21 + description: VLAN_21 + shutdown: false + vrf: IGMP_QUERIER_TEST_3 + ip_address_virtual: 10.0.21.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan22 + description: VLAN_22 + shutdown: false + vrf: IGMP_QUERIER_TEST_3 + ip_address_virtual: 10.0.22.1/24 + tenant: Tenant_D + tags: + - test_l3 +- name: Vlan23 + description: VLAN_23 + shutdown: false + vrf: IGMP_QUERIER_TEST_3 + ip_address_virtual: 10.0.23.1/24 + tenant: Tenant_D + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 1 name: VLAN_1 @@ -363,154 +492,27 @@ vlans: - id: 123 name: VLAN_123 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 1 - querier: - enabled: true - address: 192.168.255.1 - - id: 2 - querier: - enabled: true - address: 192.168.255.1 - version: 3 - - id: 3 - querier: - enabled: false - - id: 101 - querier: - enabled: true - address: 192.168.255.1 - - id: 102 - querier: - enabled: true - address: 192.168.255.1 - version: 3 - - id: 103 - querier: - enabled: false - - id: 11 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 12 - querier: - enabled: true - address: 1.1.1.1 - version: 2 - - id: 111 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 112 - querier: - enabled: true - address: 1.1.1.1 - version: 2 - - id: 113 - querier: - enabled: false - - id: 21 - querier: - enabled: true - address: 192.168.255.1 - - id: 22 - querier: - enabled: true - address: 1.1.1.1 - version: 3 - - id: 23 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 121 - querier: - enabled: true - address: 2.2.2.2 - version: 1 - - id: 122 - querier: - enabled: true - address: 192.168.255.1 - - id: 123 - querier: - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 - description: VLAN_1 - shutdown: false - ip_address_virtual: 10.0.1.1/24 - vrf: IGMP_QUERIER_TEST_1 -- name: Vlan2 - tenant: Tenant_A - tags: - - test_l3 - description: VLAN_2 - shutdown: false - ip_address_virtual: 10.0.2.1/24 - vrf: IGMP_QUERIER_TEST_1 -- name: Vlan3 +vrfs: +- name: MGMT + ip_routing: false +- name: IGMP_QUERIER_TEST_1 + description: IGMP_QUERIER_TEST_1 + ip_routing: true tenant: Tenant_A - tags: - - test_l3 - description: VLAN_3 - shutdown: false - ip_address_virtual: 10.0.3.1/24 - vrf: IGMP_QUERIER_TEST_1 -- name: Vlan11 - tenant: Tenant_B - tags: - - test_l3 - description: VLAN_11 - shutdown: false - ip_address_virtual: 10.0.11.1/24 - vrf: IGMP_QUERIER_TEST_2 -- name: Vlan12 +- name: IGMP_QUERIER_TEST_2 + description: IGMP_QUERIER_TEST_2 + ip_routing: true tenant: Tenant_B - tags: - - test_l3 - description: VLAN_12 - shutdown: false - ip_address_virtual: 10.0.12.1/24 - vrf: IGMP_QUERIER_TEST_2 -- name: Vlan21 - tenant: Tenant_D - tags: - - test_l3 - description: VLAN_21 - shutdown: false - ip_address_virtual: 10.0.21.1/24 - vrf: IGMP_QUERIER_TEST_3 -- name: Vlan22 - tenant: Tenant_D - tags: - - test_l3 - description: VLAN_22 - shutdown: false - ip_address_virtual: 10.0.22.1/24 - vrf: IGMP_QUERIER_TEST_3 -- name: Vlan23 +- name: IGMP_QUERIER_TEST_3 + description: IGMP_QUERIER_TEST_3 + ip_routing: true tenant: Tenant_D - tags: - - test_l3 - description: VLAN_23 - shutdown: false - ip_address_virtual: 10.0.23.1/24 - vrf: IGMP_QUERIER_TEST_3 vxlan_interface: vxlan1: description: IGMP-QUERIER-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 10001 @@ -553,5 +555,3 @@ vxlan_interface: vni: 21 - name: IGMP_QUERIER_TEST_3 vni: 41 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-L2LEAF1A.yml index 8ca90979f48..e1dbf665fbd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: MH-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,35 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: MH-LEAF2A_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: MH-LEAF2A + peer_interface: Ethernet2 + peer_type: l3leaf +- name: Ethernet10 + description: server02_Eth1 + shutdown: false + link_tracking_groups: + - name: l2leaf-server02 + direction: downstream + peer: server02 + peer_interface: Eth1 + peer_type: server + switchport: + enabled: true +hostname: MH-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,11 +46,10 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true +link_tracking_groups: +- name: l2leaf-server02 + recovery_delay: 300 local_users: - name: admin disabled: true @@ -54,76 +64,66 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.201.201/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -link_tracking_groups: -- name: l2leaf-server02 - recovery_delay: 300 + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS MH-L2LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: MH-LEAF2A - peer_interface: Ethernet2 - peer_type: l3leaf - description: MH-LEAF2A_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet10 - peer: server02 - peer_interface: Eth1 - peer_type: server - description: server02_Eth1 - shutdown: false - switchport: - enabled: true - link_tracking_groups: - - name: l2leaf-server02 - direction: downstream port_channel_interfaces: - name: Port-Channel1 description: MH-LEAF2A_Po2 + shutdown: false + link_tracking_groups: + - name: l2leaf-server02 + direction: upstream switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' - shutdown: false - link_tracking_groups: - - name: l2leaf-server02 - direction: upstream +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS MH-L2LEAF1A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 310 name: Tenant_X_OP_Zone_1 tenant: Tenant_X -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1A.yml index c48f58e3677..9c8ceb0865b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1A.yml @@ -1,91 +1,6 @@ -hostname: MH-LEAF1A -is_deployed: true -router_bgp: - as: '65151' - router_id: 192.168.255.33 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.10.101.0 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet19 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_X_OP_Zone - rd: 192.168.255.33:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.33 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: Tenant_X_OP_Zone - rd: 192.168.255.33:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '310' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -93,280 +8,245 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_X_OP_Zone - tenant: Tenant_X - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -link_tracking_groups: -- name: LT_GROUP1 - recovery_delay: 300 -lacp: - port_id: - range: - begin: 1 - end: 128 -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS MH-LEAF1A ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet19 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet19 shutdown: false mtu: 1500 - switchport: - enabled: false link_tracking_groups: - name: LT_GROUP1 direction: upstream ip_address: 10.10.101.1/31 + peer: DC1-SPINE1 + peer_interface: Ethernet19 + peer_type: spine + switchport: + enabled: false - name: Ethernet10 - peer: server01_ES1 - peer_interface: Eth1 - peer_type: server - port_profile: Tenant_X description: server01_ES1_Eth1 shutdown: false channel_group: id: 10 mode: active -- name: Ethernet12 - peer: server03_AUTO_ESI + peer: server01_ES1 peer_interface: Eth1 peer_type: server port_profile: Tenant_X +- name: Ethernet12 description: server03_AUTO_ESI_Eth1 shutdown: false channel_group: id: 12 mode: active -- name: Ethernet13 - peer: server04_AUTO_ESI_Profile + peer: server03_AUTO_ESI peer_interface: Eth1 peer_type: server - port_profile: Tenant_ESI_Auto + port_profile: Tenant_X +- name: Ethernet13 description: server04_AUTO_ESI_Profile_Eth1 shutdown: false channel_group: id: 13 mode: active -- name: Ethernet14 - peer: server05_AUTO_ESI_Profile_Override + peer: server04_AUTO_ESI_Profile peer_interface: Eth1 peer_type: server port_profile: Tenant_ESI_Auto +- name: Ethernet14 description: server05_AUTO_ESI_Profile_Override_Eth1 shutdown: false channel_group: id: 14 mode: active -- name: Ethernet15 - peer: server06_Single_Active_Port_Channel + peer: server05_AUTO_ESI_Profile_Override peer_interface: Eth1 peer_type: server - port_profile: Tenant_X_Trunk_Auto + port_profile: Tenant_ESI_Auto +- name: Ethernet15 description: server06_Single_Active_Port_Channel_Eth1 shutdown: false channel_group: id: 15 mode: active -- name: Ethernet16 - peer: server07_Single_Active_Port_Channel_Manual_DF + peer: server06_Single_Active_Port_Channel peer_interface: Eth1 peer_type: server - port_profile: Tenant_X_Trunk + port_profile: Tenant_X_Trunk_Auto +- name: Ethernet16 description: server07_Single_Active_Port_Channel_Manual_DF_Eth1 shutdown: false channel_group: id: 16 mode: active -- name: Ethernet17 - peer: server08_Single_Active_Ethernet + peer: server07_Single_Active_Port_Channel_Manual_DF peer_interface: Eth1 peer_type: server - port_profile: Tenant_X_Trunk_Auto_Eth + port_profile: Tenant_X_Trunk +- name: Ethernet17 description: server08_Single_Active_Ethernet_Eth1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:213f:36b8:ff71 redundancy: single-active - route_target: 21:3f:36:b8:ff:71 designated_forwarder_election: algorithm: preference preference_value: 100 -- name: Ethernet18 - peer: server09_All_Active_Ethernet + route_target: 21:3f:36:b8:ff:71 + peer: server08_Single_Active_Ethernet peer_interface: Eth1 peer_type: server - port_profile: Tenant_X_Trunk - description: server09_All_Active_Ethernet_Eth1 - shutdown: false + port_profile: Tenant_X_Trunk_Auto_Eth switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Ethernet18 + description: server09_All_Active_Ethernet_Eth1 + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:00dd:00dd:00dd redundancy: all-active - route_target: 00:dd:00:dd:00:dd designated_forwarder_election: algorithm: modulus -- name: Ethernet19 - peer: server10_Single_Active_Ethernet_Manual_DF + route_target: 00:dd:00:dd:00:dd + peer: server09_All_Active_Ethernet peer_interface: Eth1 peer_type: server port_profile: Tenant_X_Trunk - description: server10_Single_Active_Ethernet_Manual_DF_Eth1 - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Ethernet19 + description: server10_Single_Active_Ethernet_Manual_DF_Eth1 + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:885b:86cc:8bac redundancy: single-active - route_target: 88:5b:86:cc:8b:ac designated_forwarder_election: algorithm: preference preference_value: 500 -- name: Ethernet20 - peer: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt + route_target: 88:5b:86:cc:8b:ac + peer: server10_Single_Active_Ethernet_Manual_DF peer_interface: Eth1 peer_type: server port_profile: Tenant_X_Trunk + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' +- name: Ethernet20 description: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_Eth1 shutdown: false channel_group: id: 20 mode: active -- name: Ethernet21 - peer: server12_Single_Active_Ethernet_Manual_DF_Dont_Preempt + peer: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt peer_interface: Eth1 peer_type: server port_profile: Tenant_X_Trunk +- name: Ethernet21 description: server12_Single_Active_Ethernet_Manual_DF_Dont_Preempt_Eth1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:5d0b:68d3:6ff9 redundancy: single-active - route_target: 5d:0b:68:d3:6f:f9 designated_forwarder_election: algorithm: preference preference_value: 500 dont_preempt: true -- name: Ethernet22 - peer: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus + route_target: 5d:0b:68:d3:6f:f9 + peer: server12_Single_Active_Ethernet_Manual_DF_Dont_Preempt peer_interface: Eth1 peer_type: server port_profile: Tenant_X_Trunk + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' +- name: Ethernet22 description: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus_Eth1 shutdown: false channel_group: id: 22 mode: active -- name: Ethernet23 - peer: server14_Single_Active_Ethernet_Manual_DF_Dont_Preempt_modulus + peer: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus peer_interface: Eth1 peer_type: server port_profile: Tenant_X_Trunk +- name: Ethernet23 description: server14_Single_Active_Ethernet_Manual_DF_Dont_Preempt_modulus_Eth1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:262b:7df9:c98b redundancy: single-active - route_target: 26:2b:7d:f9:c9:8b designated_forwarder_election: algorithm: modulus -- name: Ethernet11 - peer: ROUTER02_WITH_SUBIF + route_target: 26:2b:7d:f9:c9:8b + peer: server14_Single_Active_Ethernet_Manual_DF_Dont_Preempt_modulus peer_interface: Eth1 - peer_type: router + peer_type: server + port_profile: Tenant_X_Trunk + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' +- name: Ethernet11 description: ROUTER02_WITH_SUBIF_Eth1 shutdown: false channel_group: id: 11 mode: active + peer: ROUTER02_WITH_SUBIF + peer_interface: Eth1 + peer_type: router +hostname: MH-LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +lacp: + port_id: + range: + begin: 1 + end: 128 +link_tracking_groups: +- name: LT_GROUP1 + recovery_delay: 300 +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -377,62 +257,36 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.33/32 - name: Loopback100 - description: Tenant_X_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_X_OP_Zone - ip_address: 10.255.1.33/32 - ipv6_address: 2001:db8:1::1/128 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 310 - name: Tenant_X_OP_Zone_1 - tenant: Tenant_X -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 -vlan_interfaces: -- name: Vlan310 - tenant: Tenant_X - tags: - - opzone - description: Tenant_X_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_X_OP_Zone -vxlan_interface: - vxlan1: - description: MH-LEAF1A_VTEP - vxlan: - udp_port: 4789 - source_interface: Loopback1 - vlans: - - id: 310 - vni: 11310 - vrfs: - - name: Tenant_X_OP_Zone - vni: 20 -virtual_source_nat_vrfs: -- name: Tenant_X_OP_Zone - ip_address: 10.255.1.33 - ipv6_address: 2001:db8:1::1 + description: Tenant_X_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_X_OP_Zone + ip_address: 10.255.1.33/32 + ipv6_address: 2001:db8:1::1/128 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT port_channel_interfaces: - name: Port-Channel10 description: server01_ES1_PortChanne1 @@ -440,168 +294,314 @@ port_channel_interfaces: link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:0001:1010:1010 route_target: 00:01:10:10:10:10 lacp_id: 0001.1010.1010 + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel12 description: server03_AUTO_ESI_Auto-ESI PortChannel shutdown: false link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:fc87:ae24:2cb3 route_target: fc:87:ae:24:2c:b3 lacp_id: fc87.ae24.2cb3 + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel13 description: server04_AUTO_ESI_Profile_Auto-ESI PortChannel from profile shutdown: false link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:29cc:4043:0a29 route_target: 29:cc:40:43:0a:29 lacp_id: 29cc.4043.0a29 + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel14 description: server05_AUTO_ESI_Profile_Override_Auto-ESI PortChannel overridden on server shutdown: false link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:010a:010a:010a route_target: 01:0a:01:0a:01:0a lacp_id: 010a.010a.010a + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel15 description: server06_Single_Active_Port_Channel_Single-Active ESI shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:2873:c14b:64ec redundancy: single-active - route_target: 28:73:c1:4b:64:ec designated_forwarder_election: algorithm: preference preference_value: 100 + route_target: 28:73:c1:4b:64:ec lacp_id: 2873.c14b.64ec -- name: Port-Channel16 - description: server07_Single_Active_Port_Channel_Manual_DF_Single-Active ESI with Manual DF - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Port-Channel16 + description: server07_Single_Active_Port_Channel_Manual_DF_Single-Active ESI with Manual DF + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:ec11:73f8:7361 redundancy: single-active - route_target: ec:11:73:f8:73:61 designated_forwarder_election: algorithm: preference preference_value: 250 + route_target: ec:11:73:f8:73:61 lacp_id: ec11.73f8.7361 -- name: Port-Channel20 - description: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_Single-Active ESI with Manual DF - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Port-Channel20 + description: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_Single-Active ESI with Manual DF + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:47cb:834e:c0c7 redundancy: single-active - route_target: 47:cb:83:4e:c0:c7 designated_forwarder_election: algorithm: preference preference_value: 100 dont_preempt: true + route_target: 47:cb:83:4e:c0:c7 lacp_id: 47cb.834e.c0c7 -- name: Port-Channel22 - description: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus_Single-Active ESI with Manual DF - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Port-Channel22 + description: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus_Single-Active ESI with Manual DF + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:d716:1795:361e redundancy: single-active - route_target: d7:16:17:95:36:1e designated_forwarder_election: algorithm: modulus + route_target: d7:16:17:95:36:1e lacp_id: d716.1795.361e + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' - name: Port-Channel11 description: ROUTER02_WITH_SUBIF_Testing L2 subinterfaces shutdown: false switchport: enabled: false - name: Port-Channel11.101 - vlan_id: 101 encapsulation_vlan: client: encapsulation: dot1q vlan: 101 network: encapsulation: client + vlan_id: 101 evpn_ethernet_segment: identifier: 0000:0000:0000:0000:0101 route_target: 00:00:00:00:01:01 - name: Port-Channel11.102 - vlan_id: 1102 encapsulation_vlan: client: encapsulation: dot1q vlan: 2102 network: encapsulation: client + vlan_id: 1102 evpn_ethernet_segment: identifier: 0000:0000:0000:0000:0102 route_target: 00:00:00:00:01:02 - name: Port-Channel11.103 - vlan_id: 1103 encapsulation_vlan: client: encapsulation: dot1q vlan: 2103 network: encapsulation: client + vlan_id: 1103 evpn_ethernet_segment: identifier: 0000:0000:c2c9:c85a:ed92 route_target: c2:c9:c8:5a:ed:92 - name: Port-Channel11.104 - vlan_id: 1104 encapsulation_vlan: client: encapsulation: dot1q vlan: 2104 network: encapsulation: client + vlan_id: 1104 evpn_ethernet_segment: identifier: 0000:0000:5c8e:1f50:9fc4 route_target: 5c:8e:1f:50:9f:c4 -metadata: - platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65151' + router_id: 192.168.255.33 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.10.101.0 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet19 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_X_OP_Zone + rd: 192.168.255.33:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: '310' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_X_OP_Zone + rd: 192.168.255.33:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.33 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS MH-LEAF1A +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_X_OP_Zone + ip_address: 10.255.1.33 + ipv6_address: 2001:db8:1::1 +vlan_interfaces: +- name: Vlan310 + description: Tenant_X_OP_Zone_1 + shutdown: false + vrf: Tenant_X_OP_Zone + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_X + tags: + - opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 310 + name: Tenant_X_OP_Zone_1 + tenant: Tenant_X +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_X_OP_Zone + ip_routing: true + tenant: Tenant_X +vxlan_interface: + vxlan1: + description: MH-LEAF1A_VTEP + vxlan: + source_interface: Loopback1 + udp_port: 4789 + vlans: + - id: 310 + vni: 11310 + vrfs: + - name: Tenant_X_OP_Zone + vni: 20 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1B.yml index 206791a959b..b16e538e8aa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF1B.yml @@ -1,91 +1,6 @@ -hostname: MH-LEAF1B -is_deployed: true -router_bgp: - as: '65152' - router_id: 192.168.255.34 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.10.101.2 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet20 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: Tenant_X_OP_Zone - rd: 192.168.255.34:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.34 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: Tenant_X_OP_Zone - rd: 192.168.255.34:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '310' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -93,280 +8,245 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_X_OP_Zone - tenant: Tenant_X - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -link_tracking_groups: -- name: LT_GROUP1 - recovery_delay: 300 -lacp: - port_id: - range: - begin: 129 - end: 256 -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS MH-LEAF1B ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet20 - peer_type: spine description: P2P_LINK_TO_DC1-SPINE1_Ethernet20 shutdown: false mtu: 1500 - switchport: - enabled: false link_tracking_groups: - name: LT_GROUP1 direction: upstream ip_address: 10.10.101.3/31 + peer: DC1-SPINE1 + peer_interface: Ethernet20 + peer_type: spine + switchport: + enabled: false - name: Ethernet10 - peer: server01_ES1 - peer_interface: Eth2 - peer_type: server - port_profile: Tenant_X description: server01_ES1_Eth2 shutdown: false channel_group: id: 10 mode: active -- name: Ethernet12 - peer: server03_AUTO_ESI + peer: server01_ES1 peer_interface: Eth2 peer_type: server port_profile: Tenant_X +- name: Ethernet12 description: server03_AUTO_ESI_Eth2 shutdown: false channel_group: id: 12 mode: active -- name: Ethernet13 - peer: server04_AUTO_ESI_Profile + peer: server03_AUTO_ESI peer_interface: Eth2 peer_type: server - port_profile: Tenant_ESI_Auto + port_profile: Tenant_X +- name: Ethernet13 description: server04_AUTO_ESI_Profile_Eth2 shutdown: false channel_group: id: 13 mode: active -- name: Ethernet14 - peer: server05_AUTO_ESI_Profile_Override + peer: server04_AUTO_ESI_Profile peer_interface: Eth2 peer_type: server port_profile: Tenant_ESI_Auto +- name: Ethernet14 description: server05_AUTO_ESI_Profile_Override_Eth2 shutdown: false channel_group: id: 14 mode: active -- name: Ethernet15 - peer: server06_Single_Active_Port_Channel + peer: server05_AUTO_ESI_Profile_Override peer_interface: Eth2 peer_type: server - port_profile: Tenant_X_Trunk_Auto + port_profile: Tenant_ESI_Auto +- name: Ethernet15 description: server06_Single_Active_Port_Channel_Eth2 shutdown: false channel_group: id: 15 mode: active -- name: Ethernet16 - peer: server07_Single_Active_Port_Channel_Manual_DF + peer: server06_Single_Active_Port_Channel peer_interface: Eth2 peer_type: server - port_profile: Tenant_X_Trunk + port_profile: Tenant_X_Trunk_Auto +- name: Ethernet16 description: server07_Single_Active_Port_Channel_Manual_DF_Eth2 shutdown: false channel_group: id: 16 mode: active -- name: Ethernet17 - peer: server08_Single_Active_Ethernet + peer: server07_Single_Active_Port_Channel_Manual_DF peer_interface: Eth2 peer_type: server - port_profile: Tenant_X_Trunk_Auto_Eth + port_profile: Tenant_X_Trunk +- name: Ethernet17 description: server08_Single_Active_Ethernet_Eth2 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:213f:36b8:ff71 redundancy: single-active - route_target: 21:3f:36:b8:ff:71 designated_forwarder_election: algorithm: preference preference_value: 0 -- name: Ethernet18 - peer: server09_All_Active_Ethernet + route_target: 21:3f:36:b8:ff:71 + peer: server08_Single_Active_Ethernet peer_interface: Eth2 peer_type: server - port_profile: Tenant_X_Trunk - description: server09_All_Active_Ethernet_Eth2 - shutdown: false + port_profile: Tenant_X_Trunk_Auto_Eth switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Ethernet18 + description: server09_All_Active_Ethernet_Eth2 + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:00dd:00dd:00dd redundancy: all-active - route_target: 00:dd:00:dd:00:dd designated_forwarder_election: algorithm: modulus -- name: Ethernet19 - peer: server10_Single_Active_Ethernet_Manual_DF + route_target: 00:dd:00:dd:00:dd + peer: server09_All_Active_Ethernet peer_interface: Eth2 peer_type: server port_profile: Tenant_X_Trunk - description: server10_Single_Active_Ethernet_Manual_DF_Eth2 - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Ethernet19 + description: server10_Single_Active_Ethernet_Manual_DF_Eth2 + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:885b:86cc:8bac redundancy: single-active - route_target: 88:5b:86:cc:8b:ac designated_forwarder_election: algorithm: preference preference_value: 250 -- name: Ethernet20 - peer: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt + route_target: 88:5b:86:cc:8b:ac + peer: server10_Single_Active_Ethernet_Manual_DF peer_interface: Eth2 peer_type: server port_profile: Tenant_X_Trunk + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' +- name: Ethernet20 description: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_Eth2 shutdown: false channel_group: id: 20 mode: active -- name: Ethernet21 - peer: server12_Single_Active_Ethernet_Manual_DF_Dont_Preempt + peer: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt peer_interface: Eth2 peer_type: server port_profile: Tenant_X_Trunk +- name: Ethernet21 description: server12_Single_Active_Ethernet_Manual_DF_Dont_Preempt_Eth2 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:5d0b:68d3:6ff9 redundancy: single-active - route_target: 5d:0b:68:d3:6f:f9 designated_forwarder_election: algorithm: preference preference_value: 250 dont_preempt: true -- name: Ethernet22 - peer: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus + route_target: 5d:0b:68:d3:6f:f9 + peer: server12_Single_Active_Ethernet_Manual_DF_Dont_Preempt peer_interface: Eth2 peer_type: server port_profile: Tenant_X_Trunk + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' +- name: Ethernet22 description: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus_Eth2 shutdown: false channel_group: id: 22 mode: active -- name: Ethernet23 - peer: server14_Single_Active_Ethernet_Manual_DF_Dont_Preempt_modulus + peer: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus peer_interface: Eth2 peer_type: server port_profile: Tenant_X_Trunk +- name: Ethernet23 description: server14_Single_Active_Ethernet_Manual_DF_Dont_Preempt_modulus_Eth2 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:262b:7df9:c98b redundancy: single-active - route_target: 26:2b:7d:f9:c9:8b designated_forwarder_election: algorithm: modulus -- name: Ethernet11 - peer: ROUTER02_WITH_SUBIF + route_target: 26:2b:7d:f9:c9:8b + peer: server14_Single_Active_Ethernet_Manual_DF_Dont_Preempt_modulus peer_interface: Eth2 - peer_type: router + peer_type: server + port_profile: Tenant_X_Trunk + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' +- name: Ethernet11 description: ROUTER02_WITH_SUBIF_Eth2 shutdown: false channel_group: id: 11 mode: active + peer: ROUTER02_WITH_SUBIF + peer_interface: Eth2 + peer_type: router +hostname: MH-LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +lacp: + port_id: + range: + begin: 129 + end: 256 +link_tracking_groups: +- name: LT_GROUP1 + recovery_delay: 300 +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -377,62 +257,36 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.34/32 - name: Loopback100 - description: Tenant_X_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_X_OP_Zone - ip_address: 10.255.1.34/32 - ipv6_address: 2001:db8:1::2/128 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 310 - name: Tenant_X_OP_Zone_1 - tenant: Tenant_X -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 -vlan_interfaces: -- name: Vlan310 - tenant: Tenant_X - tags: - - opzone - description: Tenant_X_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_X_OP_Zone -vxlan_interface: - vxlan1: - description: MH-LEAF1B_VTEP - vxlan: - udp_port: 4789 - source_interface: Loopback1 - vlans: - - id: 310 - vni: 11310 - vrfs: - - name: Tenant_X_OP_Zone - vni: 20 -virtual_source_nat_vrfs: -- name: Tenant_X_OP_Zone - ip_address: 10.255.1.34 - ipv6_address: 2001:db8:1::2 + description: Tenant_X_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_X_OP_Zone + ip_address: 10.255.1.34/32 + ipv6_address: 2001:db8:1::2/128 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT port_channel_interfaces: - name: Port-Channel10 description: server01_ES1_PortChanne1 @@ -440,168 +294,314 @@ port_channel_interfaces: link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:0001:1010:1010 route_target: 00:01:10:10:10:10 lacp_id: 0001.1010.1010 + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel12 description: server03_AUTO_ESI_Auto-ESI PortChannel shutdown: false link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:fc87:ae24:2cb3 route_target: fc:87:ae:24:2c:b3 lacp_id: fc87.ae24.2cb3 + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel13 description: server04_AUTO_ESI_Profile_Auto-ESI PortChannel from profile shutdown: false link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:29cc:4043:0a29 route_target: 29:cc:40:43:0a:29 lacp_id: 29cc.4043.0a29 + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel14 description: server05_AUTO_ESI_Profile_Override_Auto-ESI PortChannel overridden on server shutdown: false link_tracking_groups: - name: LT_GROUP1 direction: downstream - switchport: - enabled: true - mode: access - access_vlan: 310 evpn_ethernet_segment: identifier: 0000:0000:010a:010a:010a route_target: 01:0a:01:0a:01:0a lacp_id: 010a.010a.010a + switchport: + enabled: true + mode: access + access_vlan: 310 - name: Port-Channel15 description: server06_Single_Active_Port_Channel_Single-Active ESI shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '310' evpn_ethernet_segment: identifier: 0000:0000:2873:c14b:64ec redundancy: single-active - route_target: 28:73:c1:4b:64:ec designated_forwarder_election: algorithm: preference preference_value: 0 + route_target: 28:73:c1:4b:64:ec lacp_id: 2873.c14b.64ec -- name: Port-Channel16 - description: server07_Single_Active_Port_Channel_Manual_DF_Single-Active ESI with Manual DF - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Port-Channel16 + description: server07_Single_Active_Port_Channel_Manual_DF_Single-Active ESI with Manual DF + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:ec11:73f8:7361 redundancy: single-active - route_target: ec:11:73:f8:73:61 designated_forwarder_election: algorithm: preference preference_value: 200 + route_target: ec:11:73:f8:73:61 lacp_id: ec11.73f8.7361 -- name: Port-Channel20 - description: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_Single-Active ESI with Manual DF - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Port-Channel20 + description: server11_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_Single-Active ESI with Manual DF + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:47cb:834e:c0c7 redundancy: single-active - route_target: 47:cb:83:4e:c0:c7 designated_forwarder_election: algorithm: preference preference_value: 0 dont_preempt: true + route_target: 47:cb:83:4e:c0:c7 lacp_id: 47cb.834e.c0c7 -- name: Port-Channel22 - description: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus_Single-Active ESI with Manual DF - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' +- name: Port-Channel22 + description: server13_Single_Active_Port_Channel_Manual_DF_Dont_Preempt_modulus_Single-Active ESI with Manual DF + shutdown: false evpn_ethernet_segment: identifier: 0000:0000:d716:1795:361e redundancy: single-active - route_target: d7:16:17:95:36:1e designated_forwarder_election: algorithm: modulus + route_target: d7:16:17:95:36:1e lacp_id: d716.1795.361e + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '310' - name: Port-Channel11 description: ROUTER02_WITH_SUBIF_Testing L2 subinterfaces shutdown: false switchport: enabled: false - name: Port-Channel11.101 - vlan_id: 101 encapsulation_vlan: client: encapsulation: dot1q vlan: 101 network: encapsulation: client + vlan_id: 101 evpn_ethernet_segment: identifier: 0000:0000:0000:0000:0101 route_target: 00:00:00:00:01:01 - name: Port-Channel11.102 - vlan_id: 1102 encapsulation_vlan: client: encapsulation: dot1q vlan: 2102 network: encapsulation: client + vlan_id: 1102 evpn_ethernet_segment: identifier: 0000:0000:0000:0000:0102 route_target: 00:00:00:00:01:02 - name: Port-Channel11.103 - vlan_id: 1103 encapsulation_vlan: client: encapsulation: dot1q vlan: 2103 network: encapsulation: client + vlan_id: 1103 evpn_ethernet_segment: identifier: 0000:0000:c2c9:c85a:ed92 route_target: c2:c9:c8:5a:ed:92 - name: Port-Channel11.104 - vlan_id: 1104 encapsulation_vlan: client: encapsulation: dot1q vlan: 2104 network: encapsulation: client + vlan_id: 1104 evpn_ethernet_segment: identifier: 0000:0000:5c8e:1f50:9fc4 route_target: 5c:8e:1f:50:9f:c4 -metadata: - platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65152' + router_id: 192.168.255.34 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.10.101.2 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet20 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_X_OP_Zone + rd: 192.168.255.34:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: '310' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_X_OP_Zone + rd: 192.168.255.34:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.34 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS MH-LEAF1B +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_X_OP_Zone + ip_address: 10.255.1.34 + ipv6_address: 2001:db8:1::2 +vlan_interfaces: +- name: Vlan310 + description: Tenant_X_OP_Zone_1 + shutdown: false + vrf: Tenant_X_OP_Zone + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_X + tags: + - opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 310 + name: Tenant_X_OP_Zone_1 + tenant: Tenant_X +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_X_OP_Zone + ip_routing: true + tenant: Tenant_X +vxlan_interface: + vxlan1: + description: MH-LEAF1B_VTEP + vxlan: + source_interface: Loopback1 + udp_port: 4789 + vlans: + - id: 310 + vni: 11310 + vrfs: + - name: Tenant_X_OP_Zone + vni: 20 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF2A.yml index 2e541469e69..c0c7f5c1bec 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MH-LEAF2A.yml @@ -1,117 +1,6 @@ -hostname: MH-LEAF2A -is_deployed: true -router_bgp: - as: '65153' - router_id: 192.168.255.35 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - static: - enabled: true - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.10.101.4 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet21 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - vrfs: - - name: default - rd: 192.168.255.35:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: Tenant_X_OP_Zone - rd: 192.168.255.35:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.35 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: default - rd: 192.168.255.35:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '311' - - name: Tenant_X_OP_Zone - rd: 192.168.255.35:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '310' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.0.0.0/8 - gateway: 10.2.10.100 - vrf: default -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -119,20 +8,51 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet21 + shutdown: false + mtu: 1500 + link_tracking_groups: + - name: Eth-conn-to-router + direction: upstream + ip_address: 10.10.101.5/31 + peer: DC1-SPINE1 + peer_interface: Ethernet21 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: MH-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 2 + mode: active + peer: MH-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet10 + description: ROUTER01_Eth1 + shutdown: false + link_tracking_groups: + - name: Eth-conn-to-router + direction: downstream + peer: ROUTER01 + peer_interface: Eth1 + peer_type: router + port_profile: Tenant_X_LT + switchport: + enabled: true + mode: access + access_vlan: 310 +hostname: MH-LEAF2A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -142,6 +62,17 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +lacp: + port_id: + range: + begin: 257 + end: 768 +link_tracking_groups: +- name: Eth-conn-to-router + recovery_delay: 520 local_users: - name: admin disabled: true @@ -156,107 +87,55 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_X_OP_Zone - tenant: Tenant_X - ip_routing: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.35/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +- name: Loopback100 + description: Tenant_X_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_X_OP_Zone + ip_address: 10.255.1.35/32 + ipv6_address: 2001:db8:1::3/128 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.201.106/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -link_tracking_groups: -- name: Eth-conn-to-router - recovery_delay: 520 -lacp: - port_id: - range: - begin: 257 - end: 768 + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS MH-LEAF2A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet21 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet21 - shutdown: false - mtu: 1500 - switchport: - enabled: false - link_tracking_groups: - - name: Eth-conn-to-router - direction: upstream - ip_address: 10.10.101.5/31 -- name: Ethernet2 - peer: MH-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: MH-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 2 - mode: active -- name: Ethernet10 - peer: ROUTER01 - peer_interface: Eth1 - peer_type: router - port_profile: Tenant_X_LT - description: ROUTER01_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 310 - link_tracking_groups: - - name: Eth-conn-to-router - direction: downstream port_channel_interfaces: - name: Port-Channel2 description: MH-L2LEAF1A_Po1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '310' - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.35/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -- name: Loopback100 - description: Tenant_X_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_X_OP_Zone - ip_address: 10.255.1.35/32 - ipv6_address: 2001:db8:1::3/128 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -310,38 +189,165 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 311 - name: Tenant_default_vrf - tenant: Tenant_X -- id: 310 - name: Tenant_X_OP_Zone_1 - tenant: Tenant_X -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65153' + router_id: 192.168.255.35 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.10.101.4 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet21 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + static: + enabled: true + vlan_aware_bundles: + - name: default + rd: 192.168.255.35:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '311' + - name: Tenant_X_OP_Zone + rd: 192.168.255.35:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: '310' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: default + rd: 192.168.255.35:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: Tenant_X_OP_Zone + rd: 192.168.255.35:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.35 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS MH-LEAF2A +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: default + destination_address_prefix: 10.0.0.0/8 + gateway: 10.2.10.100 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_X_OP_Zone + ip_address: 10.255.1.35 + ipv6_address: 2001:db8:1::3 vlan_interfaces: - name: Vlan311 - tenant: Tenant_X - tags: - - default_vrf description: Tenant_default_vrf shutdown: false ip_address_virtual: 10.2.10.1/24 -- name: Vlan310 tenant: Tenant_X tags: - - opzone + - default_vrf +- name: Vlan310 description: Tenant_X_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_X_OP_Zone + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_X + tags: + - opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 311 + name: Tenant_default_vrf + tenant: Tenant_X +- id: 310 + name: Tenant_X_OP_Zone_1 + tenant: Tenant_X +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_X_OP_Zone + ip_routing: true + tenant: Tenant_X vxlan_interface: vxlan1: description: MH-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 311 vni: 11311 @@ -352,9 +358,3 @@ vxlan_interface: vni: 21 - name: Tenant_X_OP_Zone vni: 20 -virtual_source_nat_vrfs: -- name: Tenant_X_OP_Zone - ip_address: 10.255.1.35 - ipv6_address: 2001:db8:1::3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1A.yml index 4ead9f67943..8eee3e9ce8a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1A.yml @@ -1,126 +1,31 @@ -hostname: MLAG-ISIS-L3LEAF1A -is_deployed: true -router_bgp: - as: '65161' - router_id: 192.168.255.36 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.10.10.1 - peer_group: EVPN-OVERLAY-PEERS - peer: MLAG-ISIS-SPINE - description: MLAG-ISIS-SPINE_Loopback0 - remote_as: '65000' -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.116/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.6/31 - isis_enable: EVPN_UNDERLAY - isis_metric: 50 - isis_network_point_to_point: true - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG-ISIS-L3LEAF1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet5 - peer: MLAG-ISIS-L3LEAF1B - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_MLAG-ISIS-L3LEAF1B_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: MLAG-ISIS-L3LEAF1B - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_MLAG-ISIS-L3LEAF1B_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: MLAG-ISIS-L3LEAF1B + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: MLAG-ISIS-SPINE - peer_interface: Ethernet30 - peer_type: spine description: P2P_MLAG-ISIS-SPINE_Ethernet30 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 10.10.101.7/31 isis_enable: EVPN_UNDERLAY isis_metric: 50 @@ -128,16 +33,19 @@ ethernet_interfaces: isis_circuit_type: level-2 isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' -mlag_configuration: - domain_id: MLAG_ISIS_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.7 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + key: $1c$sTNAlR6rKSw= + mode: md5 + peer: MLAG-ISIS-SPINE + peer_interface: Ethernet30 + peer_type: spine + switchport: + enabled: false +hostname: MLAG-ISIS-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -151,28 +59,120 @@ loopback_interfaces: ip_address: 192.168.254.36/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.116/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_ISIS_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.7 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG-ISIS-L3LEAF1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65161' + router_id: 192.168.255.36 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.10.10.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' + peer: MLAG-ISIS-SPINE + description: MLAG-ISIS-SPINE_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5036.00 router_id: 192.168.255.36 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.6/31 + isis_enable: EVPN_UNDERLAY + isis_metric: 50 + isis_network_point_to_point: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG-ISIS-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1B.yml index d97a029a65e..71138a15688 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-L3LEAF1B.yml @@ -1,126 +1,31 @@ -hostname: MLAG-ISIS-L3LEAF1B -is_deployed: true -router_bgp: - as: '65161' - router_id: 192.168.255.37 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.10.10.1 - peer_group: EVPN-OVERLAY-PEERS - peer: MLAG-ISIS-SPINE - description: MLAG-ISIS-SPINE_Loopback0 - remote_as: '65000' -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.117/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.7/31 - isis_enable: EVPN_UNDERLAY - isis_metric: 50 - isis_network_point_to_point: true - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG-ISIS-L3LEAF1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet5 - peer: MLAG-ISIS-L3LEAF1A - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_MLAG-ISIS-L3LEAF1A_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: MLAG-ISIS-L3LEAF1A - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_MLAG-ISIS-L3LEAF1A_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: MLAG-ISIS-L3LEAF1A + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: MLAG-ISIS-SPINE - peer_interface: Ethernet31 - peer_type: spine description: P2P_MLAG-ISIS-SPINE_Ethernet31 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 10.10.101.9/31 isis_enable: EVPN_UNDERLAY isis_metric: 50 @@ -128,16 +33,19 @@ ethernet_interfaces: isis_circuit_type: level-2 isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' -mlag_configuration: - domain_id: MLAG_ISIS_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.6 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + key: $1c$sTNAlR6rKSw= + mode: md5 + peer: MLAG-ISIS-SPINE + peer_interface: Ethernet31 + peer_type: spine + switchport: + enabled: false +hostname: MLAG-ISIS-L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -151,28 +59,120 @@ loopback_interfaces: ip_address: 192.168.254.36/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.117/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_ISIS_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.6 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG-ISIS-L3LEAF1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65161' + router_id: 192.168.255.37 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.10.10.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' + peer: MLAG-ISIS-SPINE + description: MLAG-ISIS-SPINE_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5037.00 router_id: 192.168.255.37 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.7/31 + isis_enable: EVPN_UNDERLAY + isis_metric: 50 + isis_network_point_to_point: true + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG-ISIS-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-SPINE.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-SPINE.yml index 4a257751f26..5fe60f7b5bc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-SPINE.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-ISIS-SPINE.yml @@ -1,76 +1,13 @@ -hostname: MLAG-ISIS-SPINE -is_deployed: true -router_bgp: - as: '65000' - router_id: 10.10.10.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.36 - peer_group: EVPN-OVERLAY-PEERS - peer: MLAG-ISIS-L3LEAF1A - description: MLAG-ISIS-L3LEAF1A_Loopback0 - remote_as: '65161' - - ip_address: 192.168.255.37 - peer_group: EVPN-OVERLAY-PEERS - peer: MLAG-ISIS-L3LEAF1B - description: MLAG-ISIS-L3LEAF1B_Loopback0 - remote_as: '65161' -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet30 - peer: MLAG-ISIS-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_MLAG-ISIS-L3LEAF1A_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 10.10.101.6/31 isis_enable: EVPN_UNDERLAY isis_metric: 50 @@ -78,18 +15,18 @@ ethernet_interfaces: isis_circuit_type: level-2 isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' -- name: Ethernet31 - peer: MLAG-ISIS-L3LEAF1B + key: $1c$sTNAlR6rKSw= + mode: md5 + peer: MLAG-ISIS-L3LEAF1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet31 description: P2P_MLAG-ISIS-L3LEAF1B_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 10.10.101.8/31 isis_enable: EVPN_UNDERLAY isis_metric: 50 @@ -97,9 +34,17 @@ ethernet_interfaces: isis_circuit_type: level-2 isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + peer: MLAG-ISIS-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +hostname: MLAG-ISIS-SPINE +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -107,17 +52,72 @@ loopback_interfaces: ip_address: 10.10.10.1/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 10.10.10.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.36 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65161' + peer: MLAG-ISIS-L3LEAF1A + description: MLAG-ISIS-L3LEAF1A_Loopback0 + - ip_address: 192.168.255.37 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65161' + peer: MLAG-ISIS-L3LEAF1B + description: MLAG-ISIS-L3LEAF1B_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.0100.1001.0001.00 router_id: 10.10.10.1 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1A.yml index fc6ce92b662..5fce15a97d1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1A.yml @@ -1,50 +1,6 @@ -hostname: MLAG-OSPF-L3LEAF1A -is_deployed: true -router_bgp: - as: '65161' - router_id: 192.168.255.36 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -52,20 +8,53 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_PEER_MLAG-OSPF-L3LEAF1B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG-OSPF-L3LEAF1B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_PEER_MLAG-OSPF-L3LEAF1B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG-OSPF-L3LEAF1B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet18 + shutdown: false + mtu: 1500 + ip_address: 10.10.101.7/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha512 + key: qO39Oo+xVTO7l/La1StOQcW1t7hpfAAH + - id: 2 + hash_algorithm: sha512 + key: pWGuZ4QaDATcfTOKCkm1p2Rq2A4O9j5j + peer: DC1-SPINE1 + peer_interface: Ethernet18 + peer_type: spine + switchport: + enabled: false +hostname: MLAG-OSPF-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -75,6 +64,8 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +ip_routing: true +is_deployed: true local_users: - name: admin disabled: true @@ -89,55 +80,53 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.36/32 + ospf_area: 0.0.0.0 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.36/32 + ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.201.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_OSPF_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.7 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS MLAG-OSPF-L3LEAF1A -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG_PEER - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.10.255.6/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 port_channel_interfaces: - name: Port-Channel5 description: MLAG_PEER_MLAG-OSPF-L3LEAF1B_Po5 + shutdown: false switchport: enabled: true mode: trunk @@ -145,87 +134,98 @@ port_channel_interfaces: groups: - MLAG - LEAF_PEER_L3 - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG-OSPF-L3LEAF1B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_PEER_MLAG-OSPF-L3LEAF1B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG-OSPF-L3LEAF1B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_PEER_MLAG-OSPF-L3LEAF1B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet18 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet18 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.10.101.7/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha512 - key: qO39Oo+xVTO7l/La1StOQcW1t7hpfAAH - - id: 2 - hash_algorithm: sha512 - key: pWGuZ4QaDATcfTOKCkm1p2Rq2A4O9j5j -mlag_configuration: - domain_id: MLAG_OSPF_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.7 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.36/32 - ospf_area: 0.0.0.0 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.36/32 - ospf_area: 0.0.0.0 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65161' + router_id: 192.168.255.36 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 100 passive_interface_default: true router_id: 192.168.255.36 - max_lsa: 12000 + bfd_enable: false no_passive_interfaces: - Ethernet1 - Vlan4094 - bfd_enable: false -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + max_lsa: 12000 +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS MLAG-OSPF-L3LEAF1A +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG_PEER + shutdown: false + ip_address: 10.10.255.6/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG_PEER + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG-OSPF-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1B.yml index cc9ba24abe7..6ebb118c212 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG-OSPF-L3LEAF1B.yml @@ -1,50 +1,6 @@ -hostname: MLAG-OSPF-L3LEAF1B -is_deployed: true -router_bgp: - as: '65161' - router_id: 192.168.255.37 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 - enabled: true - expiry_timeout: 10 - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1 - remote_as: '65001' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -52,20 +8,53 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_PEER_MLAG-OSPF-L3LEAF1A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG-OSPF-L3LEAF1A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_PEER_MLAG-OSPF-L3LEAF1A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG-OSPF-L3LEAF1A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_LINK_TO_DC1-SPINE1_Ethernet220 + shutdown: false + mtu: 1500 + ip_address: 10.10.101.9/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha512 + key: qO39Oo+xVTO7l/La1StOQcW1t7hpfAAH + - id: 2 + hash_algorithm: sha512 + key: pWGuZ4QaDATcfTOKCkm1p2Rq2A4O9j5j + peer: DC1-SPINE1 + peer_interface: Ethernet220 + peer_type: spine + switchport: + enabled: false +hostname: MLAG-OSPF-L3LEAF1B +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -75,6 +64,8 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +ip_routing: true +is_deployed: true local_users: - name: admin disabled: true @@ -89,55 +80,53 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.37/32 + ospf_area: 0.0.0.0 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.36/32 + ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.201.115/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_OSPF_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.6 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS MLAG-OSPF-L3LEAF1B -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG_PEER - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG_PEER - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.10.255.7/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 port_channel_interfaces: - name: Port-Channel5 description: MLAG_PEER_MLAG-OSPF-L3LEAF1A_Po5 + shutdown: false switchport: enabled: true mode: trunk @@ -145,87 +134,98 @@ port_channel_interfaces: groups: - MLAG - LEAF_PEER_L3 - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG-OSPF-L3LEAF1A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_PEER_MLAG-OSPF-L3LEAF1A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG-OSPF-L3LEAF1A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_PEER_MLAG-OSPF-L3LEAF1A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet220 - peer_type: spine - description: P2P_LINK_TO_DC1-SPINE1_Ethernet220 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.10.101.9/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha512 - key: qO39Oo+xVTO7l/La1StOQcW1t7hpfAAH - - id: 2 - hash_algorithm: sha512 - key: pWGuZ4QaDATcfTOKCkm1p2Rq2A4O9j5j -mlag_configuration: - domain_id: MLAG_OSPF_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.6 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.37/32 - ospf_area: 0.0.0.0 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.36/32 - ospf_area: 0.0.0.0 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65161' + router_id: 192.168.255.37 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 100 passive_interface_default: true router_id: 192.168.255.37 - max_lsa: 12000 + bfd_enable: false no_passive_interfaces: - Ethernet1 - Vlan4094 - bfd_enable: false -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + max_lsa: 12000 +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS MLAG-OSPF-L3LEAF1B +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG_PEER + shutdown: false + ip_address: 10.10.255.7/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG_PEER + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG-OSPF-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1A.yml index 429d091112a..42108169da3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1A.yml @@ -1,188 +1,188 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_IPV6_L3LEAF1B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_IPV6_L3LEAF1B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_IPV6_L3LEAF1B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_IPV6_L3LEAF1B + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: MLAG_IPV6_L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.35/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.116/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_IPV6 + local_interface: Vlan4094 + peer_address: 2001:db8:0:2::2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_IPV6_L3LEAF1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.35 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: MLAG_IPV6_L3LEAF1B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.5 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: MLAG_IPV6_L3LEAF1B description: MLAG_IPV6_L3LEAF1B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.4/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ipv6_address: 2001:db8:0:2::1/64 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.116/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.4/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ipv6_address: 2001:db8:0:2::1/64 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_IPV6_L3LEAF1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_IPV6_L3LEAF1B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_IPV6_L3LEAF1B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_IPV6_L3LEAF1B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_IPV6_L3LEAF1B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_IPV6 - local_interface: Vlan4094 - peer_address: 2001:db8:0:2::2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.35/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG_IPV6_L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1B.yml index 8c19878600d..1f5559be826 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_IPV6_L3LEAF1B.yml @@ -1,188 +1,188 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_IPV6_L3LEAF1A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_IPV6_L3LEAF1A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_IPV6_L3LEAF1A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_IPV6_L3LEAF1A + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: MLAG_IPV6_L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.36/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.117/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_IPV6 + local_interface: Vlan4094 + peer_address: 2001:db8:0:2::1 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_IPV6_L3LEAF1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.36 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: MLAG_IPV6_L3LEAF1A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.4 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: MLAG_IPV6_L3LEAF1A description: MLAG_IPV6_L3LEAF1A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.5/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ipv6_address: 2001:db8:0:2::2/64 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.117/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.5/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ipv6_address: 2001:db8:0:2::2/64 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_IPV6_L3LEAF1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_IPV6_L3LEAF1A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_IPV6_L3LEAF1A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_IPV6_L3LEAF1A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_IPV6_L3LEAF1A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_IPV6 - local_interface: Vlan4094 - peer_address: 2001:db8:0:2::1 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.36/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG_IPV6_L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1A.yml index ddf2a7ca43a..cc279a5c415 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1A.yml @@ -1,48 +1,138 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_ODD_ID_L3LEAF1B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_ODD_ID_L3LEAF1B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_ODD_ID_L3LEAF1B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_ODD_ID_L3LEAF1B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet10 + description: P2P_P2P-UPLINKS-IPV4-PREFIX-LENGTH_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.254.255.249/30 + peer: P2P-UPLINKS-IPV4-PREFIX-LENGTH + peer_interface: Ethernet1 + peer_type: overlay-controller + switchport: + enabled: false hostname: MLAG_ODD_ID_L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.35/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.116/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_ODD_ID_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.3 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_ODD_ID_L3LEAF1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.35 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: MLAG_ODD_ID_L3LEAF1B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.3 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -53,151 +143,61 @@ router_bgp: remote_as: '65123' peer: P2P-UPLINKS-IPV4-PREFIX-LENGTH description: P2P-UPLINKS-IPV4-PREFIX-LENGTH_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.2/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.2/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.116/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.2/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.2/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_ODD_ID_L3LEAF1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_ODD_ID_L3LEAF1B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_ODD_ID_L3LEAF1B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_ODD_ID_L3LEAF1B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_ODD_ID_L3LEAF1B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet10 - peer: P2P-UPLINKS-IPV4-PREFIX-LENGTH - peer_interface: Ethernet1 - peer_type: overlay-controller - description: P2P_P2P-UPLINKS-IPV4-PREFIX-LENGTH_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.254.255.249/30 -mlag_configuration: - domain_id: MLAG_ODD_ID_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.3 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.35/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG_ODD_ID_L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1B.yml index 9ef163a8f1c..4a2f5a8d407 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_ODD_ID_L3LEAF1B.yml @@ -1,48 +1,136 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_ODD_ID_L3LEAF1A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_ODD_ID_L3LEAF1A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_ODD_ID_L3LEAF1A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_ODD_ID_L3LEAF1A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet10 + description: P2P_P2P-UPLINKS-IPV4-PREFIX-LENGTH_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.254.255.253/30 + peer: P2P-UPLINKS-IPV4-PREFIX-LENGTH + peer_interface: Ethernet2 + peer_type: overlay-controller + switchport: + enabled: false hostname: MLAG_ODD_ID_L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.36/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.117/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_ODD_ID_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.2 + peer_link: Port-Channel5 +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_ODD_ID_L3LEAF1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.36 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: MLAG_ODD_ID_L3LEAF1A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.2 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -53,149 +141,61 @@ router_bgp: remote_as: '65123' peer: P2P-UPLINKS-IPV4-PREFIX-LENGTH description: P2P-UPLINKS-IPV4-PREFIX-LENGTH_Ethernet2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.3/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.3/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.117/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.3/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.3/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_ODD_ID_L3LEAF1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_ODD_ID_L3LEAF1A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_ODD_ID_L3LEAF1A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_ODD_ID_L3LEAF1A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_ODD_ID_L3LEAF1A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet10 - peer: P2P-UPLINKS-IPV4-PREFIX-LENGTH - peer_interface: Ethernet2 - peer_type: overlay-controller - description: P2P_P2P-UPLINKS-IPV4-PREFIX-LENGTH_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.254.255.253/30 -mlag_configuration: - domain_id: MLAG_ODD_ID_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.2 - peer_link: Port-Channel5 -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.36/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: MLAG_ODD_ID_L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1A.yml index 8fa779e2956..7e0580b8742 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1A.yml @@ -1,57 +1,171 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF1B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF1B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF1B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF1B + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: MLAG_SAME_SUBNET_L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.32/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.32/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.116/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_SAME_SUBNET_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.10.224.0/30 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.32 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: MLAG_SAME_SUBNET_L3LEAF1B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.2 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: MLAG_SAME_SUBNET_L3LEAF1B description: MLAG_SAME_SUBNET_L3LEAF1B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 10 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + rd: 192.168.255.32:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST rd: 192.168.255.32:1 @@ -65,68 +179,62 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.32 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.10.224.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: MLAG_SAME_SUBNET_L3LEAF1B_Vlan3000 - updates: - wait_install: true - vlans: - - id: 10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - rd: 192.168.255.32:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.1/30 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.1/30 + mtu: 9214 + no_autostate: true +- name: Vlan10 + description: VLAN10 + shutdown: true + vrf: TEST + ip_address_virtual: 10.10.10.1/24 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF +- name: Vlan3000 + description: MLAG_L3_VRF_TEST + shutdown: false + vrf: TEST + ip_address: 10.10.224.1/30 + mtu: 9214 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.116/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 10 name: VLAN10 tenant: TEST_MLAG_SAME_SUBNET_ON_VRF @@ -135,124 +243,18 @@ vlans: trunk_groups: - MLAG tenant: TEST_MLAG_SAME_SUBNET_ON_VRF -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.1/30 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.1/30 -- name: Vlan10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - description: VLAN10 - shutdown: true - ip_address_virtual: 10.10.10.1/24 - vrf: TEST -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST - vrf: TEST - mtu: 9214 - ip_address: 10.10.224.1/30 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_SAME_SUBNET_L3LEAF1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_SAME_SUBNET_L3LEAF1B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF1B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_SAME_SUBNET_L3LEAF1B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF1B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_SAME_SUBNET_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.32/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.32/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.10.224.0/30 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: MLAG_SAME_SUBNET_L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 10 @@ -260,5 +262,3 @@ vxlan_interface: vrfs: - name: TEST vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1B.yml index 407071dbc76..b031d56b48b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF1B.yml @@ -1,57 +1,171 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF1A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF1A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF1A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF1A + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: MLAG_SAME_SUBNET_L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.33/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.32/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.117/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_SAME_SUBNET_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.1 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.10.224.0/30 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.33 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: MLAG_SAME_SUBNET_L3LEAF1A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.1 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: MLAG_SAME_SUBNET_L3LEAF1A description: MLAG_SAME_SUBNET_L3LEAF1A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 10 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + rd: 192.168.255.33:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST rd: 192.168.255.33:1 @@ -65,68 +179,62 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.33 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.10.224.1 peer_group: MLAG-IPv4-UNDERLAY-PEER description: MLAG_SAME_SUBNET_L3LEAF1A_Vlan3000 - updates: - wait_install: true - vlans: - - id: 10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - rd: 192.168.255.33:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.2/30 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.2/30 + mtu: 9214 + no_autostate: true +- name: Vlan10 + description: VLAN10 + shutdown: true + vrf: TEST + ip_address_virtual: 10.10.10.1/24 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF +- name: Vlan3000 + description: MLAG_L3_VRF_TEST + shutdown: false + vrf: TEST + ip_address: 10.10.224.2/30 + mtu: 9214 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.117/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 10 name: VLAN10 tenant: TEST_MLAG_SAME_SUBNET_ON_VRF @@ -135,124 +243,18 @@ vlans: trunk_groups: - MLAG tenant: TEST_MLAG_SAME_SUBNET_ON_VRF -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.2/30 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.2/30 -- name: Vlan10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - description: VLAN10 - shutdown: true - ip_address_virtual: 10.10.10.1/24 - vrf: TEST -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST - vrf: TEST - mtu: 9214 - ip_address: 10.10.224.2/30 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_SAME_SUBNET_L3LEAF1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_SAME_SUBNET_L3LEAF1A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF1A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_SAME_SUBNET_L3LEAF1A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF1A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_SAME_SUBNET_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.1 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.33/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.32/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.10.224.0/30 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: MLAG_SAME_SUBNET_L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 10 @@ -260,5 +262,3 @@ vxlan_interface: vrfs: - name: TEST vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2A.yml index 7622ee448e7..8e22c492fa8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2A.yml @@ -1,57 +1,171 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF2B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF2B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF2B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF2B + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: MLAG_SAME_SUBNET_L3LEAF2A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.34/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.34/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.118/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_SAME_SUBNET_L3LEAF2 + local_interface: Vlan4094 + peer_address: 10.10.255.2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF2B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.10.224.0/30 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.34 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: MLAG_SAME_SUBNET_L3LEAF2B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.2 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: MLAG_SAME_SUBNET_L3LEAF2B description: MLAG_SAME_SUBNET_L3LEAF2B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 10 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + rd: 192.168.255.34:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST rd: 192.168.255.34:1 @@ -65,68 +179,62 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.34 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.10.224.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: MLAG_SAME_SUBNET_L3LEAF2B_Vlan3000 - updates: - wait_install: true - vlans: - - id: 10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - rd: 192.168.255.34:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.1/30 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.1/30 + mtu: 9214 + no_autostate: true +- name: Vlan10 + description: VLAN10 + shutdown: true + vrf: TEST + ip_address_virtual: 10.10.10.1/24 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF +- name: Vlan3000 + description: MLAG_L3_VRF_TEST + shutdown: false + vrf: TEST + ip_address: 10.10.224.1/30 + mtu: 9214 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.118/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 10 name: VLAN10 tenant: TEST_MLAG_SAME_SUBNET_ON_VRF @@ -135,124 +243,18 @@ vlans: trunk_groups: - MLAG tenant: TEST_MLAG_SAME_SUBNET_ON_VRF -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.1/30 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.1/30 -- name: Vlan10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - description: VLAN10 - shutdown: true - ip_address_virtual: 10.10.10.1/24 - vrf: TEST -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST - vrf: TEST - mtu: 9214 - ip_address: 10.10.224.1/30 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_SAME_SUBNET_L3LEAF2B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_SAME_SUBNET_L3LEAF2B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF2B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_SAME_SUBNET_L3LEAF2B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF2B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_SAME_SUBNET_L3LEAF2 - local_interface: Vlan4094 - peer_address: 10.10.255.2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.34/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.34/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.10.224.0/30 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: MLAG_SAME_SUBNET_L3LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 10 @@ -260,5 +262,3 @@ vxlan_interface: vrfs: - name: TEST vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2B.yml index b53f0e47b74..3ceaf985787 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/MLAG_SAME_SUBNET_L3LEAF2B.yml @@ -1,57 +1,171 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF2A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF2A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF2A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: MLAG_SAME_SUBNET_L3LEAF2A + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: MLAG_SAME_SUBNET_L3LEAF2B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.35/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.34/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.119/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: MLAG_SAME_SUBNET_L3LEAF2 + local_interface: Vlan4094 + peer_address: 10.10.255.1 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_MLAG_SAME_SUBNET_L3LEAF2A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.10.224.0/30 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.35 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: MLAG_SAME_SUBNET_L3LEAF2A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.1 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: MLAG_SAME_SUBNET_L3LEAF2A description: MLAG_SAME_SUBNET_L3LEAF2A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 10 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + rd: 192.168.255.35:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TEST rd: 192.168.255.35:1 @@ -65,68 +179,62 @@ router_bgp: route_targets: - '1:1' router_id: 192.168.255.35 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.10.224.1 peer_group: MLAG-IPv4-UNDERLAY-PEER description: MLAG_SAME_SUBNET_L3LEAF2A_Vlan3000 - updates: - wait_install: true - vlans: - - id: 10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - rd: 192.168.255.35:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.2/30 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.2/30 + mtu: 9214 + no_autostate: true +- name: Vlan10 + description: VLAN10 + shutdown: true + vrf: TEST + ip_address_virtual: 10.10.10.1/24 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF +- name: Vlan3000 + description: MLAG_L3_VRF_TEST + shutdown: false + vrf: TEST + ip_address: 10.10.224.2/30 + mtu: 9214 + tenant: TEST_MLAG_SAME_SUBNET_ON_VRF + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.119/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 10 name: VLAN10 tenant: TEST_MLAG_SAME_SUBNET_ON_VRF @@ -135,124 +243,18 @@ vlans: trunk_groups: - MLAG tenant: TEST_MLAG_SAME_SUBNET_ON_VRF -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.2/30 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.2/30 -- name: Vlan10 - tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - description: VLAN10 - shutdown: true - ip_address_virtual: 10.10.10.1/24 - vrf: TEST -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST_MLAG_SAME_SUBNET_ON_VRF - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST - vrf: TEST - mtu: 9214 - ip_address: 10.10.224.2/30 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_MLAG_SAME_SUBNET_L3LEAF2A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: MLAG_SAME_SUBNET_L3LEAF2A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF2A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: MLAG_SAME_SUBNET_L3LEAF2A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_MLAG_SAME_SUBNET_L3LEAF2A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: MLAG_SAME_SUBNET_L3LEAF2 - local_interface: Vlan4094 - peer_address: 10.10.255.1 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.35/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.34/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.10.224.0/30 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: MLAG_SAME_SUBNET_L3LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 10 @@ -260,5 +262,3 @@ vxlan_interface: vrfs: - name: TEST vni: 1 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.yml index 2f77e6e2d11..7c557d88ec8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.yml @@ -1,52 +1,13 @@ -hostname: OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.254.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true +hostname: OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -56,6 +17,16 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.253.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_cvx: + shutdown: false + server_hosts: + - 192.168.254.254 + - 192.168.254.255 + source_interface: Loopback0 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -70,12 +41,43 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -management_cvx: - shutdown: false - source_interface: Loopback0 - server_hosts: - - 192.168.254.254 - - 192.168.254.255 +router_bgp: + as: '65001' + router_id: 192.168.254.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan3910 + description: SVI_3910 + shutdown: true + vrf: TEST + tenant: TEST +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 3910 name: SVI_3910 @@ -86,22 +88,20 @@ vlans: - id: 2911 name: L2VLAN_2911 tenant: TEST -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan3910 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST - description: SVI_3910 - shutdown: true - vrf: TEST vxlan_interface: vxlan1: description: OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 controller_client: enabled: true + udp_port: 4789 vlans: - id: 3910 vni: 14910 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.yml index 8ae9d61fb85..493808411c3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.yml @@ -1,52 +1,13 @@ -hostname: OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2 -is_deployed: true -router_bgp: - as: '65002' - router_id: 192.168.254.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true +hostname: OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -56,6 +17,16 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.253.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_cvx: + shutdown: false + server_hosts: + - 192.168.254.254 + - 192.168.254.255 + source_interface: Loopback0 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -70,12 +41,43 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -management_cvx: - shutdown: false - source_interface: Loopback0 - server_hosts: - - 192.168.254.254 - - 192.168.254.255 +router_bgp: + as: '65002' + router_id: 192.168.254.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan3910 + description: SVI_3910 + shutdown: true + vrf: TEST + tenant: TEST +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 3910 name: SVI_3910 @@ -86,22 +88,20 @@ vlans: - id: 2911 name: L2VLAN_2911 tenant: TEST -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan3910 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST - description: SVI_3910 - shutdown: true - vrf: TEST vxlan_interface: vxlan1: description: OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 controller_client: enabled: true + udp_port: 4789 vlans: - id: 3910 vni: 14910 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1.yml index 6321555029e..aec44ed81c8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1.yml @@ -1,22 +1,21 @@ -hostname: OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true +cvx: + shutdown: false + peer_hosts: + - 192.168.254.255 + services: + vxlan: + shutdown: false enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false +hostname: OVERLAY_ROUTING_PROTOCOL_CVX_SERVER1 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT @@ -24,14 +23,15 @@ management_interfaces: vrf: MGMT ip_address: 192.168.254.254/23 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -cvx: - shutdown: false - peer_hosts: - - 192.168.254.255 - services: - vxlan: - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2.yml index 191fae932cd..2b898890809 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2.yml @@ -1,22 +1,21 @@ -hostname: OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true +cvx: + shutdown: false + peer_hosts: + - 192.168.254.254 + services: + vxlan: + shutdown: false enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false +hostname: OVERLAY_ROUTING_PROTOCOL_CVX_SERVER2 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT @@ -24,14 +23,15 @@ management_interfaces: vrf: MGMT ip_address: 192.168.254.255/23 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -cvx: - shutdown: false - peer_hosts: - - 192.168.254.254 - services: - vxlan: - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1.yml index 5365723f375..8e86cd3e0cb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1.yml @@ -1,52 +1,13 @@ -hostname: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.254.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true +hostname: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -56,6 +17,10 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.253.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -70,6 +35,62 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bgp: + as: '65001' + router_id: 192.168.254.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan3900 + description: SVI_ON_ALL_LEAFS + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 + - leaf2 + - leaf3 +- name: Vlan3901 + description: SVI_ON_LEAF1 + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 +- name: Vlan3902 + description: SVI_ON_LEAF1-2 + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 + - leaf2 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 3900 name: SVI_ON_ALL_LEAFS @@ -89,39 +110,18 @@ vlans: - id: 2902 name: L2VLAN_ON_LEAF1-2 tenant: TEST -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan3900 - tenant: TEST - tags: - - leaf1 - - leaf2 - - leaf3 - description: SVI_ON_ALL_LEAFS - shutdown: true - vrf: TEST -- name: Vlan3901 - tenant: TEST - tags: - - leaf1 - description: SVI_ON_LEAF1 - shutdown: true - vrf: TEST -- name: Vlan3902 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST - tags: - - leaf1 - - leaf2 - description: SVI_ON_LEAF1-2 - shutdown: true - vrf: TEST vxlan_interface: vxlan1: description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 3900 vni: 13900 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2.yml index 2070b405265..1d7566e6da6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2.yml @@ -1,52 +1,13 @@ -hostname: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2 -is_deployed: true -router_bgp: - as: '65002' - router_id: 192.168.254.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true +hostname: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -56,6 +17,10 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.253.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -70,6 +35,63 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bgp: + as: '65002' + router_id: 192.168.254.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan3900 + description: SVI_ON_ALL_LEAFS + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 + - leaf2 + - leaf3 +- name: Vlan3902 + description: SVI_ON_LEAF1-2 + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 + - leaf2 +- name: Vlan3903 + description: SVI_ON_LEAF2-3 + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf2 + - leaf3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 3900 name: SVI_ON_ALL_LEAFS @@ -89,40 +111,18 @@ vlans: - id: 2903 name: L2VLAN_ON_LEAF2-3 tenant: TEST -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan3900 - tenant: TEST - tags: - - leaf1 - - leaf2 - - leaf3 - description: SVI_ON_ALL_LEAFS - shutdown: true - vrf: TEST -- name: Vlan3902 - tenant: TEST - tags: - - leaf1 - - leaf2 - description: SVI_ON_LEAF1-2 - shutdown: true - vrf: TEST -- name: Vlan3903 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST - tags: - - leaf2 - - leaf3 - description: SVI_ON_LEAF2-3 - shutdown: true - vrf: TEST vxlan_interface: vxlan1: description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 3900 vni: 13900 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A.yml index a9a35c3989f..54546bcfc6e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A.yml @@ -1,80 +1,191 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Eth1 + description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Eth1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B + peer_interface: Eth1 + peer_type: mlag_peer +- name: Eth2 + description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Eth2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B + peer_interface: Eth2 + peer_type: mlag_peer hostname: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.254.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.253.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3 + local_interface: Vlan4094 + peer_address: 192.168.254.5 + peer_link: Port-Channel1 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel1 + description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Port-Channel1 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.254.0/24 eq 32 + - sequence: 20 + action: permit 192.168.253.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 192.168.253.4/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit router_bgp: as: '65003' router_id: 192.168.254.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65003' - next_hop_self: true description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 192.168.253.5 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B + description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_ipv4: peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER activate: true - name: IPv4-UNDERLAY-PEERS activate: true - neighbors: - - ip_address: 192.168.253.5 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B - description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Vlan4093 service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 192.168.253.4/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.254.4/31 + mtu: 9214 + no_autostate: true +- name: Vlan3900 + description: SVI_ON_ALL_LEAFS + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 + - leaf2 + - leaf3 +- name: Vlan3903 + description: SVI_ON_LEAF2-3 + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf2 + - leaf3 +- name: Vlan3000 + description: MLAG_L3_VRF_TEST + shutdown: false + vrf: TEST + ip_address: 192.168.253.4/31 + mtu: 9214 + tenant: TEST + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 3900 name: SVI_ON_ALL_LEAFS tenant: TEST @@ -92,129 +203,18 @@ vlans: - id: 2903 name: L2VLAN_ON_LEAF2-3 tenant: TEST -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 192.168.253.4/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.254.4/31 -- name: Vlan3900 - tenant: TEST - tags: - - leaf1 - - leaf2 - - leaf3 - description: SVI_ON_ALL_LEAFS - shutdown: true - vrf: TEST -- name: Vlan3903 - tenant: TEST - tags: - - leaf2 - - leaf3 - description: SVI_ON_LEAF2-3 - shutdown: true - vrf: TEST -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST - vrf: TEST - mtu: 9214 - ip_address: 192.168.253.4/31 -port_channel_interfaces: -- name: Port-Channel1 - description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Eth1 - peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B - peer_interface: Eth1 - peer_type: mlag_peer - description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Eth1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Eth2 - peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B - peer_interface: Eth2 - peer_type: mlag_peer - description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_Eth2 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3 - local_interface: Vlan4094 - peer_address: 192.168.254.5 - peer_link: Port-Channel1 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.254.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.253.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.254.0/24 eq 32 - - sequence: 20 - action: permit 192.168.253.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 192.168.253.4/31 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 3900 vni: 13900 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B.yml index 3205504c3a9..d6cca3d84e9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B.yml @@ -1,80 +1,191 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Eth1 + description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Eth1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A + peer_interface: Eth1 + peer_type: mlag_peer +- name: Eth2 + description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Eth2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A + peer_interface: Eth2 + peer_type: mlag_peer hostname: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.254.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.253.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3 + local_interface: Vlan4094 + peer_address: 192.168.254.4 + peer_link: Port-Channel1 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel1 + description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Port-Channel1 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.254.0/24 eq 32 + - sequence: 20 + action: permit 192.168.253.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 192.168.253.4/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit router_bgp: as: '65003' router_id: 192.168.254.4 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65003' - next_hop_self: true description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 192.168.253.4 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A + description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_ipv4: peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER activate: true - name: IPv4-UNDERLAY-PEERS activate: true - neighbors: - - ip_address: 192.168.253.4 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A - description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Vlan4093 service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 192.168.253.5/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.254.5/31 + mtu: 9214 + no_autostate: true +- name: Vlan3900 + description: SVI_ON_ALL_LEAFS + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf1 + - leaf2 + - leaf3 +- name: Vlan3903 + description: SVI_ON_LEAF2-3 + shutdown: true + vrf: TEST + tenant: TEST + tags: + - leaf2 + - leaf3 +- name: Vlan3000 + description: MLAG_L3_VRF_TEST + shutdown: false + vrf: TEST + ip_address: 192.168.253.5/31 + mtu: 9214 + tenant: TEST + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST - tenant: TEST - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 3900 name: SVI_ON_ALL_LEAFS tenant: TEST @@ -92,129 +203,18 @@ vlans: - id: 2903 name: L2VLAN_ON_LEAF2-3 tenant: TEST -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 192.168.253.5/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.254.5/31 -- name: Vlan3900 - tenant: TEST - tags: - - leaf1 - - leaf2 - - leaf3 - description: SVI_ON_ALL_LEAFS - shutdown: true - vrf: TEST -- name: Vlan3903 - tenant: TEST - tags: - - leaf2 - - leaf3 - description: SVI_ON_LEAF2-3 - shutdown: true - vrf: TEST -- name: Vlan3000 +vrfs: +- name: MGMT + ip_routing: false +- name: TEST + ip_routing: true tenant: TEST - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TEST - vrf: TEST - mtu: 9214 - ip_address: 192.168.253.5/31 -port_channel_interfaces: -- name: Port-Channel1 - description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Eth1 - peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A - peer_interface: Eth1 - peer_type: mlag_peer - description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Eth1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Eth2 - peer: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A - peer_interface: Eth2 - peer_type: mlag_peer - description: MLAG_OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3A_Eth2 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3 - local_interface: Vlan4094 - peer_address: 192.168.254.4 - peer_link: Port-Channel1 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.254.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.253.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.254.0/24 eq 32 - - sequence: 20 - action: permit 192.168.253.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 192.168.253.4/31 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: OVERLAY_ROUTING_PROTOCOL_HER_L3LEAF3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 3900 vni: 13900 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1A.yml index a08f9a6a0a5..f637909bdda 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1A.yml @@ -1,188 +1,188 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_OVERRIDE_VTEP_L3LEAF1B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: OVERRIDE_VTEP_L3LEAF1B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_OVERRIDE_VTEP_L3LEAF1B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: OVERRIDE_VTEP_L3LEAF1B + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: OVERRIDE_VTEP_L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.35/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.35/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.116/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: OVERRIDE_VTEP_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.5 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_OVERRIDE_VTEP_L3LEAF1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.35 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: OVERRIDE_VTEP_L3LEAF1B - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.5 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: OVERRIDE_VTEP_L3LEAF1B description: OVERRIDE_VTEP_L3LEAF1B_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.4/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.4/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.116/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.4/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.4/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_OVERRIDE_VTEP_L3LEAF1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: OVERRIDE_VTEP_L3LEAF1B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_OVERRIDE_VTEP_L3LEAF1B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: OVERRIDE_VTEP_L3LEAF1B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_OVERRIDE_VTEP_L3LEAF1B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: OVERRIDE_VTEP_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.5 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.35/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.35/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: OVERRIDE_VTEP_L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1B.yml index 86164fba29d..14339589572 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/OVERRIDE_VTEP_L3LEAF1B.yml @@ -1,175 +1,175 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_OVERRIDE_VTEP_L3LEAF1A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: OVERRIDE_VTEP_L3LEAF1A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_OVERRIDE_VTEP_L3LEAF1A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: OVERRIDE_VTEP_L3LEAF1A + peer_interface: Ethernet6 + peer_type: mlag_peer hostname: OVERRIDE_VTEP_L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.36/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.117/24 + type: oob +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: OVERRIDE_VTEP_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.10.255.4 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_OVERRIDE_VTEP_L3LEAF1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '923' router_id: 192.168.255.36 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '923' - next_hop_self: true description: OVERRIDE_VTEP_L3LEAF1A - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.10.224.4 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: OVERRIDE_VTEP_L3LEAF1A description: OVERRIDE_VTEP_L3LEAF1A_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.10.224.5/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.5/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.117/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.10.224.5/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.5/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_OVERRIDE_VTEP_L3LEAF1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: OVERRIDE_VTEP_L3LEAF1A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_OVERRIDE_VTEP_L3LEAF1A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: OVERRIDE_VTEP_L3LEAF1A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_OVERRIDE_VTEP_L3LEAF1A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: OVERRIDE_VTEP_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.10.255.4 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.36/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/P2P-UPLINKS-IPV4-PREFIX-LENGTH.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/P2P-UPLINKS-IPV4-PREFIX-LENGTH.yml index 6e220c69419..50f714c1c10 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/P2P-UPLINKS-IPV4-PREFIX-LENGTH.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/P2P-UPLINKS-IPV4-PREFIX-LENGTH.yml @@ -1,39 +1,82 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_MLAG_ODD_ID_L3LEAF1A_Ethernet10 + shutdown: false + mtu: 9214 + ip_address: 10.254.255.250/30 + peer: MLAG_ODD_ID_L3LEAF1A + peer_interface: Ethernet10 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_MLAG_ODD_ID_L3LEAF1B_Ethernet10 + shutdown: false + mtu: 9214 + ip_address: 10.254.255.254/30 + peer: MLAG_ODD_ID_L3LEAF1B + peer_interface: Ethernet10 + peer_type: l3leaf + switchport: + enabled: false hostname: P2P-UPLINKS-IPV4-PREFIX-LENGTH +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.254.32/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65123' router_id: 10.254.254.32 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.254.255.249 peer_group: IPv4-UNDERLAY-PEERS @@ -45,72 +88,29 @@ router_bgp: remote_as: '923' peer: MLAG_ODD_ID_L3LEAF1B description: MLAG_ODD_ID_L3LEAF1B_Ethernet10 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: MLAG_ODD_ID_L3LEAF1A - peer_interface: Ethernet10 - peer_type: l3leaf - description: P2P_MLAG_ODD_ID_L3LEAF1A_Ethernet10 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.254.255.250/30 -- name: Ethernet2 - peer: MLAG_ODD_ID_L3LEAF1B - peer_interface: Ethernet10 - peer_type: l3leaf - description: P2P_MLAG_ODD_ID_L3LEAF1B_Ethernet10 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.254.255.254/30 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.254.32/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF1.yml index a3301982aae..17138fff403 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF1.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: 192.168.255.1:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: 192.168.255.1:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF2.yml index 3c9fda5649e..086d64efe1f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF2.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65002' router_id: 192.168.255.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: 192.168.254.2:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '65002:11' - export: - - address_family: evpn - route_targets: - - '65002:11' - router_id: 192.168.255.2 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: 192.168.254.2:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '65002:11' + export: + - address_family: evpn + route_targets: + - '65002:11' + router_id: 192.168.255.2 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF3.yml index cd7bf3a0a49..698a4d6ea53 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF3.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65003' router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: '123:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '65003:11' - export: - - address_family: evpn - route_targets: - - '65003:11' - router_id: 192.168.255.3 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: '123:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '65003:11' + export: + - address_family: evpn + route_targets: + - '65003:11' + router_id: 192.168.255.3 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF3_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF4.yml index 0233ec04826..c2923de574b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF4.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF4.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF4 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65004' router_id: 192.168.255.4 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: '5004:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '4294967295:11' - export: - - address_family: evpn - route_targets: - - '4294967295:11' - router_id: 192.168.255.4 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: '5004:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '4294967295:11' + export: + - address_family: evpn + route_targets: + - '4294967295:11' + router_id: 192.168.255.4 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF4_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF5.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF5.yml index e2e32e5b9be..f705cb45d7a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF5.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF5.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF5 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65005' router_id: 192.168.255.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: 1.1.1.1:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '22:11' - export: - - address_family: evpn - route_targets: - - '22:11' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: 1.1.1.1:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '22:11' + export: + - address_family: evpn + route_targets: + - '22:11' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF5_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF6.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF6.yml index 36360d2d60f..6802c20f8f2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF6.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF6.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF6 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65006' router_id: 192.168.255.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: '65535:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.6 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: '65535:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.6 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF6_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF7.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF7.yml index c9a4984079c..e1ba90a180f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF7.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/RD-RT-ADMIN-SUBFIELD-L3LEAF7.yml @@ -1,58 +1,83 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: RD-RT-ADMIN-SUBFIELD-L3LEAF7 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.7/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65007' router_id: 192.168.255.7 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TEST1 - rd: '4294967295:11' - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.7 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 1 tenant: Tenant_A @@ -86,125 +111,102 @@ router_bgp: - 3333:3333 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TEST1 + rd: '4294967295:11' + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.7 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TEST1 - tenant: Tenant_A - ip_routing: true - description: TEST1 -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.7/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.7/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 1 - name: VLAN_1 - tenant: Tenant_A -- id: 2 - name: VLAN_2 - tenant: Tenant_A -- id: 3 - name: VLAN_3 - tenant: Tenant_A -- id: 4 - name: VLAN_4 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan1 - tenant: Tenant_A - tags: - - test_l3 description: VLAN_1 shutdown: false - ip_address_virtual: 10.0.1.1/24 vrf: TEST1 -- name: Vlan2 + ip_address_virtual: 10.0.1.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan2 description: VLAN_2 shutdown: false - ip_address_virtual: 10.0.2.1/24 vrf: TEST1 -- name: Vlan3 + ip_address_virtual: 10.0.2.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan3 description: VLAN_3 shutdown: false - ip_address_virtual: 10.0.3.1/24 vrf: TEST1 -- name: Vlan4 + ip_address_virtual: 10.0.3.1/24 tenant: Tenant_A tags: - test_l3 +- name: Vlan4 description: VLAN_4 shutdown: false - ip_address_virtual: 10.0.4.1/24 vrf: TEST1 + ip_address_virtual: 10.0.4.1/24 + tenant: Tenant_A + tags: + - test_l3 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 1 + name: VLAN_1 + tenant: Tenant_A +- id: 2 + name: VLAN_2 + tenant: Tenant_A +- id: 3 + name: VLAN_3 + tenant: Tenant_A +- id: 4 + name: VLAN_4 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: TEST1 + description: TEST1 + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: RD-RT-ADMIN-SUBFIELD-L3LEAF7_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1 vni: 80001 @@ -217,5 +219,3 @@ vxlan_interface: vrfs: - name: TEST1 vni: 22 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0A.yml index c079e2dd9c5..45f6fc815a1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0A.yml @@ -1,68 +1,37 @@ -hostname: SL-LEAF0A -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.0/31 -port_channel_interfaces: -- name: Port-Channel25 - description: MLAG_SL-LEAF0B_Port-Channel25 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet25 - peer: SL-LEAF0B - peer_interface: Ethernet25 - peer_type: mlag_peer description: MLAG_SL-LEAF0B_Ethernet25 shutdown: false channel_group: id: 25 mode: active -- name: Ethernet26 peer: SL-LEAF0B - peer_interface: Ethernet26 + peer_interface: Ethernet25 peer_type: mlag_peer +- name: Ethernet26 description: MLAG_SL-LEAF0B_Ethernet26 shutdown: false channel_group: id: 25 mode: active + peer: SL-LEAF0B + peer_interface: Ethernet26 + peer_type: mlag_peer +hostname: SL-LEAF0A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: SL-LEAF0 local_interface: Vlan4094 @@ -70,7 +39,38 @@ mlag_configuration: peer_link: Port-Channel25 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel25 + description: MLAG_SL-LEAF0B_Port-Channel25 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0B.yml index 6de2b85cfc7..809500a3c28 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF0B.yml @@ -1,140 +1,91 @@ -hostname: SL-LEAF0B -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.1/31 -port_channel_interfaces: -- name: Port-Channel25 - description: MLAG_SL-LEAF0A_Port-Channel25 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel27 - description: L2_SL-LEAF1_Port-Channel27 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 27 -- name: Port-Channel41 - description: L2_SL-LEAF2_Port-Channel41 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 41 ethernet_interfaces: - name: Ethernet25 - peer: SL-LEAF0A - peer_interface: Ethernet25 - peer_type: mlag_peer description: MLAG_SL-LEAF0A_Ethernet25 shutdown: false channel_group: id: 25 mode: active -- name: Ethernet26 peer: SL-LEAF0A - peer_interface: Ethernet26 + peer_interface: Ethernet25 peer_type: mlag_peer +- name: Ethernet26 description: MLAG_SL-LEAF0A_Ethernet26 shutdown: false channel_group: id: 25 mode: active + peer: SL-LEAF0A + peer_interface: Ethernet26 + peer_type: mlag_peer - name: Ethernet27 - peer: SL-LEAF1A - peer_interface: Ethernet27 - peer_type: l2leaf description: L2_SL-LEAF1A_Ethernet27 shutdown: false channel_group: id: 27 mode: active -- name: Ethernet28 - peer: SL-LEAF1B + peer: SL-LEAF1A peer_interface: Ethernet27 peer_type: l2leaf +- name: Ethernet28 description: L2_SL-LEAF1B_Ethernet27 shutdown: false channel_group: id: 27 mode: active -- name: Ethernet41 - peer: SL-LEAF2A - peer_interface: Ethernet41 + peer: SL-LEAF1B + peer_interface: Ethernet27 peer_type: l2leaf +- name: Ethernet41 description: L2_SL-LEAF2A_Ethernet41 shutdown: false channel_group: id: 41 mode: active -- name: Ethernet42 peer: SL-LEAF2A - peer_interface: Ethernet42 + peer_interface: Ethernet41 peer_type: l2leaf +- name: Ethernet42 description: L2_SL-LEAF2A_Ethernet42 shutdown: false channel_group: id: 41 mode: active -- name: Ethernet43 - peer: SL-LEAF2B - peer_interface: Ethernet41 + peer: SL-LEAF2A + peer_interface: Ethernet42 peer_type: l2leaf +- name: Ethernet43 description: L2_SL-LEAF2B_Ethernet41 shutdown: false channel_group: id: 41 mode: active -- name: Ethernet44 peer: SL-LEAF2B - peer_interface: Ethernet42 + peer_interface: Ethernet41 peer_type: l2leaf +- name: Ethernet44 description: L2_SL-LEAF2B_Ethernet42 shutdown: false channel_group: id: 41 mode: active + peer: SL-LEAF2B + peer_interface: Ethernet42 + peer_type: l2leaf +hostname: SL-LEAF0B +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: SL-LEAF0 local_interface: Vlan4094 @@ -142,7 +93,56 @@ mlag_configuration: peer_link: Port-Channel25 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel25 + description: MLAG_SL-LEAF0A_Port-Channel25 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel27 + description: L2_SL-LEAF1_Port-Channel27 + shutdown: false + mlag: 27 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +- name: Port-Channel41 + description: L2_SL-LEAF2_Port-Channel41 + shutdown: false + mlag: 41 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1A.yml index 054288f2904..3501502b2fa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1A.yml @@ -1,104 +1,55 @@ -hostname: SL-LEAF1A -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.4/31 -port_channel_interfaces: -- name: Port-Channel25 - description: MLAG_SL-LEAF1B_Port-Channel25 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel27 - description: L2_SL-LEAF0_Port-Channel27 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 27 -- name: Port-Channel28 - description: L2_SL-MLEAF1_Port-Channel16 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 28 ethernet_interfaces: - name: Ethernet25 - peer: SL-LEAF1B - peer_interface: Ethernet25 - peer_type: mlag_peer description: MLAG_SL-LEAF1B_Ethernet25 shutdown: false channel_group: id: 25 mode: active -- name: Ethernet26 peer: SL-LEAF1B - peer_interface: Ethernet26 + peer_interface: Ethernet25 peer_type: mlag_peer +- name: Ethernet26 description: MLAG_SL-LEAF1B_Ethernet26 shutdown: false channel_group: id: 25 mode: active + peer: SL-LEAF1B + peer_interface: Ethernet26 + peer_type: mlag_peer - name: Ethernet27 - peer: SL-LEAF0B - peer_interface: Ethernet27 - peer_type: l2leaf description: L2_SL-LEAF0B_Ethernet27 shutdown: false channel_group: id: 27 mode: active -- name: Ethernet28 - peer: SL-MLEAF1 - peer_interface: Ethernet16 + peer: SL-LEAF0B + peer_interface: Ethernet27 peer_type: l2leaf +- name: Ethernet28 description: L2_SL-MLEAF1_Ethernet16 shutdown: false channel_group: id: 28 mode: active + peer: SL-MLEAF1 + peer_interface: Ethernet16 + peer_type: l2leaf +hostname: SL-LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: SL-LEAF1 local_interface: Vlan4094 @@ -106,7 +57,56 @@ mlag_configuration: peer_link: Port-Channel25 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel25 + description: MLAG_SL-LEAF1B_Port-Channel25 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel27 + description: L2_SL-LEAF0_Port-Channel27 + shutdown: false + mlag: 27 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +- name: Port-Channel28 + description: L2_SL-MLEAF1_Port-Channel16 + shutdown: false + mlag: 28 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.4/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1B.yml index 163185c7f42..0ca0f95ed25 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF1B.yml @@ -1,86 +1,46 @@ -hostname: SL-LEAF1B -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.5/31 -port_channel_interfaces: -- name: Port-Channel25 - description: MLAG_SL-LEAF1A_Port-Channel25 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel27 - description: L2_SL-LEAF0_Port-Channel27 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 27 ethernet_interfaces: - name: Ethernet25 - peer: SL-LEAF1A - peer_interface: Ethernet25 - peer_type: mlag_peer description: MLAG_SL-LEAF1A_Ethernet25 shutdown: false channel_group: id: 25 mode: active -- name: Ethernet26 peer: SL-LEAF1A - peer_interface: Ethernet26 + peer_interface: Ethernet25 peer_type: mlag_peer +- name: Ethernet26 description: MLAG_SL-LEAF1A_Ethernet26 shutdown: false channel_group: id: 25 mode: active + peer: SL-LEAF1A + peer_interface: Ethernet26 + peer_type: mlag_peer - name: Ethernet27 - peer: SL-LEAF0B - peer_interface: Ethernet28 - peer_type: l2leaf description: L2_SL-LEAF0B_Ethernet28 shutdown: false channel_group: id: 27 mode: active + peer: SL-LEAF0B + peer_interface: Ethernet28 + peer_type: l2leaf +hostname: SL-LEAF1B +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: SL-LEAF1 local_interface: Vlan4094 @@ -88,7 +48,47 @@ mlag_configuration: peer_link: Port-Channel25 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel25 + description: MLAG_SL-LEAF1A_Port-Channel25 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel27 + description: L2_SL-LEAF0_Port-Channel27 + shutdown: false + mlag: 27 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.5/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2A.yml index c06faf0f7c7..5e48921e93d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2A.yml @@ -1,95 +1,55 @@ -hostname: SL-LEAF2A -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.10/31 -port_channel_interfaces: -- name: Port-Channel25 - description: MLAG_SL-LEAF2B_Port-Channel25 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel41 - description: L2_SL-LEAF0_Port-Channel41 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 41 ethernet_interfaces: - name: Ethernet25 - peer: SL-LEAF2B - peer_interface: Ethernet25 - peer_type: mlag_peer description: MLAG_SL-LEAF2B_Ethernet25 shutdown: false channel_group: id: 25 mode: active -- name: Ethernet26 peer: SL-LEAF2B - peer_interface: Ethernet26 + peer_interface: Ethernet25 peer_type: mlag_peer +- name: Ethernet26 description: MLAG_SL-LEAF2B_Ethernet26 shutdown: false channel_group: id: 25 mode: active + peer: SL-LEAF2B + peer_interface: Ethernet26 + peer_type: mlag_peer - name: Ethernet41 - peer: SL-LEAF0B - peer_interface: Ethernet41 - peer_type: l2leaf description: L2_SL-LEAF0B_Ethernet41 shutdown: false channel_group: id: 41 mode: active -- name: Ethernet42 peer: SL-LEAF0B - peer_interface: Ethernet42 + peer_interface: Ethernet41 peer_type: l2leaf +- name: Ethernet42 description: L2_SL-LEAF0B_Ethernet42 shutdown: false channel_group: id: 41 mode: active + peer: SL-LEAF0B + peer_interface: Ethernet42 + peer_type: l2leaf +hostname: SL-LEAF2A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: SL-LEAF2 local_interface: Vlan4094 @@ -97,7 +57,47 @@ mlag_configuration: peer_link: Port-Channel25 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel25 + description: MLAG_SL-LEAF2B_Port-Channel25 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel41 + description: L2_SL-LEAF0_Port-Channel41 + shutdown: false + mlag: 41 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.10/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2B.yml index 3e970dc3bc4..7f6c3565c39 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-LEAF2B.yml @@ -1,95 +1,55 @@ -hostname: SL-LEAF2B -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.255.11/31 -port_channel_interfaces: -- name: Port-Channel25 - description: MLAG_SL-LEAF2A_Port-Channel25 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel41 - description: L2_SL-LEAF0_Port-Channel41 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 41 ethernet_interfaces: - name: Ethernet25 - peer: SL-LEAF2A - peer_interface: Ethernet25 - peer_type: mlag_peer description: MLAG_SL-LEAF2A_Ethernet25 shutdown: false channel_group: id: 25 mode: active -- name: Ethernet26 peer: SL-LEAF2A - peer_interface: Ethernet26 + peer_interface: Ethernet25 peer_type: mlag_peer +- name: Ethernet26 description: MLAG_SL-LEAF2A_Ethernet26 shutdown: false channel_group: id: 25 mode: active + peer: SL-LEAF2A + peer_interface: Ethernet26 + peer_type: mlag_peer - name: Ethernet41 - peer: SL-LEAF0B - peer_interface: Ethernet43 - peer_type: l2leaf description: L2_SL-LEAF0B_Ethernet43 shutdown: false channel_group: id: 41 mode: active -- name: Ethernet42 peer: SL-LEAF0B - peer_interface: Ethernet44 + peer_interface: Ethernet43 peer_type: l2leaf +- name: Ethernet42 description: L2_SL-LEAF0B_Ethernet44 shutdown: false channel_group: id: 41 mode: active + peer: SL-LEAF0B + peer_interface: Ethernet44 + peer_type: l2leaf +hostname: SL-LEAF2B +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: SL-LEAF2 local_interface: Vlan4094 @@ -97,7 +57,47 @@ mlag_configuration: peer_link: Port-Channel25 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel25 + description: MLAG_SL-LEAF2A_Port-Channel25 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel41 + description: L2_SL-LEAF0_Port-Channel41 + shutdown: false + mlag: 41 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.255.11/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-MLEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-MLEAF1.yml index f147c207a08..c6d8c14f6b3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-MLEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SL-MLEAF1.yml @@ -1,44 +1,44 @@ -hostname: SL-MLEAF1 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet16 - peer: SL-LEAF1A - peer_interface: Ethernet28 - peer_type: l2leaf description: L2_SL-LEAF1A_Ethernet28 shutdown: false channel_group: id: 16 mode: active + peer: SL-LEAF1A + peer_interface: Ethernet28 + peer_type: l2leaf +hostname: SL-MLEAF1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel16 description: L2_SL-LEAF1_Port-Channel28 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: none - shutdown: false -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_AUTOGEN_ENGINEID.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_AUTOGEN_ENGINEID.yml index 7ebd7c368f3..efadc8d6d21 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_AUTOGEN_ENGINEID.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_AUTOGEN_ENGINEID.yml @@ -1,28 +1,17 @@ -hostname: SNMP_AUTOGEN_ENGINEID -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: SNMP_AUTOGEN_ENGINEID +ip_igmp_snooping: + globally_enabled: true +is_deployed: true management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true +service_routing_protocols_model: multi-agent snmp_server: engine_ids: local: b15232eaf6bc559592706126b70a23d1b83689f0 @@ -50,5 +39,16 @@ snmp_server: - name: usertest-v2c group: usergroup version: v2c -ip_igmp_snooping: - globally_enabled: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_1.yml index 53690ec5167..f3d72686ff7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_1.yml @@ -1,25 +1,19 @@ -hostname: SNMP_SYSTEM_MAC_ENGINEID_1 -is_deployed: true -serial_number: A37383692F12C7DE733D9A9B8E2B37AE -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: SNMP_SYSTEM_MAC_ENGINEID_1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true +metadata: + system_mac_address: '42:42:42:42:42:42' +service_routing_protocols_model: multi-agent snmp_server: engine_ids: local: f5717f42424242424200 @@ -47,7 +41,13 @@ snmp_server: - name: usertest-v2c group: usergroup version: v2c -ip_igmp_snooping: - globally_enabled: true -metadata: - system_mac_address: '42:42:42:42:42:42' +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +serial_number: A37383692F12C7DE733D9A9B8E2B37AE diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_2.yml index 262db499797..ec43c93feb3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SNMP_SYSTEM_MAC_ENGINEID_2.yml @@ -1,24 +1,19 @@ -hostname: SNMP_SYSTEM_MAC_ENGINEID_2 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: SNMP_SYSTEM_MAC_ENGINEID_2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true +metadata: + system_mac_address: 12:34:56:78:90:AB +service_routing_protocols_model: multi-agent snmp_server: engine_ids: local: f5717f1234567890ab00 @@ -46,7 +41,12 @@ snmp_server: - name: usertest-v2c group: usergroup version: v2c -ip_igmp_snooping: - globally_enabled: true -metadata: - system_mac_address: 12:34:56:78:90:AB +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_1.yml index 25306ea8169..da767060082 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_1.yml @@ -1,60 +1,80 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: SVI_PROFILE_NODE_1 +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 210 + enabled: true + - id: 211 + enabled: true + - id: 212 + enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: svi_profile_tests_vrf - rd: 192.168.255.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true - ospf: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 110 tenant: svi_profile_tests @@ -192,301 +212,281 @@ router_bgp: - 10512:10512 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: svi_profile_tests_vrf + rd: 192.168.255.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true + ospf: + enabled: true +router_ospf: + process_ids: + - id: 1 + vrf: svi_profile_tests_vrf + passive_interface_default: true + router_id: 192.168.255.1 + no_passive_interfaces: + - Vlan510 + - Vlan511 + - Vlan512 + max_lsa: 15000 + redistribute: + bgp: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 10.0.0.1 -- destination_address_prefix: 10.4.10.0/24 - vrf: svi_profile_tests_vrf - name: VARP +- vrf: svi_profile_tests_vrf + destination_address_prefix: 10.4.10.0/24 interface: Vlan410 -- destination_address_prefix: 10.4.11.0/24 - vrf: svi_profile_tests_vrf name: VARP +- vrf: svi_profile_tests_vrf + destination_address_prefix: 10.4.11.0/24 interface: Vlan411 -- destination_address_prefix: 10.4.12.0/24 - vrf: svi_profile_tests_vrf name: VARP +- vrf: svi_profile_tests_vrf + destination_address_prefix: 10.4.12.0/24 interface: Vlan412 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true + name: VARP transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: svi_profile_tests_vrf - tenant: svi_profile_tests - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 110 - name: svi_profile_tests_110_description - tenant: svi_profile_tests -- id: 111 - name: svi_profile_tests_111_description - tenant: svi_profile_tests -- id: 112 - name: svi_profile_tests_112_description - tenant: svi_profile_tests -- id: 113 - name: svi_profile_tests_113_description - tenant: svi_profile_tests -- id: 114 - name: svi_profile_tests_114_description - tenant: svi_profile_tests -- id: 115 - name: svi_profile_tests_115_description - tenant: svi_profile_tests -- id: 120 - name: svi_profile_tests_120_description - tenant: svi_profile_tests -- id: 121 - name: svi_profile_tests_121_description - tenant: svi_profile_tests -- id: 210 - name: igmp_snooping_enabled_210 - tenant: svi_profile_tests -- id: 211 - name: igmp_snooping_enabled_211 - tenant: svi_profile_tests -- id: 212 - name: igmp_snooping_enabled_212 - tenant: svi_profile_tests -- id: 310 - name: vxlan_disabled_310 - tenant: svi_profile_tests -- id: 311 - name: vxlan_disabled_311 - tenant: svi_profile_tests -- id: 312 - name: vxlan_disabled_312 - tenant: svi_profile_tests -- id: 410 - name: static_routes_410 - tenant: svi_profile_tests -- id: 411 - name: static_routes_411 - tenant: svi_profile_tests -- id: 412 - name: static_routes_412 - tenant: svi_profile_tests -- id: 510 - name: ospf_enabled_510 - tenant: svi_profile_tests -- id: 511 - name: ospf_enabled_511 - tenant: svi_profile_tests -- id: 512 - name: ospf_enabled_512 - tenant: svi_profile_tests -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 210 - enabled: true - - id: 211 - enabled: true - - id: 212 - enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 vlan_interfaces: - name: Vlan110 - tenant: svi_profile_tests description: set from structured_config on svi.nodes[inventory_hostname].structured_config shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: svi_profile_tests_vrf + ip_address_virtual: 10.1.10.1/24 mtu: 1000 no_autostate: true -- name: Vlan111 tenant: svi_profile_tests +- name: Vlan111 description: set from structured_config on svi_profile.nodes[inventory_hostname].structured_config shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: svi_profile_tests_vrf + ip_address_virtual: 10.1.11.1/24 mtu: 1000 no_autostate: true -- name: Vlan112 tenant: svi_profile_tests +- name: Vlan112 description: set from structured_config on svi_parent_profile.nodes[inventory_hostname].structured_config shutdown: false - ip_address_virtual: 10.1.12.1/24 vrf: svi_profile_tests_vrf + ip_address_virtual: 10.1.12.1/24 mtu: 1200 no_autostate: true -- name: Vlan113 tenant: svi_profile_tests +- name: Vlan113 description: set from svi.structured_config shutdown: false - ip_address_virtual: 10.1.13.1/24 vrf: svi_profile_tests_vrf -- name: Vlan114 + ip_address_virtual: 10.1.13.1/24 tenant: svi_profile_tests +- name: Vlan114 description: set from structured_config on svi_profile.structured_config shutdown: false - ip_address_virtual: 10.1.14.1/24 vrf: svi_profile_tests_vrf -- name: Vlan115 + ip_address_virtual: 10.1.14.1/24 tenant: svi_profile_tests +- name: Vlan115 description: set from structured_config on svi_parent_profile.structured_config shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: svi_profile_tests_vrf -- name: Vlan120 + ip_address_virtual: 10.1.15.1/24 tenant: svi_profile_tests +- name: Vlan120 description: set from svi_profile struct_config_on_multiple_svis shutdown: true vrf: svi_profile_tests_vrf -- name: Vlan121 tenant: svi_profile_tests +- name: Vlan121 description: set from svi_profile struct_config_on_multiple_svis shutdown: true vrf: svi_profile_tests_vrf -- name: Vlan210 tenant: svi_profile_tests +- name: Vlan210 description: igmp_snooping_enabled_210 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: svi_profile_tests_vrf -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: svi_profile_tests +- name: Vlan211 description: igmp_snooping_enabled_211 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: svi_profile_tests_vrf -- name: Vlan212 + ip_address_virtual: 10.2.11.1/24 tenant: svi_profile_tests +- name: Vlan212 description: igmp_snooping_enabled_212 shutdown: false - ip_address_virtual: 10.2.12.1/24 vrf: svi_profile_tests_vrf -- name: Vlan310 + ip_address_virtual: 10.2.12.1/24 tenant: svi_profile_tests +- name: Vlan310 description: vxlan_disabled_310 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: svi_profile_tests_vrf -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: svi_profile_tests +- name: Vlan311 description: vxlan_disabled_311 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: svi_profile_tests_vrf -- name: Vlan312 + ip_address_virtual: 10.3.11.1/24 tenant: svi_profile_tests +- name: Vlan312 description: vxlan_disabled_312 shutdown: false - ip_address_virtual: 10.3.12.1/24 vrf: svi_profile_tests_vrf -- name: Vlan410 + ip_address_virtual: 10.3.12.1/24 tenant: svi_profile_tests +- name: Vlan410 description: static_routes_410 shutdown: false + vrf: svi_profile_tests_vrf ip_address: 11.4.10.1/24 ip_virtual_router_addresses: - 10.4.10.1/24 - vrf: svi_profile_tests_vrf -- name: Vlan411 tenant: svi_profile_tests +- name: Vlan411 description: static_routes_411 shutdown: false + vrf: svi_profile_tests_vrf ip_address: 11.4.11.1/24 ip_virtual_router_addresses: - 10.4.11.1/24 - vrf: svi_profile_tests_vrf -- name: Vlan412 tenant: svi_profile_tests +- name: Vlan412 description: static_routes_412 shutdown: false + vrf: svi_profile_tests_vrf ip_address: 11.4.12.1/24 ip_virtual_router_addresses: - 10.4.12.1/24 - vrf: svi_profile_tests_vrf -- name: Vlan510 tenant: svi_profile_tests +- name: Vlan510 description: ospf_enabled_510 shutdown: false - ip_address_virtual: 10.5.10.1/24 vrf: svi_profile_tests_vrf - ospf_area: 0.0.0.0 + ip_address_virtual: 10.5.10.1/24 ospf_network_point_to_point: false -- name: Vlan511 + ospf_area: 0.0.0.0 tenant: svi_profile_tests +- name: Vlan511 description: ospf_enabled_511 shutdown: false - ip_address_virtual: 10.5.11.1/24 vrf: svi_profile_tests_vrf - ospf_area: 0.0.0.0 + ip_address_virtual: 10.5.11.1/24 ospf_network_point_to_point: false -- name: Vlan512 + ospf_area: 0.0.0.0 tenant: svi_profile_tests +- name: Vlan512 description: ospf_enabled_512 shutdown: false - ip_address_virtual: 10.5.12.1/24 vrf: svi_profile_tests_vrf - ospf_area: 0.0.0.0 + ip_address_virtual: 10.5.12.1/24 ospf_network_point_to_point: false -router_ospf: - process_ids: - - id: 1 - vrf: svi_profile_tests_vrf - passive_interface_default: true - router_id: 192.168.255.1 - no_passive_interfaces: - - Vlan510 - - Vlan511 - - Vlan512 - max_lsa: 15000 - redistribute: - bgp: - enabled: true + ospf_area: 0.0.0.0 + tenant: svi_profile_tests +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 110 + name: svi_profile_tests_110_description + tenant: svi_profile_tests +- id: 111 + name: svi_profile_tests_111_description + tenant: svi_profile_tests +- id: 112 + name: svi_profile_tests_112_description + tenant: svi_profile_tests +- id: 113 + name: svi_profile_tests_113_description + tenant: svi_profile_tests +- id: 114 + name: svi_profile_tests_114_description + tenant: svi_profile_tests +- id: 115 + name: svi_profile_tests_115_description + tenant: svi_profile_tests +- id: 120 + name: svi_profile_tests_120_description + tenant: svi_profile_tests +- id: 121 + name: svi_profile_tests_121_description + tenant: svi_profile_tests +- id: 210 + name: igmp_snooping_enabled_210 + tenant: svi_profile_tests +- id: 211 + name: igmp_snooping_enabled_211 + tenant: svi_profile_tests +- id: 212 + name: igmp_snooping_enabled_212 + tenant: svi_profile_tests +- id: 310 + name: vxlan_disabled_310 + tenant: svi_profile_tests +- id: 311 + name: vxlan_disabled_311 + tenant: svi_profile_tests +- id: 312 + name: vxlan_disabled_312 + tenant: svi_profile_tests +- id: 410 + name: static_routes_410 + tenant: svi_profile_tests +- id: 411 + name: static_routes_411 + tenant: svi_profile_tests +- id: 412 + name: static_routes_412 + tenant: svi_profile_tests +- id: 510 + name: ospf_enabled_510 + tenant: svi_profile_tests +- id: 511 + name: ospf_enabled_511 + tenant: svi_profile_tests +- id: 512 + name: ospf_enabled_512 + tenant: svi_profile_tests +vrfs: +- name: MGMT + ip_routing: false +- name: svi_profile_tests_vrf + ip_routing: true + tenant: svi_profile_tests vxlan_interface: vxlan1: description: SVI_PROFILE_NODE_1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 110 vni: 10110 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_2.yml index 3f10f469faf..627d4e7437f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/SVI_PROFILE_NODE_2.yml @@ -1,42 +1,99 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: SVI_PROFILE_NODE_2 +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 210 + enabled: true + - id: 211 + enabled: true + - id: 212 + enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65002' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: svi_profile_tests_vrf + rd: 192.168.255.1:1 + route_targets: + both: + - '1:1' + redistribute_routes: + - learned + vlan: 110-115,120-121,210-212,410-412,510-512 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: svi_profile_tests_vrf rd: 192.168.255.1:1 @@ -55,310 +112,253 @@ router_bgp: enabled: true ospf: enabled: true - vlan_aware_bundles: - - name: svi_profile_tests_vrf - rd: 192.168.255.1:1 - route_targets: - both: - - '1:1' - redistribute_routes: - - learned - vlan: 110-115,120-121,210-212,410-412,510-512 +router_ospf: + process_ids: + - id: 1 + vrf: svi_profile_tests_vrf + passive_interface_default: true + router_id: 192.168.255.1 + no_passive_interfaces: + - Vlan510 + - Vlan511 + - Vlan512 + max_lsa: 15000 + redistribute: + bgp: + enabled: true +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 10.0.0.1 -- destination_address_prefix: 10.4.10.0/24 - vrf: svi_profile_tests_vrf - name: VARP +- vrf: svi_profile_tests_vrf + destination_address_prefix: 10.4.10.0/24 interface: Vlan410 -- destination_address_prefix: 10.4.11.0/24 - vrf: svi_profile_tests_vrf name: VARP +- vrf: svi_profile_tests_vrf + destination_address_prefix: 10.4.11.0/24 interface: Vlan411 -- destination_address_prefix: 10.4.12.0/24 - vrf: svi_profile_tests_vrf name: VARP +- vrf: svi_profile_tests_vrf + destination_address_prefix: 10.4.12.0/24 interface: Vlan412 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true + name: VARP transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: svi_profile_tests_vrf - tenant: svi_profile_tests - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 110 - name: svi_profile_tests_110_description - tenant: svi_profile_tests -- id: 111 - name: svi_profile_tests_111_description - tenant: svi_profile_tests -- id: 112 - name: svi_profile_tests_112_description - tenant: svi_profile_tests -- id: 113 - name: svi_profile_tests_113_description - tenant: svi_profile_tests -- id: 114 - name: svi_profile_tests_114_description - tenant: svi_profile_tests -- id: 115 - name: svi_profile_tests_115_description - tenant: svi_profile_tests -- id: 120 - name: svi_profile_tests_120_description - tenant: svi_profile_tests -- id: 121 - name: svi_profile_tests_121_description - tenant: svi_profile_tests -- id: 210 - name: igmp_snooping_enabled_210 - tenant: svi_profile_tests -- id: 211 - name: igmp_snooping_enabled_211 - tenant: svi_profile_tests -- id: 212 - name: igmp_snooping_enabled_212 - tenant: svi_profile_tests -- id: 310 - name: vxlan_disabled_310 - tenant: svi_profile_tests -- id: 311 - name: vxlan_disabled_311 - tenant: svi_profile_tests -- id: 312 - name: vxlan_disabled_312 - tenant: svi_profile_tests -- id: 410 - name: static_routes_410 - tenant: svi_profile_tests -- id: 411 - name: static_routes_411 - tenant: svi_profile_tests -- id: 412 - name: static_routes_412 - tenant: svi_profile_tests -- id: 510 - name: ospf_enabled_510 - tenant: svi_profile_tests -- id: 511 - name: ospf_enabled_511 - tenant: svi_profile_tests -- id: 512 - name: ospf_enabled_512 - tenant: svi_profile_tests -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 210 - enabled: true - - id: 211 - enabled: true - - id: 212 - enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 vlan_interfaces: - name: Vlan110 - tenant: svi_profile_tests description: set from structured_config on svi.nodes[inventory_hostname].structured_config shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: svi_profile_tests_vrf + ip_address_virtual: 10.1.10.1/24 mtu: 1000 no_autostate: true -- name: Vlan111 tenant: svi_profile_tests +- name: Vlan111 description: set from structured_config on svi_profile.nodes[inventory_hostname].structured_config shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: svi_profile_tests_vrf + ip_address_virtual: 10.1.11.1/24 mtu: 1000 no_autostate: true -- name: Vlan112 tenant: svi_profile_tests +- name: Vlan112 description: set from structured_config on svi_parent_profile.nodes[inventory_hostname].structured_config shutdown: false - ip_address_virtual: 10.1.12.1/24 vrf: svi_profile_tests_vrf + ip_address_virtual: 10.1.12.1/24 mtu: 1200 no_autostate: true -- name: Vlan113 tenant: svi_profile_tests +- name: Vlan113 description: set from svi.structured_config shutdown: false - ip_address_virtual: 10.1.13.1/24 vrf: svi_profile_tests_vrf -- name: Vlan114 + ip_address_virtual: 10.1.13.1/24 tenant: svi_profile_tests +- name: Vlan114 description: set from structured_config on svi_profile.structured_config shutdown: false - ip_address_virtual: 10.1.14.1/24 vrf: svi_profile_tests_vrf -- name: Vlan115 + ip_address_virtual: 10.1.14.1/24 tenant: svi_profile_tests +- name: Vlan115 description: set from structured_config on svi_parent_profile.structured_config shutdown: false - ip_address_virtual: 10.1.15.1/24 vrf: svi_profile_tests_vrf -- name: Vlan120 + ip_address_virtual: 10.1.15.1/24 tenant: svi_profile_tests +- name: Vlan120 description: set from svi_profile struct_config_on_multiple_svis shutdown: true vrf: svi_profile_tests_vrf -- name: Vlan121 tenant: svi_profile_tests +- name: Vlan121 description: set from svi_profile struct_config_on_multiple_svis shutdown: true vrf: svi_profile_tests_vrf -- name: Vlan210 tenant: svi_profile_tests +- name: Vlan210 description: igmp_snooping_enabled_210 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: svi_profile_tests_vrf -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: svi_profile_tests +- name: Vlan211 description: igmp_snooping_enabled_211 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: svi_profile_tests_vrf -- name: Vlan212 + ip_address_virtual: 10.2.11.1/24 tenant: svi_profile_tests +- name: Vlan212 description: igmp_snooping_enabled_212 shutdown: false - ip_address_virtual: 10.2.12.1/24 vrf: svi_profile_tests_vrf -- name: Vlan310 + ip_address_virtual: 10.2.12.1/24 tenant: svi_profile_tests +- name: Vlan310 description: vxlan_disabled_310 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: svi_profile_tests_vrf -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: svi_profile_tests +- name: Vlan311 description: vxlan_disabled_311 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: svi_profile_tests_vrf -- name: Vlan312 + ip_address_virtual: 10.3.11.1/24 tenant: svi_profile_tests +- name: Vlan312 description: vxlan_disabled_312 shutdown: false - ip_address_virtual: 10.3.12.1/24 vrf: svi_profile_tests_vrf -- name: Vlan410 + ip_address_virtual: 10.3.12.1/24 tenant: svi_profile_tests +- name: Vlan410 description: static_routes_410 shutdown: false + vrf: svi_profile_tests_vrf ip_address: 11.4.10.2/24 ip_virtual_router_addresses: - 10.4.10.1/24 - vrf: svi_profile_tests_vrf -- name: Vlan411 tenant: svi_profile_tests +- name: Vlan411 description: static_routes_411 shutdown: false + vrf: svi_profile_tests_vrf ip_address: 11.4.11.2/24 ip_virtual_router_addresses: - 10.4.11.1/24 - vrf: svi_profile_tests_vrf -- name: Vlan412 tenant: svi_profile_tests +- name: Vlan412 description: static_routes_412 shutdown: false + vrf: svi_profile_tests_vrf ip_address: 11.4.12.2/24 ip_virtual_router_addresses: - 10.4.12.1/24 - vrf: svi_profile_tests_vrf -- name: Vlan510 tenant: svi_profile_tests +- name: Vlan510 description: ospf_enabled_510 shutdown: false - ip_address_virtual: 10.5.10.1/24 vrf: svi_profile_tests_vrf - ospf_area: 0.0.0.0 + ip_address_virtual: 10.5.10.1/24 ospf_network_point_to_point: false -- name: Vlan511 + ospf_area: 0.0.0.0 tenant: svi_profile_tests +- name: Vlan511 description: ospf_enabled_511 shutdown: false - ip_address_virtual: 10.5.11.1/24 vrf: svi_profile_tests_vrf - ospf_area: 0.0.0.0 + ip_address_virtual: 10.5.11.1/24 ospf_network_point_to_point: false -- name: Vlan512 + ospf_area: 0.0.0.0 tenant: svi_profile_tests +- name: Vlan512 description: ospf_enabled_512 shutdown: false - ip_address_virtual: 10.5.12.1/24 vrf: svi_profile_tests_vrf - ospf_area: 0.0.0.0 + ip_address_virtual: 10.5.12.1/24 ospf_network_point_to_point: false -router_ospf: - process_ids: - - id: 1 - vrf: svi_profile_tests_vrf - passive_interface_default: true - router_id: 192.168.255.1 - no_passive_interfaces: - - Vlan510 - - Vlan511 - - Vlan512 - max_lsa: 15000 - redistribute: - bgp: - enabled: true + ospf_area: 0.0.0.0 + tenant: svi_profile_tests +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 110 + name: svi_profile_tests_110_description + tenant: svi_profile_tests +- id: 111 + name: svi_profile_tests_111_description + tenant: svi_profile_tests +- id: 112 + name: svi_profile_tests_112_description + tenant: svi_profile_tests +- id: 113 + name: svi_profile_tests_113_description + tenant: svi_profile_tests +- id: 114 + name: svi_profile_tests_114_description + tenant: svi_profile_tests +- id: 115 + name: svi_profile_tests_115_description + tenant: svi_profile_tests +- id: 120 + name: svi_profile_tests_120_description + tenant: svi_profile_tests +- id: 121 + name: svi_profile_tests_121_description + tenant: svi_profile_tests +- id: 210 + name: igmp_snooping_enabled_210 + tenant: svi_profile_tests +- id: 211 + name: igmp_snooping_enabled_211 + tenant: svi_profile_tests +- id: 212 + name: igmp_snooping_enabled_212 + tenant: svi_profile_tests +- id: 310 + name: vxlan_disabled_310 + tenant: svi_profile_tests +- id: 311 + name: vxlan_disabled_311 + tenant: svi_profile_tests +- id: 312 + name: vxlan_disabled_312 + tenant: svi_profile_tests +- id: 410 + name: static_routes_410 + tenant: svi_profile_tests +- id: 411 + name: static_routes_411 + tenant: svi_profile_tests +- id: 412 + name: static_routes_412 + tenant: svi_profile_tests +- id: 510 + name: ospf_enabled_510 + tenant: svi_profile_tests +- id: 511 + name: ospf_enabled_511 + tenant: svi_profile_tests +- id: 512 + name: ospf_enabled_512 + tenant: svi_profile_tests +vrfs: +- name: MGMT + ip_routing: false +- name: svi_profile_tests_vrf + ip_routing: true + tenant: svi_profile_tests vxlan_interface: vxlan1: description: SVI_PROFILE_NODE_2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 110 vni: 10110 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/TEST-MGMT-GATEWAY-IN-NODE-GROUP.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/TEST-MGMT-GATEWAY-IN-NODE-GROUP.yml index 36629b20451..a2c3f73a43f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/TEST-MGMT-GATEWAY-IN-NODE-GROUP.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/TEST-MGMT-GATEWAY-IN-NODE-GROUP.yml @@ -1,43 +1,43 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: TEST-MGMT-GATEWAY-IN-NODE-GROUP -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.201.254 +ip_igmp_snooping: + globally_enabled: true ipv6_static_routes: - vrf: MGMT destination_address_prefix: ::/0 gateway: 2001:db8::2 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.202/24 + ipv6_enable: true + ipv6_address: 2001:db8::105/64 + type: oob + gateway: 192.168.201.254 + ipv6_gateway: 2001:db8::2 service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.201.254 +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false ipv6_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.202/24 - gateway: 192.168.201.254 - type: oob - ipv6_enable: true - ipv6_address: 2001:db8::105/64 - ipv6_gateway: 2001:db8::2 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L2LEAF1A.yml index 414f3570fa7..9bbc2352b15 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L2LEAF1A.yml @@ -1,56 +1,56 @@ -hostname: UNDERLAY-MULTICAST-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: UNDERLAY-MULTICAST-L3LEAF1A - peer_interface: Ethernet6 - peer_type: l3leaf description: L2_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet6 shutdown: false channel_group: id: 1 mode: active + peer: UNDERLAY-MULTICAST-L3LEAF1A + peer_interface: Ethernet6 + peer_type: l3leaf +hostname: UNDERLAY-MULTICAST-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_LEAF1_Port-Channel6 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: none - shutdown: false -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1A.yml index 6b4f1a56f9e..5ff3f6a1898 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1A.yml @@ -1,234 +1,64 @@ -hostname: UNDERLAY-MULTICAST-L3LEAF1A -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: UNDERLAY-MULTICAST-L3LEAF1B - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: UNDERLAY-MULTICAST-L3LEAF1B - description: UNDERLAY-MULTICAST-L3LEAF1B_Vlan4093 - - ip_address: 172.31.255.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Ethernet1 - - ip_address: 172.31.255.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Ethernet1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.0/31 - pim: - ipv4: - sparse_mode: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UNDERLAY-MULTICAST-L3LEAF1B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel6 - description: L2_UNDERLAY-MULTICAST-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false ethernet_interfaces: - name: Ethernet3 - peer: UNDERLAY-MULTICAST-L3LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UNDERLAY-MULTICAST-L3LEAF1B_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UNDERLAY-MULTICAST-L3LEAF1B - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UNDERLAY-MULTICAST-L3LEAF1B_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UNDERLAY-MULTICAST-L3LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UNDERLAY-MULTICAST-SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_UNDERLAY-MULTICAST-SPINE1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.31.255.1/31 pim: ipv4: sparse_mode: true -- name: Ethernet2 - peer: UNDERLAY-MULTICAST-SPINE2 + peer: UNDERLAY-MULTICAST-SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_UNDERLAY-MULTICAST-SPINE2_Ethernet1 shutdown: false mtu: 9214 + ip_address: 172.31.255.3/31 + peer: UNDERLAY-MULTICAST-SPINE2 + peer_interface: Ethernet1 + peer_type: spine switchport: enabled: false - ip_address: 172.31.255.3/31 - name: Ethernet6 - peer: UNDERLAY-MULTICAST-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_UNDERLAY-MULTICAST-L2LEAF1A_Ethernet1 shutdown: false channel_group: id: 6 mode: active -mlag_configuration: - domain_id: DC1_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.252.1 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 40 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-PIM-RP + peer: UNDERLAY-MULTICAST-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: UNDERLAY-MULTICAST-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -244,6 +74,45 @@ loopback_interfaces: - name: Loopback4 description: PIM RP ip_address: 192.168.200.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.252.1 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UNDERLAY-MULTICAST-L3LEAF1B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel6 + description: L2_UNDERLAY-MULTICAST-L2LEAF1A_Port-Channel1 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -257,6 +126,104 @@ prefix_lists: action: permit 192.168.200.3/32 - sequence: 20 action: permit 192.168.200.4/32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 40 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-PIM-RP +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65101' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: UNDERLAY-MULTICAST-L3LEAF1B + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: UNDERLAY-MULTICAST-L3LEAF1B + description: UNDERLAY-MULTICAST-L3LEAF1B_Vlan4093 + - ip_address: 172.31.255.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Ethernet1 + - ip_address: 172.31.255.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Ethernet1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +router_multicast: + ipv4: + routing: true router_pim_sparse_mode: ipv4: rp_addresses: @@ -280,6 +247,9 @@ router_pim_sparse_mode: other_anycast_rp_addresses: - address: 192.168.255.3 - address: 192.168.255.4 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 standard_access_lists: - name: RP_ACL_2 sequence_numbers: @@ -297,19 +267,49 @@ standard_access_lists: sequence_numbers: - sequence: 10 action: permit 239.255.5.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.0/31 + pim: + ipv4: + sparse_mode: true + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UNDERLAY-MULTICAST-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1B.yml index e1eacb97f84..487d370653f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF1B.yml @@ -1,192 +1,81 @@ -hostname: UNDERLAY-MULTICAST-L3LEAF1B -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: UNDERLAY-MULTICAST-L3LEAF1A - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: UNDERLAY-MULTICAST-L3LEAF1A - description: UNDERLAY-MULTICAST-L3LEAF1A_Vlan4093 - - ip_address: 172.31.255.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Ethernet2 - - ip_address: 172.31.255.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Ethernet2 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.1/31 - pim: - ipv4: - sparse_mode: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UNDERLAY-MULTICAST-L3LEAF1A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet3 - peer: UNDERLAY-MULTICAST-L3LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UNDERLAY-MULTICAST-L3LEAF1A - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UNDERLAY-MULTICAST-L3LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UNDERLAY-MULTICAST-SPINE1 - peer_interface: Ethernet2 - peer_type: spine description: P2P_UNDERLAY-MULTICAST-SPINE1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.31.255.5/31 pim: ipv4: sparse_mode: true -- name: Ethernet2 - peer: UNDERLAY-MULTICAST-SPINE2 + peer: UNDERLAY-MULTICAST-SPINE1 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_UNDERLAY-MULTICAST-SPINE2_Ethernet2 shutdown: false mtu: 9214 + ip_address: 172.31.255.7/31 + peer: UNDERLAY-MULTICAST-SPINE2 + peer_interface: Ethernet2 + peer_type: spine switchport: enabled: false - ip_address: 172.31.255.7/31 +hostname: UNDERLAY-MULTICAST-L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.3/32 +- name: Loopback4 + description: PIM RP + ip_address: 192.168.200.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: DC1_LEAF1 local_interface: Vlan4094 @@ -194,14 +83,35 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UNDERLAY-MULTICAST-L3LEAF1A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-LOOPBACKS-PIM-RP + sequence_numbers: + - sequence: 10 + action: permit 192.168.200.4/32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -212,29 +122,86 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-PIM-RP -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.3/32 -- name: Loopback4 - description: PIM RP - ip_address: 192.168.200.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-LOOPBACKS-PIM-RP - sequence_numbers: - - sequence: 10 - action: permit 192.168.200.4/32 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65101' + router_id: 192.168.255.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: UNDERLAY-MULTICAST-L3LEAF1A + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: UNDERLAY-MULTICAST-L3LEAF1A + description: UNDERLAY-MULTICAST-L3LEAF1A_Vlan4093 + - ip_address: 172.31.255.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Ethernet2 + - ip_address: 172.31.255.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Ethernet2 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +router_multicast: + ipv4: + routing: true router_pim_sparse_mode: ipv4: rp_addresses: @@ -258,6 +225,9 @@ router_pim_sparse_mode: other_anycast_rp_addresses: - address: 192.168.255.3 - address: 192.168.255.4 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 standard_access_lists: - name: RP_ACL_2 sequence_numbers: @@ -275,19 +245,49 @@ standard_access_lists: sequence_numbers: - sequence: 10 action: permit 239.255.5.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.1/31 + pim: + ipv4: + sparse_mode: true + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UNDERLAY-MULTICAST-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2A.yml index 914461ab807..a603a39b8ed 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2A.yml @@ -1,182 +1,81 @@ -hostname: UNDERLAY-MULTICAST-L3LEAF2A -is_deployed: true -router_bgp: - as: '65102' - router_id: 192.168.255.5 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65102' - next_hop_self: true - description: UNDERLAY-MULTICAST-L3LEAF2B - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.252.5 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: UNDERLAY-MULTICAST-L3LEAF2B - description: UNDERLAY-MULTICAST-L3LEAF2B_Vlan4094 - - ip_address: 172.31.255.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Ethernet3 - - ip_address: 172.31.255.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Ethernet3 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.4/31 - pim: - ipv4: - sparse_mode: true -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UNDERLAY-MULTICAST-L3LEAF2B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet3 - peer: UNDERLAY-MULTICAST-L3LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UNDERLAY-MULTICAST-L3LEAF2B_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UNDERLAY-MULTICAST-L3LEAF2B - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UNDERLAY-MULTICAST-L3LEAF2B_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UNDERLAY-MULTICAST-L3LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UNDERLAY-MULTICAST-SPINE1 - peer_interface: Ethernet3 - peer_type: spine description: P2P_UNDERLAY-MULTICAST-SPINE1_Ethernet3 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.31.255.9/31 pim: ipv4: sparse_mode: true -- name: Ethernet2 - peer: UNDERLAY-MULTICAST-SPINE2 + peer: UNDERLAY-MULTICAST-SPINE1 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_UNDERLAY-MULTICAST-SPINE2_Ethernet3 shutdown: false mtu: 9214 + ip_address: 172.31.255.11/31 + peer: UNDERLAY-MULTICAST-SPINE2 + peer_interface: Ethernet3 + peer_type: spine switchport: enabled: false - ip_address: 172.31.255.11/31 +hostname: UNDERLAY-MULTICAST-L3LEAF2A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.5/32 +- name: Loopback5 + description: PIM RP + ip_address: 192.168.200.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: DC1_LEAF2 local_interface: Vlan4094 @@ -184,14 +83,35 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UNDERLAY-MULTICAST-L3LEAF2B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-LOOPBACKS-PIM-RP + sequence_numbers: + - sequence: 10 + action: permit 192.168.200.5/32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -202,29 +122,83 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-PIM-RP -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.5/32 -- name: Loopback5 - description: PIM RP - ip_address: 192.168.200.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-LOOPBACKS-PIM-RP - sequence_numbers: - - sequence: 10 - action: permit 192.168.200.5/32 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65102' + router_id: 192.168.255.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65102' + description: UNDERLAY-MULTICAST-L3LEAF2B + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.252.5 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: UNDERLAY-MULTICAST-L3LEAF2B + description: UNDERLAY-MULTICAST-L3LEAF2B_Vlan4094 + - ip_address: 172.31.255.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Ethernet3 + - ip_address: 172.31.255.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Ethernet3 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false router_msdp: originator_id_local_interface: Loopback0 peers: @@ -233,6 +207,9 @@ router_msdp: description: UNDERLAY-MULTICAST-L3LEAF2B mesh_groups: - name: ANYCAST-RP +router_multicast: + ipv4: + routing: true router_pim_sparse_mode: ipv4: rp_addresses: @@ -251,6 +228,9 @@ router_pim_sparse_mode: - address: 192.168.200.5 access_lists: - RP_ACL_5 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' standard_access_lists: - name: RP_ACL_2 sequence_numbers: @@ -268,19 +248,39 @@ standard_access_lists: sequence_numbers: - sequence: 10 action: permit 239.255.5.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.4/31 + pim: + ipv4: + sparse_mode: true + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UNDERLAY-MULTICAST-L3LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2B.yml index d9b35022561..579b79e4f01 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-L3LEAF2B.yml @@ -1,182 +1,81 @@ -hostname: UNDERLAY-MULTICAST-L3LEAF2B -is_deployed: true -router_bgp: - as: '65102' - router_id: 192.168.255.6 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65102' - next_hop_self: true - description: UNDERLAY-MULTICAST-L3LEAF2A - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.252.4 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: UNDERLAY-MULTICAST-L3LEAF2A - description: UNDERLAY-MULTICAST-L3LEAF2A_Vlan4094 - - ip_address: 172.31.255.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Ethernet4 - - ip_address: 172.31.255.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Ethernet4 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE1 - description: UNDERLAY-MULTICAST-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: UNDERLAY-MULTICAST-SPINE2 - description: UNDERLAY-MULTICAST-SPINE2_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.5/31 - pim: - ipv4: - sparse_mode: true -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UNDERLAY-MULTICAST-L3LEAF2A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet3 - peer: UNDERLAY-MULTICAST-L3LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UNDERLAY-MULTICAST-L3LEAF2A_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UNDERLAY-MULTICAST-L3LEAF2A - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UNDERLAY-MULTICAST-L3LEAF2A_Ethernet4 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet1 - peer: UNDERLAY-MULTICAST-SPINE1 + peer: UNDERLAY-MULTICAST-L3LEAF2A peer_interface: Ethernet4 - peer_type: spine + peer_type: mlag_peer +- name: Ethernet1 description: P2P_UNDERLAY-MULTICAST-SPINE1_Ethernet4 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.31.255.13/31 pim: ipv4: sparse_mode: true -- name: Ethernet2 - peer: UNDERLAY-MULTICAST-SPINE2 + peer: UNDERLAY-MULTICAST-SPINE1 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_UNDERLAY-MULTICAST-SPINE2_Ethernet4 shutdown: false mtu: 9214 + ip_address: 172.31.255.15/31 + peer: UNDERLAY-MULTICAST-SPINE2 + peer_interface: Ethernet4 + peer_type: spine switchport: enabled: false - ip_address: 172.31.255.15/31 +hostname: UNDERLAY-MULTICAST-L3LEAF2B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.5/32 +- name: Loopback5 + description: PIM RP + ip_address: 192.168.200.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: DC1_LEAF2 local_interface: Vlan4094 @@ -184,14 +83,35 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UNDERLAY-MULTICAST-L3LEAF2A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-LOOPBACKS-PIM-RP + sequence_numbers: + - sequence: 10 + action: permit 192.168.200.5/32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -202,29 +122,83 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-PIM-RP -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.5/32 -- name: Loopback5 - description: PIM RP - ip_address: 192.168.200.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-LOOPBACKS-PIM-RP - sequence_numbers: - - sequence: 10 - action: permit 192.168.200.5/32 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65102' + router_id: 192.168.255.6 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65102' + description: UNDERLAY-MULTICAST-L3LEAF2A + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.252.4 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: UNDERLAY-MULTICAST-L3LEAF2A + description: UNDERLAY-MULTICAST-L3LEAF2A_Vlan4094 + - ip_address: 172.31.255.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Ethernet4 + - ip_address: 172.31.255.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Ethernet4 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE1 + description: UNDERLAY-MULTICAST-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY-MULTICAST-SPINE2 + description: UNDERLAY-MULTICAST-SPINE2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false router_msdp: originator_id_local_interface: Loopback0 peers: @@ -233,6 +207,9 @@ router_msdp: description: UNDERLAY-MULTICAST-L3LEAF2A mesh_groups: - name: ANYCAST-RP +router_multicast: + ipv4: + routing: true router_pim_sparse_mode: ipv4: rp_addresses: @@ -251,6 +228,9 @@ router_pim_sparse_mode: - address: 192.168.200.5 access_lists: - RP_ACL_5 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' standard_access_lists: - name: RP_ACL_2 sequence_numbers: @@ -268,19 +248,39 @@ standard_access_lists: sequence_numbers: - sequence: 10 action: permit 239.255.5.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.5/31 + pim: + ipv4: + sparse_mode: true + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UNDERLAY-MULTICAST-L3LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE1.yml index 082a6cf7d23..3465a656172 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE1.yml @@ -1,39 +1,124 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.0/31 + pim: + ipv4: + sparse_mode: true + peer: UNDERLAY-MULTICAST-L3LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_UNDERLAY-MULTICAST-L3LEAF1B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.4/31 + pim: + ipv4: + sparse_mode: true + peer: UNDERLAY-MULTICAST-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_UNDERLAY-MULTICAST-L3LEAF2A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.8/31 + pim: + ipv4: + sparse_mode: true + peer: UNDERLAY-MULTICAST-L3LEAF2A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_UNDERLAY-MULTICAST-L3LEAF2B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.12/31 + pim: + ipv4: + sparse_mode: true + peer: UNDERLAY-MULTICAST-L3LEAF2B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: UNDERLAY-MULTICAST-SPINE1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -57,135 +142,41 @@ router_bgp: description: UNDERLAY-MULTICAST-L3LEAF2B_Ethernet1 - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: UNDERLAY-MULTICAST-L3LEAF1A description: UNDERLAY-MULTICAST-L3LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: UNDERLAY-MULTICAST-L3LEAF1B description: UNDERLAY-MULTICAST-L3LEAF1B_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: UNDERLAY-MULTICAST-L3LEAF2A description: UNDERLAY-MULTICAST-L3LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: UNDERLAY-MULTICAST-L3LEAF2B description: UNDERLAY-MULTICAST-L3LEAF2B_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false router_multicast: ipv4: routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: UNDERLAY-MULTICAST-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.0/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet2 - peer: UNDERLAY-MULTICAST-L3LEAF1B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF1B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.4/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet3 - peer: UNDERLAY-MULTICAST-L3LEAF2A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF2A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.8/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet4 - peer: UNDERLAY-MULTICAST-L3LEAF2B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF2B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.12/31 - pim: - ipv4: - sparse_mode: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY router_pim_sparse_mode: ipv4: rp_addresses: @@ -204,6 +195,9 @@ router_pim_sparse_mode: - address: 192.168.200.5 access_lists: - RP_ACL_5 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none standard_access_lists: - name: RP_ACL_2 sequence_numbers: @@ -221,10 +215,16 @@ standard_access_lists: sequence_numbers: - sequence: 10 action: permit 239.255.5.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE2.yml index aa2e7b76f57..8e3855fbfdd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY-MULTICAST-SPINE2.yml @@ -1,39 +1,112 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.2/31 + peer: UNDERLAY-MULTICAST-L3LEAF1A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_UNDERLAY-MULTICAST-L3LEAF1B_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.6/31 + peer: UNDERLAY-MULTICAST-L3LEAF1B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_UNDERLAY-MULTICAST-L3LEAF2A_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.10/31 + peer: UNDERLAY-MULTICAST-L3LEAF2A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_UNDERLAY-MULTICAST-L3LEAF2B_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.14/31 + peer: UNDERLAY-MULTICAST-L3LEAF2B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: UNDERLAY-MULTICAST-SPINE2 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.3 peer_group: IPv4-UNDERLAY-PEERS @@ -57,124 +130,51 @@ router_bgp: description: UNDERLAY-MULTICAST-L3LEAF2B_Ethernet2 - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: UNDERLAY-MULTICAST-L3LEAF1A description: UNDERLAY-MULTICAST-L3LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: UNDERLAY-MULTICAST-L3LEAF1B description: UNDERLAY-MULTICAST-L3LEAF1B_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: UNDERLAY-MULTICAST-L3LEAF2A description: UNDERLAY-MULTICAST-L3LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: UNDERLAY-MULTICAST-L3LEAF2B description: UNDERLAY-MULTICAST-L3LEAF2B_Loopback0 - remote_as: '65102' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: UNDERLAY-MULTICAST-L3LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF1A_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.2/31 -- name: Ethernet2 - peer: UNDERLAY-MULTICAST-L3LEAF1B - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF1B_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.6/31 -- name: Ethernet3 - peer: UNDERLAY-MULTICAST-L3LEAF2A - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF2A_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.10/31 -- name: Ethernet4 - peer: UNDERLAY-MULTICAST-L3LEAF2B - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_UNDERLAY-MULTICAST-L3LEAF2B_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.14/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_L3LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_L3LEAF1.yml index 78bfa16f5e5..79d5b53e69a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_L3LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_L3LEAF1.yml @@ -1,82 +1,35 @@ -hostname: UNDERLAY_FILTER_PEER_AS_L3LEAF1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: UNDERLAY_FILTER_PEER_AS_SPINE1 - description: UNDERLAY_FILTER_PEER_AS_SPINE1_Ethernet1 - route_map_out: RM-BGP-AS65000-OUT - - ip_address: 192.168.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: UNDERLAY_FILTER_PEER_AS_SPINE2 - description: UNDERLAY_FILTER_PEER_AS_SPINE2_Ethernet1 - route_map_out: RM-BGP-AS65000-OUT -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: UNDERLAY_FILTER_PEER_AS_SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_UNDERLAY_FILTER_PEER_AS_SPINE1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 192.168.0.1/31 -- name: Ethernet2 - peer: UNDERLAY_FILTER_PEER_AS_SPINE2 + peer: UNDERLAY_FILTER_PEER_AS_SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_UNDERLAY_FILTER_PEER_AS_SPINE2_Ethernet1 shutdown: false mtu: 9214 + ip_address: 192.168.0.3/31 + peer: UNDERLAY_FILTER_PEER_AS_SPINE2 + peer_interface: Ethernet1 + peer_type: spine switchport: enabled: false - ip_address: 192.168.0.3/31 +hostname: UNDERLAY_FILTER_PEER_AS_L3LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -86,6 +39,10 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT route_maps: - name: RM-BGP-AS65000-OUT sequence_numbers: @@ -95,12 +52,55 @@ route_maps: - as 65000 - sequence: 20 type: permit -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 +router_bgp: + as: '65001' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 192.168.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: UNDERLAY_FILTER_PEER_AS_SPINE1 + description: UNDERLAY_FILTER_PEER_AS_SPINE1_Ethernet1 + route_map_out: RM-BGP-AS65000-OUT + - ip_address: 192.168.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: UNDERLAY_FILTER_PEER_AS_SPINE2 + description: UNDERLAY_FILTER_PEER_AS_SPINE2_Ethernet1 + route_map_out: RM-BGP-AS65000-OUT + redistribute: + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UNDERLAY_FILTER_PEER_AS_L3LEAF1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE1.yml index 5f3927c2536..02c8a03ec37 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE1.yml @@ -1,74 +1,31 @@ -hostname: UNDERLAY_FILTER_PEER_AS_SPINE1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.0.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 - description: UNDERLAY_FILTER_PEER_AS_L3LEAF1_Ethernet1 - route_map_out: RM-BGP-AS65001-OUT -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_UNDERLAY_FILTER_PEER_AS_L3LEAF1_Ethernet1 shutdown: false mtu: 9214 + ip_address: 192.168.0.0/31 + peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ip_address: 192.168.0.0/31 +hostname: UNDERLAY_FILTER_PEER_AS_SPINE1 +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -89,3 +46,46 @@ route_maps: - as 65001 - sequence: 20 type: permit +router_bgp: + as: '65000' + router_id: 192.168.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 192.168.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 + description: UNDERLAY_FILTER_PEER_AS_L3LEAF1_Ethernet1 + route_map_out: RM-BGP-AS65001-OUT + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE2.yml index ace041fc062..461d0b2ac80 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UNDERLAY_FILTER_PEER_AS_SPINE2.yml @@ -1,74 +1,31 @@ -hostname: UNDERLAY_FILTER_PEER_AS_SPINE2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.0.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 - description: UNDERLAY_FILTER_PEER_AS_L3LEAF1_Ethernet2 - route_map_out: RM-BGP-AS65001-OUT -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_UNDERLAY_FILTER_PEER_AS_L3LEAF1_Ethernet2 shutdown: false mtu: 9214 + ip_address: 192.168.0.2/31 + peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 + peer_interface: Ethernet2 + peer_type: l3leaf switchport: enabled: false - ip_address: 192.168.0.2/31 +hostname: UNDERLAY_FILTER_PEER_AS_SPINE2 +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -89,3 +46,46 @@ route_maps: - as 65001 - sequence: 20 type: permit +router_bgp: + as: '65000' + router_id: 192.168.255.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 192.168.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UNDERLAY_FILTER_PEER_AS_L3LEAF1 + description: UNDERLAY_FILTER_PEER_AS_L3LEAF1_Ethernet2 + route_map_out: RM-BGP-AS65001-OUT + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A.yml index 9bc4ccf2df7..d46267a9e34 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A.yml @@ -1,123 +1,63 @@ -hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.201/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - native_vlan_tag: true - shutdown: false - storm_control: - broadcast: - level: '25' - unknown_unicast: - level: '25' -- name: Port-Channel1 - description: L2_DC1_LEAF1_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - native_vlan_tag: true - shutdown: false - mlag: 1 - storm_control: - broadcast: - level: '25' - unknown_unicast: - level: '25' ethernet_interfaces: - name: Ethernet3 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - peer_interface: Ethernet5 - peer_type: l3leaf description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Ethernet5 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A peer_interface: Ethernet5 peer_type: l3leaf +- name: Ethernet2 description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet5 shutdown: false channel_group: id: 1 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + peer_interface: Ethernet5 + peer_type: l3leaf +hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.201/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1 local_interface: Vlan4094 @@ -125,7 +65,67 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B_Port-Channel3 + shutdown: false + storm_control: + broadcast: + level: '25' + unknown_unicast: + level: '25' + switchport: + enabled: true + mode: trunk + trunk: + native_vlan_tag: true + groups: + - MLAG +- name: Port-Channel1 + description: L2_DC1_LEAF1_Port-Channel5 + shutdown: false + mlag: 1 + storm_control: + broadcast: + level: '25' + unknown_unicast: + level: '25' + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none + native_vlan_tag: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B.yml index 9a09fc08288..1d3ec561815 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B.yml @@ -1,123 +1,63 @@ -hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.201.201/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - native_vlan_tag: true - shutdown: false - storm_control: - broadcast: - level: '25' - unknown_unicast: - level: '25' -- name: Port-Channel1 - description: L2_DC1_LEAF1_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - native_vlan_tag: true - shutdown: false - mlag: 1 - storm_control: - broadcast: - level: '25' - unknown_unicast: - level: '25' ethernet_interfaces: - name: Ethernet3 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - peer_interface: Ethernet6 - peer_type: l3leaf description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Ethernet6 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A peer_interface: Ethernet6 peer_type: l3leaf +- name: Ethernet2 description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet6 shutdown: false channel_group: id: 1 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + peer_interface: Ethernet6 + peer_type: l3leaf +hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.201.201/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1 local_interface: Vlan4094 @@ -125,7 +65,67 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A_Port-Channel3 + shutdown: false + storm_control: + broadcast: + level: '25' + unknown_unicast: + level: '25' + switchport: + enabled: true + mode: trunk + trunk: + native_vlan_tag: true + groups: + - MLAG +- name: Port-Channel1 + description: L2_DC1_LEAF1_Port-Channel5 + shutdown: false + mlag: 1 + storm_control: + broadcast: + level: '25' + unknown_unicast: + level: '25' + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none + native_vlan_tag: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A.yml index c0e14c72d9a..da71efbd535 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A.yml @@ -1,206 +1,86 @@ -hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B - description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Vlan4093 - - ip_address: 172.31.255.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 - description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Ethernet1 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 - description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.0/31 - pim: - ipv4: - sparse_mode: true -- name: Vlan4094 - description: mlag_peer_vlan_structured_config_override - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel5 - description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - native_vlan_tag: true - shutdown: false - mlag: 5 - storm_control: - broadcast: - level: '25' - unknown_unicast: - level: '25' ethernet_interfaces: - name: Ethernet3 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.31.255.1/31 pim: ipv4: sparse_mode: true -- name: Ethernet5 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A + peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 peer_interface: Ethernet1 - peer_type: l2leaf + peer_type: spine + switchport: + enabled: false +- name: Ethernet5 description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A_Ethernet1 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet6 description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B_Ethernet1 shutdown: false channel_group: id: 5 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: DC1_LEAF1 local_interface: Vlan4094 @@ -208,49 +88,169 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel5 + description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1_Port-Channel1 + shutdown: false + mlag: 5 + storm_control: + broadcast: + level: '25' + unknown_unicast: + level: '25' + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none + native_vlan_tag: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +router_bgp: + as: '65101' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Vlan4093 + - ip_address: 172.31.255.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 + description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Ethernet1 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 + description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.0/31 + pim: + ipv4: + sparse_mode: true + mtu: 9214 +- name: Vlan4094 + description: mlag_peer_vlan_structured_config_override + shutdown: false + ip_address: 10.255.252.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B.yml index 384882fc8d1..0fef96b636b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B.yml @@ -1,206 +1,86 @@ -hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.251.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Vlan4093 - - ip_address: 172.31.255.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 - description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Ethernet2 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 - description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.251.1/31 - pim: - ipv4: - sparse_mode: true -- name: Vlan4094 - description: mlag_peer_vlan_structured_config_override - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel5 - description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - native_vlan_tag: true - shutdown: false - mlag: 5 - storm_control: - broadcast: - level: '25' - unknown_unicast: - level: '25' ethernet_interfaces: - name: Ethernet3 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 - peer_interface: Ethernet2 - peer_type: spine description: P2P_UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.31.255.3/31 pim: ipv4: sparse_mode: true -- name: Ethernet5 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A + peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 peer_interface: Ethernet2 - peer_type: l2leaf + peer_type: spine + switchport: + enabled: false +- name: Ethernet5 description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A_Ethernet2 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet6 description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B_Ethernet2 shutdown: false channel_group: id: 5 mode: active + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1B + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB mlag_configuration: domain_id: DC1_LEAF1 local_interface: Vlan4094 @@ -208,49 +88,169 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel5 + description: L2_UPLINK-MLAG-STRUCTURED-CONFIG-L2LEAF1_Port-Channel1 + shutdown: false + mlag: 5 + storm_control: + broadcast: + level: '25' + unknown_unicast: + level: '25' + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none + native_vlan_tag: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +router_bgp: + as: '65101' + router_id: 192.168.255.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.251.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A + description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Vlan4093 + - ip_address: 172.31.255.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 + description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Ethernet2 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 + description: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.1/31 + pim: + ipv4: + sparse_mode: true + mtu: 9214 +- name: Vlan4094 + description: mlag_peer_vlan_structured_config_override + shutdown: false + ip_address: 10.255.252.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1.yml index 614bdf036d8..a28ad621f4f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1.yml @@ -1,39 +1,98 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.0/31 + pim: + ipv4: + sparse_mode: true + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 172.31.255.2/31 + pim: + ipv4: + sparse_mode: true + peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: UPLINK-MLAG-STRUCTURED-CONFIG-SPINE1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -47,100 +106,41 @@ router_bgp: description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet1 - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B description: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Loopback0 - remote_as: '65101' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1A_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.0/31 - pim: - ipv4: - sparse_mode: true -- name: Ethernet2 - peer: UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UPLINK-MLAG-STRUCTURED-CONFIG-L3LEAF1B_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.31.255.2/31 - pim: - ipv4: - sparse_mode: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_L2LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_L2LEAF1.yml index 8e4c60b07b0..855f1512e40 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_L2LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_L2LEAF1.yml @@ -1,62 +1,62 @@ -hostname: UPLINK_P2P_VRFS_TESTS_L2LEAF1 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet51 - peer_type: l3leaf description: L2_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet51 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet52 + peer_interface: Ethernet51 peer_type: l3leaf +- name: Ethernet2 description: L2_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet52 shutdown: false channel_group: id: 1 mode: active + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet52 + peer_type: l3leaf - name: Ethernet10 - peer_type: network_port shutdown: false + peer_type: network_port switchport: enabled: true +hostname: UPLINK_P2P_VRFS_TESTS_L2LEAF1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB port_channel_interfaces: - name: Port-Channel1 description: L2_UPLINK_P2P_VRFS_TESTS_LEAF1_Port-Channel51 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '66' - shutdown: false +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 66 name: TEST-L2VLAN-ATTRACTION tenant: TenantC -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_LEAF1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_LEAF1.yml index c8074dda18f..6b94dd04764 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_LEAF1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_LEAF1.yml @@ -1,28 +1,137 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE1_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.42.42.9/31 + mac_security: + profile: TEST + peer: UPLINK_P2P_VRFS_TESTS_SPINE1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet1.42 + description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE1_Ethernet1.42_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 42 + ip_address: 10.42.42.9/31 + peer: UPLINK_P2P_VRFS_TESTS_SPINE1 + peer_interface: Ethernet1.42 + peer_type: spine +- name: Ethernet1.66 + description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE1_Ethernet1.66_VRF_ONLY-ON-L2LEAF + shutdown: false + mtu: 9214 + vrf: ONLY-ON-L2LEAF + encapsulation_dot1q: + vlan: 66 + ip_address: 10.42.42.9/31 + peer: UPLINK_P2P_VRFS_TESTS_SPINE1 + peer_interface: Ethernet1.66 + peer_type: spine +- name: Ethernet2 + description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.42.42.11/31 + mac_security: + profile: TEST + peer: UPLINK_P2P_VRFS_TESTS_SPINE2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2.100 + description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2.100_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 100 + ip_address: 10.42.42.11/31 + peer: UPLINK_P2P_VRFS_TESTS_SPINE2 + peer_interface: Ethernet2.100 + peer_type: spine +- name: Ethernet2.42 + description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2.42_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 42 + ip_address: 10.42.42.11/31 + peer: UPLINK_P2P_VRFS_TESTS_SPINE2 + peer_interface: Ethernet2.42 + peer_type: spine +- name: Ethernet51 + description: L2_UPLINK_P2P_VRFS_TESTS_L2LEAF1_Ethernet1 + shutdown: false + channel_group: + id: 51 + mode: active + peer: UPLINK_P2P_VRFS_TESTS_L2LEAF1 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet52 + description: L2_UPLINK_P2P_VRFS_TESTS_L2LEAF1_Ethernet2 + shutdown: false + channel_group: + id: 51 + mode: active + peer: UPLINK_P2P_VRFS_TESTS_L2LEAF1 + peer_interface: Ethernet2 + peer_type: l2leaf hostname: UPLINK_P2P_VRFS_TESTS_LEAF1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: cafe:cafe:cafe is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB +port_channel_interfaces: +- name: Port-Channel51 + description: L2_UPLINK_P2P_VRFS_TESTS_L2LEAF1_Port-Channel1 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '66' router_bgp: as: '65000' router_id: 192.168.42.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 10.42.42.8 peer_group: IPv4-UNDERLAY-PEERS @@ -34,6 +143,13 @@ router_bgp: remote_as: '65000' peer: UPLINK_P2P_VRFS_TESTS_SPINE2 description: UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2 + redistribute: + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true vrfs: - name: PROD router_id: 192.168.42.3 @@ -70,150 +186,34 @@ router_bgp: connected: enabled: true service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan66 + description: TEST-L2VLAN-ATTRACTION + shutdown: false + vrf: ONLY-ON-L2LEAF + ip_address_virtual: 172.16.0.1/24 + tenant: TenantC + tags: + - not-on-spine-2 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true +vlans: +- id: 66 + name: TEST-L2VLAN-ATTRACTION + tenant: TenantC vrfs: - name: MGMT ip_routing: false - name: IT - tenant: TenantA ip_routing: true -- name: PROD tenant: TenantA +- name: PROD ip_routing: true + tenant: TenantA - name: ONLY-ON-L2LEAF - tenant: TenantC ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: UPLINK_P2P_VRFS_TESTS_SPINE1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE1_Ethernet1 - shutdown: false - mtu: 9214 - mac_security: - profile: TEST - switchport: - enabled: false - ip_address: 10.42.42.9/31 -- name: Ethernet1.42 - peer: UPLINK_P2P_VRFS_TESTS_SPINE1 - peer_interface: Ethernet1.42 - peer_type: spine - vrf: PROD - description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE1_Ethernet1.42_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 42 - mtu: 9214 - ip_address: 10.42.42.9/31 -- name: Ethernet1.66 - peer: UPLINK_P2P_VRFS_TESTS_SPINE1 - peer_interface: Ethernet1.66 - peer_type: spine - vrf: ONLY-ON-L2LEAF - description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE1_Ethernet1.66_VRF_ONLY-ON-L2LEAF - shutdown: false - encapsulation_dot1q: - vlan: 66 - mtu: 9214 - ip_address: 10.42.42.9/31 -- name: Ethernet2 - peer: UPLINK_P2P_VRFS_TESTS_SPINE2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2 - shutdown: false - mtu: 9214 - mac_security: - profile: TEST - switchport: - enabled: false - ip_address: 10.42.42.11/31 -- name: Ethernet2.100 - peer: UPLINK_P2P_VRFS_TESTS_SPINE2 - peer_interface: Ethernet2.100 - peer_type: spine - vrf: IT - description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2.100_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 100 - mtu: 9214 - ip_address: 10.42.42.11/31 -- name: Ethernet2.42 - peer: UPLINK_P2P_VRFS_TESTS_SPINE2 - peer_interface: Ethernet2.42 - peer_type: spine - vrf: PROD - description: P2P_UPLINK_P2P_VRFS_TESTS_SPINE2_Ethernet2.42_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 42 - mtu: 9214 - ip_address: 10.42.42.11/31 -- name: Ethernet51 - peer: UPLINK_P2P_VRFS_TESTS_L2LEAF1 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_UPLINK_P2P_VRFS_TESTS_L2LEAF1_Ethernet1 - shutdown: false - channel_group: - id: 51 - mode: active -- name: Ethernet52 - peer: UPLINK_P2P_VRFS_TESTS_L2LEAF1 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_UPLINK_P2P_VRFS_TESTS_L2LEAF1_Ethernet2 - shutdown: false - channel_group: - id: 51 - mode: active -port_channel_interfaces: -- name: Port-Channel51 - description: L2_UPLINK_P2P_VRFS_TESTS_L2LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '66' - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.3/32 -vlans: -- id: 66 - name: TEST-L2VLAN-ATTRACTION - tenant: TenantC -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: cafe:cafe:cafe -vlan_interfaces: -- name: Vlan66 tenant: TenantC - tags: - - not-on-spine-2 - description: TEST-L2VLAN-ATTRACTION - shutdown: false - ip_address_virtual: 172.16.0.1/24 - vrf: ONLY-ON-L2LEAF -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE1.yml index c1181f57228..ace20d761db 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE1.yml @@ -1,34 +1,86 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.42.42.8/31 + mac_security: + profile: TEST + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet1.42 + description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1.42_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 42 + ip_address: 10.42.42.8/31 + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet1.42 + peer_type: l3leaf +- name: Ethernet1.66 + description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1.66_VRF_ONLY-ON-L2LEAF + shutdown: false + mtu: 9214 + vrf: ONLY-ON-L2LEAF + encapsulation_dot1q: + vlan: 66 + ip_address: 10.42.42.8/31 + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet1.66 + peer_type: l3leaf hostname: UPLINK_P2P_VRFS_TESTS_SPINE1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB router_bgp: as: '65000' router_id: 192.168.42.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 10.42.42.9 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' peer: UPLINK_P2P_VRFS_TESTS_LEAF1 description: UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1 + redistribute: + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true vrfs: - name: PROD router_id: 192.168.42.1 @@ -45,72 +97,20 @@ router_bgp: remote_as: '65000' description: UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1.66_vrf_ONLY-ON-L2LEAF service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false - name: PROD - tenant: TenantB ip_routing: true + tenant: TenantB - name: ONLY-ON-L2LEAF - tenant: TenantC ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1 - shutdown: false - mtu: 9214 - mac_security: - profile: TEST - switchport: - enabled: false - ip_address: 10.42.42.8/31 -- name: Ethernet1.42 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet1.42 - peer_type: l3leaf - vrf: PROD - description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1.42_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 42 - mtu: 9214 - ip_address: 10.42.42.8/31 -- name: Ethernet1.66 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet1.66 - peer_type: l3leaf - vrf: ONLY-ON-L2LEAF - description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet1.66_VRF_ONLY-ON-L2LEAF - shutdown: false - encapsulation_dot1q: - vlan: 66 - mtu: 9214 - ip_address: 10.42.42.8/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.1/32 -metadata: - platform: vEOS-LAB + tenant: TenantC diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE2.yml index 68ff22ddb9b..997aa7be482 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/UPLINK_P2P_VRFS_TESTS_SPINE2.yml @@ -1,34 +1,86 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet2 + description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.42.42.10/31 + mac_security: + profile: TEST + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2.100 + description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2.100_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 100 + ip_address: 10.42.42.10/31 + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet2.100 + peer_type: l3leaf +- name: Ethernet2.42 + description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2.42_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 42 + ip_address: 10.42.42.10/31 + peer: UPLINK_P2P_VRFS_TESTS_LEAF1 + peer_interface: Ethernet2.42 + peer_type: l3leaf hostname: UPLINK_P2P_VRFS_TESTS_SPINE2 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-LAB router_bgp: as: '65000' router_id: 192.168.42.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 10.42.42.11 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' peer: UPLINK_P2P_VRFS_TESTS_LEAF1 description: UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2 + redistribute: + connected: + enabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true vrfs: - name: IT router_id: 192.168.42.2 @@ -45,72 +97,20 @@ router_bgp: remote_as: '65000' description: UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2.42_vrf_PROD service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false - name: IT - tenant: TenantA ip_routing: true -- name: PROD tenant: TenantA +- name: PROD ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet2 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2 - shutdown: false - mtu: 9214 - mac_security: - profile: TEST - switchport: - enabled: false - ip_address: 10.42.42.10/31 -- name: Ethernet2.100 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet2.100 - peer_type: l3leaf - vrf: IT - description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2.100_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 100 - mtu: 9214 - ip_address: 10.42.42.10/31 -- name: Ethernet2.42 - peer: UPLINK_P2P_VRFS_TESTS_LEAF1 - peer_interface: Ethernet2.42 - peer_type: l3leaf - vrf: PROD - description: P2P_UPLINK_P2P_VRFS_TESTS_LEAF1_Ethernet2.42_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 42 - mtu: 9214 - ip_address: 10.42.42.10/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.2/32 -metadata: - platform: vEOS-LAB + tenant: TenantA diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/always-configure-ip-routing.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/always-configure-ip-routing.yml index 271e4f28daf..a50bfa07e81 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/always-configure-ip-routing.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/always-configure-ip-routing.yml @@ -1,25 +1,25 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: always-configure-ip-routing +ip_igmp_snooping: + globally_enabled: true +ip_routing_ipv6_interfaces: true +ipv6_unicast_routing: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml index 57701703d26..8cc36279873 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml @@ -1,57 +1,194 @@ +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 2.2.2.2/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.255.1/32 + flow_tracker: + hardware: FLOW-TRACKER +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: Comcast_666 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false hostname: autovpn-edge-no-default-policy +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.30.1:0 +ip_routing: true +ip_security: + ike_policies: + - name: AUTOVPN-IKE + local_id: 192.168.255.1 + sa_policies: + - name: AUTOVPN-SA + profiles: + - name: AUTOVPN + ike_policy: AUTOVPN-IKE + sa_policy: AUTOVPN-SA + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: AUTOVPN is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.30.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.30.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.30.1:0 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.30.1:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 192.168.30.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: WAN-OVERLAY-PEERS type: wan + remote_as: '65000' update_source: Dps1 bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 bfd_timers: interval: 1000 min_rx: 1000 multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 2.2.2.2 + peer_group: WAN-OVERLAY-PEERS + peer: autovpn-rr3 + description: autovpn-rr3_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: WAN-OVERLAY-PEERS activate: true - encapsulation: path-selection route_map_in: RM-EVPN-SOO-IN route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection address_family_ipv4: peer_groups: - name: WAN-OVERLAY-PEERS activate: false address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true bgp: additional_paths: receive: true send: any - neighbors: - - ip_address: 2.2.2.2 - peer_group: WAN-OVERLAY-PEERS - peer: autovpn-rr3 - description: autovpn-rr3_Dps1 + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: default rd: 192.168.30.1:1 @@ -95,127 +232,11 @@ router_bgp: redistribute: connected: enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - switchport: - enabled: false - description: Comcast_666 - dhcp_client_accept_default_route: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.30.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.30.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.30.1:0 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.30.1:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.30.1:0 -ip_security: - ike_policies: - - name: AUTOVPN-IKE - local_id: 192.168.255.1 - sa_policies: - - name: AUTOVPN-SA - profiles: - - name: AUTOVPN - ike_policy: AUTOVPN-IKE - sa_policy: AUTOVPN-SA - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: AUTOVPN -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: AUTOVPN local_interfaces: - name: Ethernet1 stun: @@ -228,7 +249,6 @@ router_path_selection: name: autovpn-rr3 ipv4_addresses: - 10.7.7.7 - ipsec_profile: AUTOVPN load_balance_policies: - name: LB-DEFAULT-POLICY-DEFAULT path_groups: @@ -241,12 +261,12 @@ router_path_selection: default_match: load_balance: LB-DEFAULT-POLICY-DEFAULT - name: DEFAULT-POLICY-WITH-CP + default_match: + load_balance: LB-DEFAULT-POLICY-DEFAULT rules: - id: 10 application_profile: APP-PROFILE-CONTROL-PLANE load_balance: LB-DEFAULT-POLICY-CONTROL-PLANE - default_match: - load_balance: LB-DEFAULT-POLICY-DEFAULT vrfs: - name: PROD path_selection_policy: DEFAULT-POLICY @@ -254,39 +274,33 @@ router_path_selection: path_selection_policy: DEFAULT-POLICY - name: default path_selection_policy: DEFAULT-POLICY-WITH-CP + tcp_mss_ceiling: + ipv4_segment_size: auto +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: - name: INET-autovpn-rr3-Ethernet1 ip_address: 10.7.7.7 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 2.2.2.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.255.1/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: autovpn-edge-no-default-policy_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -294,17 +308,3 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index a7408923011..a64adf43e21 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -1,61 +1,199 @@ +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.131.1/32 + - 192.168.131.2/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: IT + - name: VOICE + - name: VIDEO + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.130.1/32 + flow_tracker: + hardware: FLOW-TRACKER +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: Comcast_666 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet2 + description: MPLS-SP-1_Cat6 + shutdown: false + ip_address: 10.14.14.14/31 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false hostname: autovpn-edge +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.30.1:0 +ip_routing: true +ip_security: + ike_policies: + - name: AUTOVPN-IKE + local_id: 192.168.130.1 + sa_policies: + - name: AUTOVPN-SA + profiles: + - name: AUTOVPN + ike_policy: AUTOVPN-IKE + sa_policy: AUTOVPN-SA + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: AUTOVPN is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.30.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.30.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.30.1:0 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.30.1:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 192.168.30.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: WAN-OVERLAY-PEERS type: wan + remote_as: '65000' update_source: Dps1 bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 bfd_timers: interval: 1000 min_rx: 1000 multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.131.1 + peer_group: WAN-OVERLAY-PEERS + peer: autovpn-rr1 + description: autovpn-rr1_Dps1 + - ip_address: 192.168.131.2 + peer_group: WAN-OVERLAY-PEERS + peer: autovpn-rr2 + description: autovpn-rr2_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: WAN-OVERLAY-PEERS activate: true - encapsulation: path-selection route_map_in: RM-EVPN-SOO-IN route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection address_family_ipv4: peer_groups: - name: WAN-OVERLAY-PEERS activate: false address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true bgp: additional_paths: receive: true send: any - neighbors: - - ip_address: 192.168.131.1 - peer_group: WAN-OVERLAY-PEERS - peer: autovpn-rr1 - description: autovpn-rr1_Dps1 - - ip_address: 192.168.131.2 - peer_group: WAN-OVERLAY-PEERS - peer: autovpn-rr2 - description: autovpn-rr2_Dps1 + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: default rd: 192.168.30.1:1 @@ -84,124 +222,11 @@ router_bgp: redistribute: connected: enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - switchport: - enabled: false - description: Comcast_666 - dhcp_client_accept_default_route: true -- name: Ethernet2 - peer_type: l3_interface - ip_address: 10.14.14.14/31 - shutdown: false - switchport: - enabled: false - description: MPLS-SP-1_Cat6 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.30.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.30.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.30.1:0 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.30.1:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.30.1:0 -ip_security: - ike_policies: - - name: AUTOVPN-IKE - local_id: 192.168.130.1 - sa_policies: - - name: AUTOVPN-SA - profiles: - - name: AUTOVPN - ike_policy: AUTOVPN-IKE - sa_policy: AUTOVPN-SA - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: AUTOVPN -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: AUTOVPN local_interfaces: - name: Ethernet1 stun: @@ -219,7 +244,6 @@ router_path_selection: name: autovpn-rr2 ipv4_addresses: - 10.8.8.8 - ipsec_profile: AUTOVPN - name: MPLS id: 100 local_interfaces: @@ -257,6 +281,8 @@ router_path_selection: application_profile: IT load_balance: LB-DEFAULT-AUTOVPN-POLICY-IT - name: PROD-AUTOVPN-POLICY + default_match: + load_balance: LB-PROD-AUTOVPN-POLICY-DEFAULT rules: - id: 10 application_profile: VOICE @@ -264,13 +290,16 @@ router_path_selection: - id: 20 application_profile: VIDEO load_balance: LB-PROD-AUTOVPN-POLICY-VIDEO - default_match: - load_balance: LB-PROD-AUTOVPN-POLICY-DEFAULT vrfs: - name: default path_selection_policy: DEFAULT-AUTOVPN-POLICY-WITH-CP - name: PROD path_selection_policy: PROD-AUTOVPN-POLICY + tcp_mss_ceiling: + ipv4_segment_size: auto +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -278,53 +307,24 @@ stun: ip_address: 10.7.7.7 - name: INET-autovpn-rr2-Ethernet1 ip_address: 10.8.8.8 -application_traffic_recognition: - application_profiles: - - name: IT - - name: VOICE - - name: VIDEO - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.131.1/32 - - 192.168.131.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.130.1/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: autovpn-edge_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index 089fa5a660f..d168d992529 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -1,20 +1,133 @@ +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.131.1/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: IT + - name: VOICE + - name: VIDEO + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.131.1/32 + flow_tracker: + hardware: FLOW-TRACKER +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: ATT_777 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false hostname: autovpn-rr1 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.31.1:0 +ip_routing: true +ip_security: + ike_policies: + - name: AUTOVPN-IKE + local_id: 192.168.131.1 + sa_policies: + - name: AUTOVPN-SA + profiles: + - name: AUTOVPN + ike_policy: AUTOVPN-IKE + sa_policy: AUTOVPN-SA + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.31.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +platform: + sfe: + data_plane_cpu_allocation_max: 2 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.31.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.31.1:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 192.168.31.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true bgp_cluster_id: 192.168.31.1 + bgp: + default: + ipv4_unicast: false listen_ranges: - prefix: 192.168.130.0/24 peer_group: WAN-OVERLAY-PEERS @@ -22,31 +135,40 @@ router_bgp: peer_groups: - name: WAN-OVERLAY-PEERS type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 remote_as: '65000' - ttl_maximum_hops: 1 + update_source: Dps1 route_reflector_client: true + bfd: true bfd_timers: interval: 1000 min_rx: 1000 multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 - name: WAN-RR-OVERLAY-PEERS type: wan + remote_as: '65000' update_source: Dps1 + route_reflector_client: true bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 bfd_timers: interval: 1000 min_rx: 1000 multiplier: 10 - route_reflector_client: true + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.131.2 + peer_group: WAN-RR-OVERLAY-PEERS + peer: autovpn-rr2 + description: autovpn-rr2_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: WAN-RR-OVERLAY-PEERS @@ -64,20 +186,15 @@ router_bgp: - name: WAN-RR-OVERLAY-PEERS activate: false address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any peer_groups: - name: WAN-OVERLAY-PEERS activate: true - name: WAN-RR-OVERLAY-PEERS activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.131.2 - peer_group: WAN-RR-OVERLAY-PEERS - peer: autovpn-rr2 - description: autovpn-rr2_Dps1 vrfs: - name: default rd: 192.168.31.1:1 @@ -91,100 +208,14 @@ router_bgp: route_targets: - '1:1' - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -platform: - sfe: - data_plane_cpu_allocation_max: 2 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - switchport: - enabled: false - description: ATT_777 - dhcp_client_accept_default_route: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.31.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.31.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.31.1:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.31.1:0 -ip_security: - ike_policies: - - name: AUTOVPN-IKE - local_id: 192.168.131.1 - sa_policies: - - name: AUTOVPN-SA - profiles: - - name: AUTOVPN - ike_policy: AUTOVPN-IKE - sa_policy: AUTOVPN-SA - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto + peer_dynamic_source: stun path_groups: - name: MPLS id: 100 - name: INET id: 101 + ipsec_profile: AUTOVPN local_interfaces: - name: Ethernet1 static_peers: @@ -192,10 +223,8 @@ router_path_selection: name: autovpn-rr2 ipv4_addresses: - 10.8.8.8 - ipsec_profile: AUTOVPN - name: LTE id: 102 - peer_dynamic_source: stun load_balance_policies: - name: LB-DEFAULT-AUTOVPN-POLICY-CONTROL-PLANE path_groups: @@ -226,6 +255,8 @@ router_path_selection: application_profile: IT load_balance: LB-DEFAULT-AUTOVPN-POLICY-IT - name: PROD-AUTOVPN-POLICY + default_match: + load_balance: LB-PROD-AUTOVPN-POLICY-DEFAULT rules: - id: 10 application_profile: VOICE @@ -233,63 +264,32 @@ router_path_selection: - id: 20 application_profile: VIDEO load_balance: LB-PROD-AUTOVPN-POLICY-VIDEO - default_match: - load_balance: LB-PROD-AUTOVPN-POLICY-DEFAULT vrfs: - name: default path_selection_policy: DEFAULT-AUTOVPN-POLICY-WITH-CP - name: PROD path_selection_policy: PROD-AUTOVPN-POLICY + tcp_mss_ceiling: + ipv4_segment_size: auto +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: server: local_interfaces: - Ethernet1 -application_traffic_recognition: - application_profiles: - - name: IT - - name: VOICE - - name: VIDEO - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - ipv4_prefixes: - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.131.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.131.1/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: autovpn-rr1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index 776241bf0ed..8484e1a19db 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -1,20 +1,132 @@ +aaa_root: + disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.131.2/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: IT + - name: VOICE + - name: VIDEO + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.131.2/32 + flow_tracker: + hardware: FLOW-TRACKER +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: ATT_888 + shutdown: false + ip_address: 10.8.8.8/31 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false hostname: autovpn-rr2 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.31.2:0 +ip_routing: true +ip_security: + ike_policies: + - name: AUTOVPN-IKE + local_id: 192.168.131.2 + sa_policies: + - name: AUTOVPN-SA + profiles: + - name: AUTOVPN + ike_policy: AUTOVPN-IKE + sa_policy: AUTOVPN-SA + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.31.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +platform: + sfe: + data_plane_cpu_allocation_max: 2 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.31.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.31.2:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 192.168.31.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true bgp_cluster_id: 192.168.31.2 + bgp: + default: + ipv4_unicast: false listen_ranges: - prefix: 192.168.130.0/24 peer_group: WAN-OVERLAY-PEERS @@ -22,31 +134,40 @@ router_bgp: peer_groups: - name: WAN-OVERLAY-PEERS type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 remote_as: '65000' - ttl_maximum_hops: 1 + update_source: Dps1 route_reflector_client: true + bfd: true bfd_timers: interval: 1000 min_rx: 1000 multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 - name: WAN-RR-OVERLAY-PEERS type: wan + remote_as: '65000' update_source: Dps1 + route_reflector_client: true bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 bfd_timers: interval: 1000 min_rx: 1000 multiplier: 10 - route_reflector_client: true + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.131.1 + peer_group: WAN-RR-OVERLAY-PEERS + peer: autovpn-rr1 + description: autovpn-rr1_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: WAN-RR-OVERLAY-PEERS @@ -64,20 +185,15 @@ router_bgp: - name: WAN-RR-OVERLAY-PEERS activate: false address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any peer_groups: - name: WAN-OVERLAY-PEERS activate: true - name: WAN-RR-OVERLAY-PEERS activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.131.1 - peer_group: WAN-RR-OVERLAY-PEERS - peer: autovpn-rr1 - description: autovpn-rr1_Dps1 vrfs: - name: default rd: 192.168.31.2:1 @@ -91,102 +207,14 @@ router_bgp: route_targets: - '1:1' - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -platform: - sfe: - data_plane_cpu_allocation_max: 2 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer_type: l3_interface - ip_address: 10.8.8.8/31 - shutdown: false - switchport: - enabled: false - description: ATT_888 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.31.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.31.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.31.2:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.8.8.9 -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.31.2:0 -ip_security: - ike_policies: - - name: AUTOVPN-IKE - local_id: 192.168.131.2 - sa_policies: - - name: AUTOVPN-SA - profiles: - - name: AUTOVPN - ike_policy: AUTOVPN-IKE - sa_policy: AUTOVPN-SA - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto + peer_dynamic_source: stun path_groups: - name: MPLS id: 100 - name: INET id: 101 + ipsec_profile: AUTOVPN local_interfaces: - name: Ethernet1 static_peers: @@ -194,10 +222,8 @@ router_path_selection: name: autovpn-rr1 ipv4_addresses: - 10.7.7.7 - ipsec_profile: AUTOVPN - name: LTE id: 102 - peer_dynamic_source: stun load_balance_policies: - name: LB-DEFAULT-AUTOVPN-POLICY-CONTROL-PLANE path_groups: @@ -228,6 +254,8 @@ router_path_selection: application_profile: IT load_balance: LB-DEFAULT-AUTOVPN-POLICY-IT - name: PROD-AUTOVPN-POLICY + default_match: + load_balance: LB-PROD-AUTOVPN-POLICY-DEFAULT rules: - id: 10 application_profile: VOICE @@ -235,63 +263,35 @@ router_path_selection: - id: 20 application_profile: VIDEO load_balance: LB-PROD-AUTOVPN-POLICY-VIDEO - default_match: - load_balance: LB-PROD-AUTOVPN-POLICY-DEFAULT vrfs: - name: default path_selection_policy: DEFAULT-AUTOVPN-POLICY-WITH-CP - name: PROD path_selection_policy: PROD-AUTOVPN-POLICY + tcp_mss_ceiling: + ipv4_segment_size: auto +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.8.8.9 stun: server: local_interfaces: - Ethernet1 -application_traffic_recognition: - application_profiles: - - name: IT - - name: VOICE - - name: VIDEO - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - ipv4_prefixes: - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.131.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.131.2/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: autovpn-rr2_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-1.yml index 1ffff610e15..0e778490dbd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-1.yml @@ -1,16 +1,94 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet10 + description: MLAG_bgp-from-network-services-2_Ethernet10 + shutdown: false + channel_group: + id: 10 + mode: active + peer: bgp-from-network-services-2 + peer_interface: Ethernet10 + peer_type: mlag_peer +- name: Ethernet47 + shutdown: false + ip_address: 10.10.1.1/30 + peer_type: l3_interface + switchport: + enabled: false hostname: bgp-from-network-services-1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.0.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 10.1.1.1/24 + type: oob +mlag_configuration: + domain_id: GROUP1 + local_interface: Vlan4094 + peer_address: 10.10.10.1 + peer_link: Port-Channel10 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel10 + description: MLAG_bgp-from-network-services-2_Port-Channel10 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.10.20.0/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit router_bgp: as: '65001' router_id: 192.0.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MYPEERGROUP remote_as: '65991' @@ -19,146 +97,68 @@ router_bgp: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: bgp-from-network-services-2 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbors: - ip_address: 10.10.20.1 peer_group: MLAG-IPv4-UNDERLAY-PEER description: bgp-from-network-services-2_Vlan3099 - ip_address: 10.10.1.2 peer_group: MYPEERGROUP + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: - neighbors: - - ip_address: 10.10.1.2 - activate: true peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER activate: true + neighbors: + - ip_address: 10.10.1.2 + activate: true service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: default + destination_address_prefix: 0.0.0.0 + gateway: 10.10.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.10.10.0/31 + mtu: 9214 + no_autostate: true +- name: Vlan3099 + description: MLAG_L3_VRF_default + shutdown: false + vrf: default + ip_address: 10.10.20.0/31 + mtu: 9214 + tenant: TEST + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 10.1.1.1/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 3099 name: MLAG_L3_VRF_default trunk_groups: - MLAG tenant: TEST -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.10.0/31 -- name: Vlan3099 - tenant: TEST - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_default - vrf: default - mtu: 9214 - ip_address: 10.10.20.0/31 -port_channel_interfaces: -- name: Port-Channel10 - description: MLAG_bgp-from-network-services-2_Port-Channel10 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet10 - peer: bgp-from-network-services-2 - peer_interface: Ethernet10 - peer_type: mlag_peer - description: MLAG_bgp-from-network-services-2_Ethernet10 - shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet47 - peer_type: l3_interface - ip_address: 10.10.1.1/30 - shutdown: false - switchport: - enabled: false -mlag_configuration: - domain_id: GROUP1 - local_interface: Vlan4094 - peer_address: 10.10.10.1 - peer_link: Port-Channel10 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.0.255.1/32 -ip_igmp_snooping: - globally_enabled: true -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -static_routes: -- destination_address_prefix: 0.0.0.0 - gateway: 10.10.1.1 - vrf: default -prefix_lists: -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.10.20.0/31 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-2.yml index e194ae3152e..516666364f4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-from-network-services-2.yml @@ -1,24 +1,32 @@ -hostname: bgp-from-network-services-2 -is_deployed: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false +ethernet_interfaces: +- name: Ethernet10 + description: MLAG_bgp-from-network-services-1_Ethernet10 + shutdown: false + channel_group: + id: 10 + mode: active + peer: bgp-from-network-services-1 + peer_interface: Ethernet10 + peer_type: mlag_peer +hostname: bgp-from-network-services-2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.0.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT @@ -26,54 +34,46 @@ management_interfaces: vrf: MGMT ip_address: 10.1.1.2/24 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.10.10.1/31 +mlag_configuration: + domain_id: GROUP1 + local_interface: Vlan4094 + peer_address: 10.10.10.0 + peer_link: Port-Channel10 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' port_channel_interfaces: - name: Port-Channel10 description: MLAG_bgp-from-network-services-1_Port-Channel10 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false -ethernet_interfaces: -- name: Ethernet10 - peer: bgp-from-network-services-1 - peer_interface: Ethernet10 - peer_type: mlag_peer - description: MLAG_bgp-from-network-services-1_Ethernet10 - shutdown: false - channel_group: - id: 10 - mode: active -mlag_configuration: - domain_id: GROUP1 - local_interface: Vlan4094 - peer_address: 10.10.10.0 - peer_link: Port-Channel10 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.0.255.2/32 -ip_igmp_snooping: - globally_enabled: true + ip_address: 10.10.10.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-options.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-options.yml index 68efdb701f8..4c05cea5773 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-options.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-options.yml @@ -1,5 +1,37 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: bgp-options +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.10.10.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.10.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 10.10.10.1 @@ -7,82 +39,50 @@ router_bgp: external_routes: 20 internal_routes: 200 local_routes: 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.10.10.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.10.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-1.yml index 4d0def75321..7f8da212de9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-1.yml @@ -1,52 +1,133 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_bgp-peer-groups-2_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: bgp-peer-groups-2 + peer_interface: Ethernet3 + peer_type: mlag_peer hostname: bgp-peer-groups-1 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.111:1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.111/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.111/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: mlag + local_interface: Vlan4094 + peer_address: 192.168.253.205 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_bgp-peer-groups-2_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.254.111:1 additive +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.111 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: Description for mlag_ipv4_underlay_peer via structured_config bfd: true - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 + description: Description for ipv4_underlay_peers via structured_config bfd: true - maximum_routes: 12000 send_community: all - description: Description for ipv4_underlay_peers via structured_config + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + remote_as: '65001' + description: Description for evpn_overlay_peers via structured_config update_source: Loopback0 bfd: false send_community: all maximum_routes: 0 - remote_as: '65001' - description: Description for evpn_overlay_peers via structured_config - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 192.168.253.205 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -56,139 +137,57 @@ router_bgp: peer_group: EVPN-OVERLAY-PEERS peer: bgp-peer-groups-2 description: bgp-peer-groups-2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true route_map_in: RM-EVPN-SOO-IN route_map_out: RM-EVPN-SOO-OUT - address_family_vpn_ipv4: {} + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.253.204/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.253.204/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_bgp-peer-groups-2_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: bgp-peer-groups-2 - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_bgp-peer-groups-2_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: mlag - local_interface: Vlan4094 - peer_address: 192.168.253.205 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.254.111:1 additive -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.111/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.111/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.111:1 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: bgp-peer-groups-1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-2.yml index 011adb93bfa..cf984590ddf 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-2.yml @@ -1,63 +1,124 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_bgp-peer-groups-1_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: bgp-peer-groups-1 + peer_interface: Ethernet3 + peer_type: mlag_peer hostname: bgp-peer-groups-2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.112/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.111/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: mlag + local_interface: Vlan4094 + peer_address: 192.168.253.204 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_bgp-peer-groups-1_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.112 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_cluster_id: 192.168.255.112 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: Description for mlag_ipv4_underlay_peer via structured_config bfd: true - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 + description: Description for ipv4_underlay_peers via structured_config bfd: true - maximum_routes: 12000 send_community: all - description: Description for ipv4_underlay_peers via structured_config + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + remote_as: '65001' + description: Description for evpn_overlay_peers via structured_config update_source: Loopback0 + route_reflector_client: true bfd: false send_community: all maximum_routes: 0 - remote_as: '65001' - route_reflector_client: true - description: Description for evpn_overlay_peers via structured_config - name: RR-OVERLAY-PEERS type: mpls + remote_as: '65001' + description: Description for rr_overlay_peers via structured_config update_source: Loopback0 bfd: false send_community: all maximum_routes: 0 - remote_as: '65001' - description: Description for rr_overlay_peers via structured_config - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: RR-OVERLAY-PEERS - activate: false neighbors: - ip_address: 192.168.253.204 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -67,122 +128,61 @@ router_bgp: peer_group: EVPN-OVERLAY-PEERS peer: bgp-peer-groups-1 description: bgp-peer-groups-1_Loopback0 - bgp_cluster_id: 192.168.255.112 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: RR-OVERLAY-PEERS + activate: false address_family_vpn_ipv4: peer_groups: - name: RR-OVERLAY-PEERS activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 192.168.253.205/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 192.168.253.205/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_bgp-peer-groups-1_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: bgp-peer-groups-1 - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_bgp-peer-groups-1_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -mlag_configuration: - domain_id: mlag - local_interface: Vlan4094 - peer_address: 192.168.253.204 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.112/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.111/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: bgp-peer-groups-2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-3.yml index 2815a65d6b9..03b248f6699 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/bgp-peer-groups-3.yml @@ -1,42 +1,70 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: bgp-peer-groups-3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.114/32 + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 206 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.114 - bgp: - default: - ipv4_unicast: false - bestpath: - d_path: true maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true + bgp: + default: + ipv4_unicast: false + bestpath: + d_path: true peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65001' + description: Description for mpls_overlay_peers via structured_config update_source: Loopback0 bfd: false send_community: all maximum_routes: 0 - remote_as: '65001' - description: Description for mpls_overlay_peers via structured_config - name: IPVPN-GATEWAY-PEERS type: mpls + description: Description for ipvpn_gateway_peers via structured_config update_source: Loopback0 bfd: false send_community: all maximum_routes: 0 - description: Description for ipvpn_gateway_peers via structured_config address_family_evpn: + domain_identifier: '65535:1' neighbor_default: encapsulation: mpls next_hop_self_source_interface: Loopback0 peer_groups: - name: MPLS-OVERLAY-PEERS activate: true - domain_identifier: '65535:1' address_family_ipv4: peer_groups: - name: MPLS-OVERLAY-PEERS @@ -44,67 +72,39 @@ router_bgp: - name: IPVPN-GATEWAY-PEERS activate: false address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 + domain_identifier: '65535:2' peer_groups: - name: IPVPN-GATEWAY-PEERS activate: true - name: MPLS-OVERLAY-PEERS activate: true - domain_identifier: '65535:2' + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 +router_isis: + instance: CORE + net: 49.0001.1921.6825.5114.00 + router_id: 192.168.255.114 + is_type: level-1-2 + log_adjacency_changes: true + advertise: + passive_only: false + address_family_ipv4: + enabled: true + maximum_paths: 4 + segment_routing_mpls: + enabled: true + router_id: 192.168.255.114 +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.114/32 - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 206 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.1921.6825.5114.00 - router_id: 192.168.255.114 - is_type: level-1-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - advertise: - passive_only: false - segment_routing_mpls: - router_id: 192.168.255.114 - enabled: true -mpls: - ip: true -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/connected_endpoints.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/connected_endpoints.yml index e638e740c8a..f3f9373b76c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/connected_endpoints.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/connected_endpoints.yml @@ -1,221 +1,203 @@ -hostname: connected_endpoints -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -link_tracking_groups: -- name: LT_GROUP1 - recovery_delay: 300 -ip_igmp_snooping: - globally_enabled: true ethernet_interfaces: - name: Ethernet1 - peer: OLD_SW-1/2 - peer_interface: Endpoint_port1 - peer_type: server description: Interface description server_OLD_SW-1/2_ENDPOINT_PORT1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 peer: OLD_SW-1/2 - peer_interface: ENDPOINT_PORT2 + peer_interface: Endpoint_port1 peer_type: server +- name: Ethernet2 description: Interface description server_OLD_SW-1/2_ENDPOINT_PORT2 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet3 - peer: OLD_SW-1/3 - peer_interface: ENDPOINT_PORT + peer: OLD_SW-1/2 + peer_interface: ENDPOINT_PORT2 peer_type: server +- name: Ethernet3 description: SERVER_OLD_SW-1/3_ENDPOINT_PORT shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 - peer: OLD_SW-1/4 + peer: OLD_SW-1/3 + peer_interface: ENDPOINT_PORT peer_type: server +- name: Ethernet4 description: PHYSICAL_PORT_DESCRIPTION shutdown: false + peer: OLD_SW-1/4 + peer_type: server switchport: enabled: true - name: Ethernet5 - peer: OLD_SW-1/5 - peer_type: server description: SERVER_OLD_SW-1/5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: OLD_SW-1/5 peer_type: server +- name: Ethernet6 description: SERVER_OLD_SW-1/5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet7 - peer: OLD_SW-1/6 + peer: OLD_SW-1/5 peer_type: server +- name: Ethernet7 description: PHYSICAL_PORT_DESCRIPTION shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 peer: OLD_SW-1/6 peer_type: server +- name: Ethernet8 description: PHYSICAL_PORT_DESCRIPTION shutdown: false channel_group: id: 7 mode: active -- name: Ethernet9 - peer: SERVER_WITH_PLAYVAR_DESCRIPTION + peer: OLD_SW-1/6 peer_type: server +- name: Ethernet9 description: test of var set under play vars shutdown: false + peer: SERVER_WITH_PLAYVAR_DESCRIPTION + peer_type: server switchport: enabled: true - name: Ethernet10 - peer: OLD_SW-1/7 - peer_type: server description: PHYSICAL_PORT_DESCRIPTION_1 shutdown: false channel_group: id: 10 mode: active -- name: Ethernet11 peer: OLD_SW-1/7 peer_type: server +- name: Ethernet11 description: PHYSICAL_PORT_DESCRIPTION_2 shutdown: false channel_group: id: 10 mode: active -- name: Ethernet12 - peer: INDIVIDUAL_1 + peer: OLD_SW-1/7 peer_type: server +- name: Ethernet12 description: SERVER_INDIVIDUAL_1 shutdown: false channel_group: id: 12 mode: active - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1,2,3,4,5,6,7,123,234 - native_vlan_tag: false - native_vlan: 123 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 - enable: true role: master + transport: ipv4 service_profile: MYQOS - sflow: - enable: false -- name: Ethernet13 + spanning_tree_bpdufilter: 'True' + spanning_tree_portfast: edge peer: INDIVIDUAL_1 peer_type: server - description: SERVER_INDIVIDUAL_1 - shutdown: false - channel_group: - id: 12 - mode: active + sflow: + enable: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 1,2,3,4,5,6,7,123,234 - native_vlan_tag: false native_vlan: 123 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' + native_vlan_tag: false +- name: Ethernet13 + description: SERVER_INDIVIDUAL_1 + shutdown: false + channel_group: + id: 12 + mode: active ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 - enable: true role: master + transport: ipv4 service_profile: MYQOS + spanning_tree_bpdufilter: 'True' + spanning_tree_portfast: edge + peer: INDIVIDUAL_1 + peer_type: server sflow: enable: false -- name: Ethernet14 - peer: DOT1X_UNAUTHORIZED - peer_type: server - port_profile: INDIVIDUAL_TRUNK - description: SERVER_DOT1X_UNAUTHORIZED - shutdown: false - dot1x: - unauthorized: - access_vlan_membership_egress: true - native_vlan_membership_egress: true - poe: - disabled: true switchport: enabled: true mode: trunk trunk: allowed_vlan: 1,2,3,4,5,6,7,123,234 - native_vlan_tag: false native_vlan: 123 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' + native_vlan_tag: false +- name: Ethernet14 + description: SERVER_DOT1X_UNAUTHORIZED + shutdown: false + poe: + disabled: true ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 - enable: true role: master + transport: ipv4 + dot1x: + unauthorized: + access_vlan_membership_egress: true + native_vlan_membership_egress: true service_profile: MYQOS + spanning_tree_bpdufilter: 'True' + spanning_tree_portfast: edge + peer: DOT1X_UNAUTHORIZED + peer_type: server sflow: enable: false + port_profile: INDIVIDUAL_TRUNK + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1,2,3,4,5,6,7,123,234 + native_vlan: 123 + native_vlan_tag: false - name: Ethernet15 - peer: INDIVIDUAL_2_TRUNK_PHONE - peer_type: server description: SERVER_INDIVIDUAL_2_TRUNK_PHONE shutdown: false + link_tracking_groups: + - name: LT_GROUP1 + direction: downstream channel_group: id: 15 mode: active + peer: INDIVIDUAL_2_TRUNK_PHONE + peer_type: server switchport: enabled: true mode: trunk phone @@ -223,17 +205,17 @@ ethernet_interfaces: native_vlan: 123 phone: vlan: 321 - link_tracking_groups: - - name: LT_GROUP1 - direction: downstream - name: Ethernet16 - peer: INDIVIDUAL_2_TRUNK_PHONE - peer_type: server description: SERVER_INDIVIDUAL_2_TRUNK_PHONE shutdown: false + link_tracking_groups: + - name: LT_GROUP1 + direction: downstream channel_group: id: 15 mode: active + peer: INDIVIDUAL_2_TRUNK_PHONE + peer_type: server switchport: enabled: true mode: trunk phone @@ -241,39 +223,49 @@ ethernet_interfaces: native_vlan: 123 phone: vlan: 321 - link_tracking_groups: - - name: LT_GROUP1 - direction: downstream - name: Ethernet17 - peer: DOT1X_UNAUTHORIZED_PORT_CHANNEL - peer_type: server - port_profile: INDIVIDUAL_TRUNK description: SERVER_DOT1X_UNAUTHORIZED_PORT_CHANNEL shutdown: false + channel_group: + id: 17 + mode: active + poe: + disabled: true dot1x: unauthorized: access_vlan_membership_egress: true native_vlan_membership_egress: true - poe: - disabled: true - channel_group: - id: 17 - mode: active -- name: Ethernet18 peer: DOT1X_UNAUTHORIZED_PORT_CHANNEL peer_type: server port_profile: INDIVIDUAL_TRUNK +- name: Ethernet18 description: SERVER_DOT1X_UNAUTHORIZED_PORT_CHANNEL shutdown: false + channel_group: + id: 17 + mode: active + poe: + disabled: true dot1x: unauthorized: access_vlan_membership_egress: true native_vlan_membership_egress: true - poe: - disabled: true - channel_group: - id: 17 - mode: active + peer: DOT1X_UNAUTHORIZED_PORT_CHANNEL + peer_type: server + port_profile: INDIVIDUAL_TRUNK +hostname: connected_endpoints +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +link_tracking_groups: +- name: LT_GROUP1 + recovery_delay: 300 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: 720XP port_channel_interfaces: - name: Port-Channel1 description: Port channel description server_OLD_SW-1/2_Po1_ENDPOINT_PORT_CHANNEL_INTERFACE DESCRIPTION SERVER_OLD_SW-1/2_ENDPOINT_PORT_CHANNEL @@ -303,31 +295,33 @@ port_channel_interfaces: - name: Port-Channel12 description: SERVER_INDIVIDUAL_1_INDIVIDUAL_1 shutdown: false + lacp_fallback_timeout: 90 + lacp_fallback_mode: individual switchport: enabled: true - lacp_fallback_mode: individual - lacp_fallback_timeout: 90 - name: Port-Channel15 description: SERVER_INDIVIDUAL_2_TRUNK_PHONE shutdown: false + lacp_fallback_timeout: 90 + lacp_fallback_mode: individual switchport: enabled: true - lacp_fallback_mode: individual - lacp_fallback_timeout: 90 - name: Port-Channel17 description: SERVER_DOT1X_UNAUTHORIZED_PORT_CHANNEL shutdown: false - service_profile: MYQOS + spanning_tree_bpdufilter: 'True' + spanning_tree_portfast: edge ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 - enable: true role: master + transport: ipv4 + service_profile: MYQOS sflow: enable: false switchport: @@ -335,9 +329,15 @@ port_channel_interfaces: mode: trunk trunk: allowed_vlan: 1,2,3,4,5,6,7,123,234 - native_vlan_tag: false native_vlan: 123 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' -metadata: - platform: 720XP + native_vlan_tag: false +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-1-isis-sr-ldp.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-1-isis-sr-ldp.yml index dc0f7996f6e..67e8401c967 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-1-isis-sr-ldp.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-1-isis-sr-ldp.yml @@ -1,260 +1,174 @@ -hostname: core-1-isis-sr-ldp -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:7f:00:01 - priority1: 127 - priority2: 1 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -router_general: - router_id: - ipv4: 10.0.0.1 - ipv6: 2000:1234:ffff:ffff::1 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.0.1/32 - ipv6_address: 2000:1234:ffff:ffff::1/128 - mpls: - ldp: - interface: true - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 201 - ipv6_index: 201 -router_isis: - instance: CORE - log_adjacency_changes: true - net: 49.0001.0100.0000.0001.00 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - mpls_ldp_sync_default: true - timers: - local_convergence: - delay: 15000 - protected_prefixes: true - advertise: - passive_only: true - address_family_ipv6: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: link-protection - segment_routing_mpls: - router_id: 10.0.0.1 - enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true - shutdown: false - transport_address_interface: Loopback0 ethernet_interfaces: - name: Ethernet1 - peer: core-2-ospf-ldp - peer_interface: Ethernet1 - peer_type: core_router - switchport: - enabled: false + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet1 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: unnumbered loopback0 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet1 - speed: forced 1000full -- name: Ethernet2 peer: core-2-ospf-ldp - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: core_router switchport: enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet2 shutdown: false + speed: 100full mtu: 1601 - service_profile: test_qos_profile ip_address: 100.123.123.2/31 isis_enable: CORE isis_metric: 60 isis_network_point_to_point: false - isis_hello_padding: true isis_circuit_type: level-1 + isis_hello_padding: true + service_profile: test_qos_profile mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet2 - speed: 100full -- name: Ethernet3 peer: core-2-ospf-ldp - peer_interface: Ethernet3 + peer_interface: Ethernet2 peer_type: core_router switchport: enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet3 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: 100.64.48.4/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet3 - speed: forced 1000full -- name: Ethernet4 peer: core-2-ospf-ldp - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: core_router switchport: enabled: false +- name: Ethernet4 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet4 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: 100.64.48.6/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet4 - speed: forced 1000full -- name: Ethernet5 + key: $1c$sTNAlR6rKSw= + mode: md5 peer: core-2-ospf-ldp - peer_interface: Ethernet5 + peer_interface: Ethernet4 peer_type: core_router switchport: enabled: false +- name: Ethernet5 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet5 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: 100.64.48.8/31 ipv6_enable: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 mpls: ip: true - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet5 - speed: forced 1000full -- name: Ethernet6 peer: core-2-ospf-ldp - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: core_router switchport: enabled: false +- name: Ethernet6 + description: Custom description on core-1-isis-sr-ldp eth6 shutdown: false + speed: 100full mtu: 1602 - service_profile: test_qos_profile ip_address: unnumbered loopback0 ipv6_enable: true isis_enable: CORE isis_metric: 70 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-1-2 + isis_hello_padding: true isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 + service_profile: test_qos_profile mpls: ip: true ldp: interface: true igp_sync: true - description: Custom description on core-1-isis-sr-ldp eth6 - speed: 100full -- name: Ethernet10 peer: core-2-ospf-ldp - peer_interface: Ethernet10 + peer_interface: Ethernet6 peer_type: core_router switchport: enabled: false +- name: Ethernet10 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet10 shutdown: false + speed: forced 1000full mtu: 1500 + l2_mtu: 2222 + l2_mru: 2222 ip_address: 100.64.48.12/31 + isis_enable: CORE + isis_metric: 50 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: true ptp: + enable: true announce: interval: 0 timeout: 3 @@ -262,207 +176,241 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - isis_enable: CORE - isis_metric: 50 - isis_network_point_to_point: true - isis_hello_padding: true - isis_circuit_type: level-2 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet10 - speed: forced 1000full - l2_mru: 2222 - l2_mtu: 2222 + peer: core-2-ospf-ldp + peer_interface: Ethernet10 + peer_type: core_router + switchport: + enabled: false - name: Ethernet12 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet12 + shutdown: false + speed: forced 1000full + channel_group: + id: 12 + mode: active peer: core-2-ospf-ldp peer_interface: Ethernet12 peer_type: core_router +- name: Ethernet13 + description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet13 shutdown: false + speed: forced 1000full channel_group: id: 12 mode: active - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet12 - speed: forced 1000full -- name: Ethernet13 peer: core-2-ospf-ldp peer_interface: Ethernet13 peer_type: core_router +- name: Ethernet14 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A shutdown: false + speed: forced 1000full channel_group: - id: 12 + id: 14 mode: active - description: P2P_LINK_TO_CORE-2-OSPF-LDP_Ethernet13 - speed: forced 1000full -- name: Ethernet14 peer: core-2-ospf-ldp peer_interface: Ethernet14 peer_type: core_router +- name: Ethernet15 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A shutdown: false + speed: forced 1000full channel_group: id: 14 mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A - speed: forced 1000full -- name: Ethernet15 peer: core-2-ospf-ldp peer_interface: Ethernet15 peer_type: core_router +- name: Ethernet16 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A shutdown: false + speed: forced 1000full channel_group: - id: 14 + id: 16 mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A - speed: forced 1000full -- name: Ethernet16 peer: core-2-ospf-ldp peer_interface: Ethernet16 peer_type: core_router +- name: Ethernet17 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A shutdown: false + speed: forced 1000full channel_group: id: 16 mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A - speed: forced 1000full -- name: Ethernet17 peer: core-2-ospf-ldp peer_interface: Ethernet17 peer_type: core_router - shutdown: false - channel_group: - id: 16 - mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A - speed: forced 1000full - name: ethernet21 - peer: peer2 - peer_interface: ethernet21 - peer_type: other - switchport: - enabled: false + description: P2P_LINK_TO_PEER2_ethernet21 shutdown: false mtu: 1600 ip_address: 192.168.0.2/31 isis_enable: CORE isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 - description: P2P_LINK_TO_PEER2_ethernet21 + isis_hello_padding: true + peer: peer2 + peer_interface: ethernet21 + peer_type: other + switchport: + enabled: false - name: ethernet22 + description: P2P_LINK_TO_PEER3_ethernet22 + shutdown: false + mtu: 1600 + ip_address: 172.16.0.0/31 + mpls: + ip: true peer: peer3 peer_interface: ethernet22 peer_type: other switchport: enabled: false +- name: ethernet23 + description: P2P_LINK_TO_PEER4_ethernet23 shutdown: false mtu: 1600 - ip_address: 172.16.0.0/31 + ip_address: 172.16.0.2/31 mpls: ip: true - description: P2P_LINK_TO_PEER3_ethernet22 -- name: ethernet23 peer: peer4 peer_interface: ethernet23 peer_type: other switchport: enabled: false +- name: ethernet24 + description: P2P_LINK_TO_PEER5_ethernet22 shutdown: false mtu: 1600 - ip_address: 172.16.0.2/31 + ip_address: 172.16.1.1/29 mpls: ip: true - description: P2P_LINK_TO_PEER4_ethernet23 -- name: ethernet24 peer: peer5 peer_interface: ethernet22 peer_type: other switchport: enabled: false +- name: ethernet25 + description: P2P_LINK_TO_PEER6_ethernet23 shutdown: false mtu: 1600 - ip_address: 172.16.1.1/29 + ip_address: 172.16.1.9/29 mpls: ip: true - description: P2P_LINK_TO_PEER5_ethernet22 -- name: ethernet25 peer: peer6 peer_interface: ethernet23 peer_type: other switchport: enabled: false +hostname: core-1-isis-sr-ldp +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 1600 - ip_address: 172.16.1.9/29 + ip_address: 10.0.0.1/32 + ipv6_address: 2000:1234:ffff:ffff::1/128 mpls: - ip: true - description: P2P_LINK_TO_PEER6_ethernet23 + ldp: + interface: true + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 201 + ipv6_index: 201 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true + ldp: + interface_disabled_default: true + shutdown: false + transport_address_interface: Loopback0 port_channel_interfaces: - name: Port-Channel12 - peer: core-2-ospf-ldp - peer_interface: Port-Channel12 - peer_type: core_router - switchport: - enabled: false + description: P2P_LINK_TO_core-2-ospf-ldp_Port-Channel12 shutdown: false mtu: 1500 - ip_address: 100.64.48.16/31 - ipv6_enable: true + mpls: + ip: true + ldp: + interface: true + igp_sync: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: P2P_LINK_TO_core-2-ospf-ldp_Port-Channel12 -- name: Port-Channel14 + key: $1c$sTNAlR6rKSw= + mode: md5 + ip_address: 100.64.48.16/31 + ipv6_enable: true peer: core-2-ospf-ldp - peer_interface: Port-Channel14 + peer_interface: Port-Channel12 peer_type: core_router switchport: enabled: false +- name: Port-Channel14 + description: CUSTOM_DESCRIPTION_ON_P2P_PORT_CHANNEL_14 shutdown: false mtu: 1500 - ip_address: 100.64.48.16/31 - ipv6_enable: true + mpls: + ip: true + ldp: + interface: true + igp_sync: true isis_enable: CORE isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: CUSTOM_DESCRIPTION_ON_P2P_PORT_CHANNEL_14 -- name: Port-Channel16 + key: $1c$sTNAlR6rKSw= + mode: md5 + ip_address: 100.64.48.16/31 + ipv6_enable: true peer: core-2-ospf-ldp - peer_interface: Port-Channel16 + peer_interface: Port-Channel14 peer_type: core_router switchport: enabled: false +- name: Port-Channel16 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A shutdown: false mtu: 1500 - ip_address: 100.64.48.16/31 + mpls: + ip: true + ldp: + interface: true + igp_sync: true + isis_enable: CORE + isis_metric: 60 + isis_network_point_to_point: true + isis_circuit_type: level-2 + isis_hello_padding: false + isis_authentication: + both: + key_type: '7' + key: $1c$sTNAlR6rKSw= + mode: md5 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -470,21 +418,73 @@ port_channel_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true + ip_address: 100.64.48.16/31 ipv6_enable: true - isis_enable: CORE - isis_metric: 60 - isis_network_point_to_point: true - isis_hello_padding: false - isis_circuit_type: level-2 - isis_authentication: - both: - mode: md5 - key: $1c$sTNAlR6rKSw= - key_type: '7' - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_A + peer: core-2-ospf-ldp + peer_interface: Port-Channel16 + peer_type: core_router + switchport: + enabled: false +ptp: + mode: boundary + clock_identity: 00:1C:73:7f:00:01 + priority1: 127 + priority2: 1 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +router_general: + router_id: + ipv4: 10.0.0.1 + ipv6: 2000:1234:ffff:ffff::1 +router_isis: + instance: CORE + net: 49.0001.0100.0000.0001.00 + is_type: level-2 + log_adjacency_changes: true + mpls_ldp_sync_default: true + timers: + local_convergence: + protected_prefixes: true + delay: 15000 + advertise: + passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + address_family_ipv6: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: link-protection + segment_routing_mpls: + enabled: true + router_id: 10.0.0.1 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-2-ospf-ldp.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-2-ospf-ldp.yml index 33858baf8be..45a6872b45b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-2-ospf-ldp.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-2-ospf-ldp.yml @@ -1,95 +1,13 @@ -hostname: core-2-ospf-ldp -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:7f:00:02 - priority1: 127 - priority2: 2 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -router_general: - router_id: - ipv4: 10.0.0.2 - ipv6: 2000:1234:ffff:ffff::2 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.0.2/32 - ipv6_address: 2000:1234:ffff:ffff::2/128 - ospf_area: 0.0.0.0 - mpls: - ldp: - interface: true -router_ospf: - process_ids: - - id: 101 - passive_interface_default: true - max_lsa: 12000 - no_passive_interfaces: - - Ethernet1 - - Ethernet2 - - Ethernet3 - - Ethernet4 - - Ethernet5 - - Ethernet6 - - Ethernet10 - - Port-Channel12 - - Port-Channel14 - - Port-Channel16 - bfd_enable: true -mpls: - ip: true - ldp: - interface_disabled_default: true - shutdown: false - transport_address_interface: Loopback0 ethernet_interfaces: - name: Ethernet1 - peer: core-1-isis-sr-ldp - peer_interface: Ethernet1 - peer_type: core_router - switchport: - enabled: false + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet1 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: unnumbered loopback0 ipv6_enable: true @@ -100,34 +18,34 @@ ethernet_interfaces: ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet1 - speed: forced 1000full -- name: Ethernet2 peer: core-1-isis-sr-ldp - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: core_router switchport: enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet2 shutdown: false + speed: 100full mtu: 1601 - service_profile: test_qos_profile ip_address: 100.123.123.3/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 + service_profile: test_qos_profile mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet2 - speed: 100full -- name: Ethernet3 peer: core-1-isis-sr-ldp - peer_interface: Ethernet3 + peer_interface: Ethernet2 peer_type: core_router switchport: enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet3 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: 100.64.48.5/31 ipv6_enable: true @@ -138,29 +56,29 @@ ethernet_interfaces: ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet3 - speed: forced 1000full -- name: Ethernet4 peer: core-1-isis-sr-ldp - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: core_router switchport: enabled: false +- name: Ethernet4 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet4 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: 100.64.48.7/31 ipv6_enable: true ospf_network_point_to_point: true ospf_area: 0.0.0.0 - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet4 - speed: forced 1000full -- name: Ethernet5 peer: core-1-isis-sr-ldp - peer_interface: Ethernet5 + peer_interface: Ethernet4 peer_type: core_router switchport: enabled: false +- name: Ethernet5 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet5 shutdown: false + speed: forced 1000full mtu: 1500 ip_address: 100.64.48.9/31 ipv6_enable: true @@ -168,38 +86,43 @@ ethernet_interfaces: ospf_area: 0.0.0.0 mpls: ip: true - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet5 - speed: forced 1000full -- name: Ethernet6 peer: core-1-isis-sr-ldp - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: core_router switchport: enabled: false +- name: Ethernet6 + description: Custom description on core-2-ospf-ldp eth6 shutdown: false + speed: 100full mtu: 1602 - service_profile: test_qos_profile ip_address: unnumbered loopback0 ipv6_enable: true ospf_network_point_to_point: true ospf_area: 0.0.0.0 + service_profile: test_qos_profile mpls: ip: true ldp: interface: true igp_sync: true - description: Custom description on core-2-ospf-ldp eth6 - speed: 100full -- name: Ethernet10 peer: core-1-isis-sr-ldp - peer_interface: Ethernet10 + peer_interface: Ethernet6 peer_type: core_router switchport: enabled: false +- name: Ethernet10 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet10 shutdown: false + speed: forced 1000full mtu: 1500 + l2_mtu: 2222 + l2_mru: 2222 ip_address: 100.64.48.13/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -207,125 +130,148 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet10 - speed: forced 1000full - l2_mru: 2222 - l2_mtu: 2222 + peer: core-1-isis-sr-ldp + peer_interface: Ethernet10 + peer_type: core_router + switchport: + enabled: false - name: Ethernet12 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet12 + shutdown: false + speed: forced 1000full + channel_group: + id: 12 + mode: active peer: core-1-isis-sr-ldp peer_interface: Ethernet12 peer_type: core_router +- name: Ethernet13 + description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet13 shutdown: false + speed: forced 1000full channel_group: id: 12 mode: active - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet12 - speed: forced 1000full -- name: Ethernet13 peer: core-1-isis-sr-ldp peer_interface: Ethernet13 peer_type: core_router +- name: Ethernet14 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B shutdown: false + speed: forced 1000full channel_group: - id: 12 + id: 14 mode: active - description: P2P_LINK_TO_CORE-1-ISIS-SR-LDP_Ethernet13 - speed: forced 1000full -- name: Ethernet14 peer: core-1-isis-sr-ldp peer_interface: Ethernet14 peer_type: core_router +- name: Ethernet15 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B shutdown: false + speed: forced 1000full channel_group: id: 14 mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B - speed: forced 1000full -- name: Ethernet15 peer: core-1-isis-sr-ldp peer_interface: Ethernet15 peer_type: core_router +- name: Ethernet16 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B shutdown: false + speed: forced 1000full channel_group: - id: 14 + id: 16 mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B - speed: forced 1000full -- name: Ethernet16 peer: core-1-isis-sr-ldp peer_interface: Ethernet16 peer_type: core_router +- name: Ethernet17 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B shutdown: false + speed: forced 1000full channel_group: id: 16 mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B - speed: forced 1000full -- name: Ethernet17 peer: core-1-isis-sr-ldp peer_interface: Ethernet17 peer_type: core_router +hostname: core-2-ospf-ldp +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - channel_group: - id: 16 - mode: active - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B - speed: forced 1000full + ip_address: 10.0.0.2/32 + ipv6_address: 2000:1234:ffff:ffff::2/128 + ospf_area: 0.0.0.0 + mpls: + ldp: + interface: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true + ldp: + interface_disabled_default: true + shutdown: false + transport_address_interface: Loopback0 port_channel_interfaces: - name: Port-Channel12 - peer: core-1-isis-sr-ldp - peer_interface: Port-Channel12 - peer_type: core_router - switchport: - enabled: false + description: P2P_LINK_TO_core-1-isis-sr-ldp_Port-Channel12 shutdown: false mtu: 1500 - ip_address: 100.64.48.17/31 - ipv6_enable: true - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 mpls: ip: true ldp: interface: true igp_sync: true - description: P2P_LINK_TO_core-1-isis-sr-ldp_Port-Channel12 -- name: Port-Channel14 + ip_address: 100.64.48.17/31 + ipv6_enable: true + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 peer: core-1-isis-sr-ldp - peer_interface: Port-Channel14 + peer_interface: Port-Channel12 peer_type: core_router switchport: enabled: false +- name: Port-Channel14 + description: CUSTOM_DESCRIPTION_ON_P2P_PORT_CHANNEL_14 shutdown: false mtu: 1500 - ip_address: 100.64.48.17/31 - ipv6_enable: true - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 mpls: ip: true ldp: interface: true igp_sync: true - description: CUSTOM_DESCRIPTION_ON_P2P_PORT_CHANNEL_14 -- name: Port-Channel16 + ip_address: 100.64.48.17/31 + ipv6_enable: true + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 peer: core-1-isis-sr-ldp - peer_interface: Port-Channel16 + peer_interface: Port-Channel14 peer_type: core_router switchport: enabled: false +- name: Port-Channel16 + description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B shutdown: false mtu: 1500 - ip_address: 100.64.48.17/31 + mpls: + ip: true + ldp: + interface: true + igp_sync: true ptp: + enable: true announce: interval: 0 timeout: 3 @@ -333,13 +279,67 @@ port_channel_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true + ip_address: 100.64.48.17/31 ipv6_enable: true ospf_network_point_to_point: true ospf_area: 0.0.0.0 - mpls: - ip: true - ldp: - interface: true - igp_sync: true - description: CUSTOM_DESCRIPTION_ON_P2P_LINK_B + peer: core-1-isis-sr-ldp + peer_interface: Port-Channel16 + peer_type: core_router + switchport: + enabled: false +ptp: + mode: boundary + clock_identity: 00:1C:73:7f:00:02 + priority1: 127 + priority2: 2 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +router_general: + router_id: + ipv4: 10.0.0.2 + ipv6: 2000:1234:ffff:ffff::2 +router_ospf: + process_ids: + - id: 101 + passive_interface_default: true + bfd_enable: true + no_passive_interfaces: + - Ethernet1 + - Ethernet2 + - Ethernet3 + - Ethernet4 + - Ethernet5 + - Ethernet6 + - Ethernet10 + - Port-Channel12 + - Port-Channel14 + - Port-Channel16 + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-3-isis-sr-ldp.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-3-isis-sr-ldp.yml index f48a212d8cf..5226a444623 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-3-isis-sr-ldp.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-3-isis-sr-ldp.yml @@ -1,32 +1,12 @@ -hostname: core-3-isis-sr-ldp -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true +hostname: core-3-isis-sr-ldp +ip_routing: true +ipv6_unicast_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -41,36 +21,56 @@ loopback_interfaces: node_segment: ipv4_index: 203 ipv6_index: 203 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true + ldp: + interface_disabled_default: true + router_id: 10.0.0.3 + shutdown: false + transport_address_interface: Loopback0 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.0100.0000.0003.00 router_id: 10.0.0.3 is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 - fast_reroute_ti_lfa: - mode: node-protection + log_adjacency_changes: true mpls_ldp_sync_default: true timers: local_convergence: - delay: 15000 protected_prefixes: true + delay: 15000 advertise: passive_only: true + address_family_ipv4: + enabled: true + maximum_paths: 4 + fast_reroute_ti_lfa: + mode: node-protection address_family_ipv6: enabled: true maximum_paths: 4 fast_reroute_ti_lfa: mode: node-protection segment_routing_mpls: - router_id: 10.0.0.3 enabled: true -mpls: - ip: true - ldp: - interface_disabled_default: true router_id: 10.0.0.3 - shutdown: false - transport_address_interface: Loopback0 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-4-multicast.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-4-multicast.yml index d8d9b673eb8..afce17ff2a7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-4-multicast.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/core-4-multicast.yml @@ -1,146 +1,146 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_LINK_TO_PEER1_Ethernet1 + shutdown: false + mtu: 1600 + ip_address: 100.64.48.18/31 + pim: + ipv4: + sparse_mode: true + mpls: + ip: true + peer: peer1 + peer_interface: Ethernet1 + peer_type: other + switchport: + enabled: false +- name: Ethernet2 + description: P2P_LINK_TO_PEER2_Ethernet2 + shutdown: false + mtu: 1600 + ip_address: 100.64.48.20/31 + mpls: + ip: true + peer: peer2 + peer_interface: Ethernet2 + peer_type: other + switchport: + enabled: false +- name: Ethernet3 + description: P2P_LINK_TO_PEER3_Ethernet3 + shutdown: false + mtu: 1600 + ip_address: 100.64.48.22/31 + mpls: + ip: true + peer: peer3 + peer_interface: Ethernet3 + peer_type: other + switchport: + enabled: false hostname: core-4-multicast +ip_routing: true +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2000:1234:ffff:ffff::/64 eq 128 +ipv6_unicast_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.0.4/32 + ipv6_address: 2000:1234:ffff:ffff::4/128 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 30 + type: permit + match: + - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 router_bgp: as: '65000' router_id: 10.0.0.4 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - address_family_ipv6: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true + maximum_routes: 12000 neighbors: - ip_address: 100.64.48.19 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65002' + local_as: '65001' peer: peer1 description: peer1 - peer_group: IPv4-UNDERLAY-PEERS - local_as: '65001' - ip_address: 100.64.48.21 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65003' + local_as: '65001' peer: peer2 description: peer2 - peer_group: IPv4-UNDERLAY-PEERS - local_as: '65001' - ip_address: 100.64.48.23 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65004' + local_as: '65001' peer: peer3 description: peer3 - peer_group: IPv4-UNDERLAY-PEERS - local_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + address_family_ipv6: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +router_multicast: + ipv4: + routing: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -ipv6_unicast_routing: true -router_multicast: - ipv4: - routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.0.4/32 - ipv6_address: 2000:1234:ffff:ffff::4/128 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.0.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2000:1234:ffff:ffff::/64 eq 128 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 30 - type: permit - match: - - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 -ethernet_interfaces: -- name: Ethernet1 - peer: peer1 - peer_interface: Ethernet1 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 1600 - ip_address: 100.64.48.18/31 - pim: - ipv4: - sparse_mode: true - mpls: - ip: true - description: P2P_LINK_TO_PEER1_Ethernet1 -- name: Ethernet2 - peer: peer2 - peer_interface: Ethernet2 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 1600 - ip_address: 100.64.48.20/31 - mpls: - ip: true - description: P2P_LINK_TO_PEER2_Ethernet2 -- name: Ethernet3 - peer: peer3 - peer_interface: Ethernet3 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 1600 - ip_address: 100.64.48.22/31 - mpls: - ip: true - description: P2P_LINK_TO_PEER3_Ethernet3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-ptp-profile.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-ptp-profile.yml index f441ed5e67e..2aa0518be47 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-ptp-profile.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-ptp-profile.yml @@ -1,42 +1,128 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet8 + description: P2P_not-in-this-fabric_Ethernet8 + shutdown: false + mtu: 9214 + ptp: + enable: true + announce: + interval: 4 + timeout: 3 + delay_req: -6 + sync_message: + interval: -7 + transport: ipv4 + peer: not-in-this-fabric + peer_interface: Ethernet8 + peer_type: other + switchport: + enabled: false hostname: custom-ptp-profile +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.42.42.42/32/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.42.42.42/32/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.10.0/24 eq 32 + - sequence: 20 + action: permit 10.10.10.0/24 eq 32 +ptp: + mode: boundary + clock_identity: 00:1C:73:1e:00:0c + priority1: 30 + priority2: 12 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65042' router_id: 10.42.42.42/32 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: PTP + rd: 10.42.42.42/32:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: VRF1 rd: 10.42.42.42/32:1 @@ -53,122 +139,36 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 11 - tenant: PTP - rd: 10.42.42.42/32:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan11 + description: VLAN11 + shutdown: false + vrf: VRF1 + ip_address: 172.16.11.1/24 + tenant: PTP vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true +vlans: +- id: 11 + name: VLAN11 + tenant: PTP vrfs: - name: MGMT ip_routing: false - name: VRF1 - tenant: PTP ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:1e:00:0c - priority1: 30 - priority2: 12 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.42.42.42/32/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.42.42.42/32/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.10.0/24 eq 32 - - sequence: 20 - action: permit 10.10.10.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ethernet_interfaces: -- name: Ethernet8 - peer: not-in-this-fabric - peer_interface: Ethernet8 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 9214 - ptp: - announce: - interval: 4 - timeout: 3 - delay_req: -6 - sync_message: - interval: -7 - transport: ipv4 - enable: true - description: P2P_not-in-this-fabric_Ethernet8 -vlans: -- id: 11 - name: VLAN11 - tenant: PTP -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan11 tenant: PTP - description: VLAN11 - shutdown: false - ip_address: 172.16.11.1/24 - vrf: VRF1 vxlan_interface: vxlan1: description: custom-ptp-profile_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 11 vni: 10011 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-structured-configuration.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-structured-configuration.yml index 5e2f6977c77..f70681ecbfc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-structured-configuration.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/custom-structured-configuration.yml @@ -1,17 +1,11 @@ -hostname: custom-structured-configuration -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true +domain_list: null enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +hostname: custom-structured-configuration +ip_igmp_snooping: {} ip_name_servers: - ip_address: 192.168.42.10 vrf: MGMT @@ -31,6 +25,7 @@ ip_name_servers: vrf: VRF2 - ip_address: 192.168.42.8 vrf: VRF2 +is_deployed: true local_users: - name: eos-designs-admin disabled: false @@ -62,10 +57,16 @@ local_users: privilege: 2 role: network-operator sha512_password: $6$rkvZergVBQ09WJte$.6wtRT8ITilT06pdXS0s5u7M.7G54B8xPPqKTPIhqyCkw6/QgqP2j4yoYAo7YKVU/S3Ra8p23kMtbdHsoBWIk. +management_api_http: + enable_https: null + enable_vrfs: [] +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: [] - enable_https: null -ip_igmp_snooping: {} diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-1.yml index 0260dc280a1..0f19c5684d2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-1.yml @@ -1,208 +1,110 @@ -hostname: cv-pathfinder-custom-control-plane-policy-edge-1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - vrfs: - - name: default - rd: 192.168.42.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.1:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.1 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.1:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.1 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface + description: ATT_666_peer3_Ethernet42 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true peer: peer3 peer_interface: Ethernet42 - ip_address: dhcp - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ATT_666_peer3_Ethernet42 - dhcp_client_accept_default_route: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-custom-control-plane-policy-edge-1 ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.1:511 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -238,16 +140,101 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileA - certificate: - file: profileA.crt - key: profileA.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '666' + cv_pathfinder: + role: edge + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + vtep_ip: 192.168.142.1 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: '666' + pathgroup: INET +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -266,6 +253,21 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-VIDEO - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: CUSTOM-CP-POLICY + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-POLICY-WITH-CP @@ -285,37 +287,134 @@ router_adaptive_virtual_topology: id: 1 - name: IT policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-VIDEO - id: 3 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: CUSTOM-CP-POLICY - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT + profiles: + - name: DEFAULT-POLICY-VIDEO + id: 3 + - name: DEFAULT-POLICY-DEFAULT + id: 1 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.42.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + rd: 192.168.42.1:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.1 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.1:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.1 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -330,21 +429,25 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE load_balance_policies: - name: LB-CUSTOM-CP-POLICY + lowest_hop_count: true + jitter: 5 path_groups: - name: INET - jitter: 5 - lowest_hop_count: true - name: LB-DEFAULT-POLICY-VIDEO path_groups: - name: INET - name: LB-DEFAULT-POLICY-DEFAULT path_groups: - name: INET + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -354,77 +457,22 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.1/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-custom-control-plane-policy-edge-1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -432,51 +480,3 @@ vxlan_interface: vni: 14 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_East - - name: Zone - value: AVD_Land_East-ZONE - - name: Site - value: Site511 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '666' - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.1 - region: AVD_Land_East - zone: AVD_Land_East-ZONE - site: Site511 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: '666' - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-2.yml index 2ce52624a73..c65eca3d056 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-2.yml @@ -1,208 +1,110 @@ -hostname: cv-pathfinder-custom-control-plane-policy-edge-2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - vrfs: - - name: default - rd: 192.168.42.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.2:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.2 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.2:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.2 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: CUSTOM-CP-APP-PROFILE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface + description: ATT_666_peer3_Ethernet42 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true peer: peer3 peer_interface: Ethernet42 - ip_address: dhcp - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ATT_666_peer3_Ethernet42 - dhcp_client_accept_default_route: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.2:511 additive -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.42.2:511 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.2:511 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-custom-control-plane-policy-edge-2 ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.2:511 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -238,16 +140,101 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileA - certificate: - file: profileA.crt - key: profileA.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '666' + cv_pathfinder: + role: edge + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + vtep_ip: 192.168.142.2 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: '666' + pathgroup: INET +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:511 additive +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -266,6 +253,21 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-VIDEO - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: CUSTOM-CP-APP-PROFILE + avt_profile: CUSTOM-CP-POLICY + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-POLICY-WITH-CP @@ -285,37 +287,134 @@ router_adaptive_virtual_topology: id: 1 - name: IT policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-VIDEO - id: 3 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: CUSTOM-CP-APP-PROFILE - avt_profile: CUSTOM-CP-POLICY - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT + profiles: + - name: DEFAULT-POLICY-VIDEO + id: 3 + - name: DEFAULT-POLICY-DEFAULT + id: 1 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + rd: 192.168.42.2:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.2 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.2:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.2 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -330,21 +429,25 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE load_balance_policies: - name: LB-CUSTOM-CP-POLICY + lowest_hop_count: true + jitter: 5 path_groups: - name: INET - jitter: 5 - lowest_hop_count: true - name: LB-DEFAULT-POLICY-VIDEO path_groups: - name: INET - name: LB-DEFAULT-POLICY-DEFAULT path_groups: - name: INET + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -354,77 +457,22 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: CUSTOM-CP-APP-PROFILE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.2/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-custom-control-plane-policy-edge-2_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -432,51 +480,3 @@ vxlan_interface: vni: 14 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_East - - name: Zone - value: AVD_Land_East-ZONE - - name: Site - value: Site511 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '666' - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.2 - region: AVD_Land_East - zone: AVD_Land_East-ZONE - site: Site511 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: '666' - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-3.yml index a2e8b731d92..a5ed45fc44e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-edge-3.yml @@ -1,208 +1,61 @@ -hostname: cv-pathfinder-custom-control-plane-policy-edge-3 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - vrfs: - - name: default - rd: 192.168.42.3:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.3:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.3 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.3:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.3 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + application_profiles: + - name: CUSTOM-CP-APP-PROFILE + applications: + - name: google + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.3/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface + description: ATT_666_peer3_Ethernet42 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true peer: peer3 peer_interface: Ethernet42 - ip_address: dhcp - shutdown: false + peer_type: l3_interface switchport: enabled: false - description: ATT_666_peer3_Ethernet42 - dhcp_client_accept_default_route: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.3:511 additive -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.42.3:511 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.3:511 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-custom-control-plane-policy-edge-3 ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.3:511 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -238,16 +91,101 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileA - certificate: - file: profileA.crt - key: profileA.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '666' + cv_pathfinder: + role: edge + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + vtep_ip: 192.168.142.3 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: '666' + pathgroup: INET +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.3:511 additive +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.3:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.3:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -266,6 +204,21 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-VIDEO - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: CUSTOM-CP-APP-PROFILE + avt_profile: CUSTOM-CP-POLICY + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-POLICY-WITH-CP @@ -290,32 +243,129 @@ router_adaptive_virtual_topology: id: 3 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: CUSTOM-CP-APP-PROFILE - avt_profile: CUSTOM-CP-POLICY - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.3 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.42.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + rd: 192.168.42.3:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.3 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.3:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.3 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -330,21 +380,25 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE load_balance_policies: - name: LB-CUSTOM-CP-POLICY + lowest_hop_count: true + jitter: 5 path_groups: - name: INET - jitter: 5 - lowest_hop_count: true - name: LB-DEFAULT-POLICY-VIDEO path_groups: - name: INET - name: LB-DEFAULT-POLICY-DEFAULT path_groups: - name: INET + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -354,28 +408,22 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: CUSTOM-CP-APP-PROFILE - applications: - - name: google - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.3/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-custom-control-plane-policy-edge-3_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -383,51 +431,3 @@ vxlan_interface: vni: 13 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_East - - name: Zone - value: AVD_Land_East-ZONE - - name: Site - value: Site511 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '666' - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.3 - region: AVD_Land_East - zone: AVD_Land_East-ZONE - site: Site511 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: '666' - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml index 0e850d04416..3f41160f0b5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-custom-control-plane-policy-pathfinder-1.yml @@ -1,204 +1,121 @@ -hostname: cv-pathfinder-custom-control-plane-policy-pathfinder-1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.44.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - route_reflector_client: true - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - - name: WAN-RR-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - route_reflector_client: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - - name: WAN-RR-OVERLAY-PEERS - activate: false - bgp_cluster_id: 192.168.44.1 - listen_ranges: - - prefix: 192.168.142.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - - prefix: 192.168.143.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: WAN-RR-OVERLAY-PEERS - activate: true - encapsulation: path-selection - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - next_hop: - resolution_disabled: true - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - missing_policy: - direction_out_action: deny - - name: WAN-RR-OVERLAY-PEERS - activate: true - path_selection: - roles: - consumer: true - propagator: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-RR-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - vrfs: - - name: default - rd: 192.168.44.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.144.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -platform: - sfe: - data_plane_cpu_allocation_max: 1 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: 10.7.7.7/31 + description: Bouygues_Telecom_777 shutdown: false + ip_address: 10.7.7.7/31 + peer_type: l3_interface switchport: enabled: false - description: Bouygues_Telecom_777 - name: Ethernet2 - peer_type: l3_interface - ip_address: 172.16.0.1/31 + description: Colt_10000 shutdown: false + ip_address: 172.16.0.1/31 + peer_type: l3_interface switchport: enabled: false - description: Colt_10000 - name: Ethernet3 - peer_type: l3_interface - ip_address: 10.9.9.9/31 + description: Another-ISP_999 shutdown: false + ip_address: 10.9.9.9/31 + peer_type: l3_interface switchport: enabled: false - description: Another-ISP_999 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.44.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.44.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.44.1:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.7.7.6 -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-custom-control-plane-policy-pathfinder-1 ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.44.1:0 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -219,273 +136,91 @@ ip_security: time: 50 action: clear mode: transport +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.44.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileA - certificate: - file: profileA.crt - key: profileA.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: pathfinder - profiles: - - name: CUSTOM-CP-POLICY - load_balance_policy: LB-CUSTOM-CP-POLICY - - name: DEFAULT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-POLICY-VIDEO - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-POLICY-WITH-CP - profiles: - - name: CUSTOM-CP-POLICY - id: 254 - - name: DEFAULT-POLICY-VIDEO - id: 3 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-VIDEO - id: 3 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-VIDEO - id: 3 - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: CUSTOM-CP-POLICY - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 100 - local_interfaces: - - name: Ethernet2 - static_peers: - - router_ip: 192.168.144.1 - name: cv-pathfinder-pathfinder - ipv4_addresses: - - 172.16.0.1 - keepalive: - interval: 300 - failure_threshold: 5 - - name: INET - id: 101 - local_interfaces: + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: pathfinder + - name: PathfinderSet + value: PATHFINDERS + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: Bouygues_Telecom + - name: Circuit + value: '777' + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10000' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: Another-ISP + - name: Circuit + value: '999' + cv_pathfinder: + role: pathfinder + vtep_ip: 192.168.144.1 + ssl_profile: profileA + interfaces: - name: Ethernet1 + carrier: Bouygues_Telecom + circuit_id: '777' + pathgroup: INET + public_ip: 10.7.7.7 + - name: Ethernet2 + carrier: Colt + circuit_id: '10000' + pathgroup: MPLS + public_ip: 172.16.0.1 - name: Ethernet3 - static_peers: - - router_ip: 192.168.144.1 - name: cv-pathfinder-pathfinder - ipv4_addresses: - - 172.17.7.7 - - 10.9.9.9 - ipsec_profile: CP-PROFILE - - name: LTE - id: 102 - - name: Equinix - id: 103 - - name: Satellite - id: 104 - - name: AWS - id: 105 - - name: LAN_HA - id: 65535 - flow_assignment: lan - peer_dynamic_source: stun - load_balance_policies: - - name: LB-CUSTOM-CP-POLICY - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - jitter: 5 - lowest_hop_count: true - - name: LB-DEFAULT-POLICY-VIDEO - path_groups: + carrier: Another-ISP + circuit_id: '999' + pathgroup: INET + public_ip: 10.9.9.9 + pathgroups: - name: MPLS + carriers: + - name: Colt + - name: ATT-MPLS - name: INET - - name: LAN_HA - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: INET - - name: LTE - priority: 42 - - name: LAN_HA -router_traffic_engineering: - enabled: true -stun: - server: - local_interfaces: - - Ethernet1 - - Ethernet2 - - Ethernet3 - ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.144.1/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: cv-pathfinder-custom-control-plane-policy-pathfinder-1_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: PROD - vni: 42 - - name: IT - vni: 14 -metadata: - cv_pathfinder: - applications: - profiles: - - name: VIDEO - builtin_applications: - - name: skype - user_defined_applications: - - name: CUSTOM-APPLICATION-1 - categories: - - category: VIDEO1 - transport_protocols: - - rtp - - name: APP-PROFILE-CONTROL-PLANE - user_defined_applications: - - name: APP-CONTROL-PLANE - categories: - builtin_applications: - - name: microsoft-teams - category: VIDEO1 - user_defined_applications: - - name: CUSTOM-APPLICATION-2 - category: VIDEO1 - - name: CUSTOM-DSCP-APPLICATION - category: VIDEO1 - role: pathfinder - ssl_profile: profileA - vtep_ip: 192.168.144.1 - interfaces: - - name: Ethernet1 - carrier: Bouygues_Telecom - circuit_id: '777' - pathgroup: INET - public_ip: 10.7.7.7 - - name: Ethernet2 - carrier: Colt - circuit_id: '10000' - pathgroup: MPLS - public_ip: 172.16.0.1 - - name: Ethernet3 - carrier: Another-ISP - circuit_id: '999' - pathgroup: INET - public_ip: 10.9.9.9 - pathgroups: - - name: MPLS - carriers: - - name: Colt - - name: ATT-MPLS - - name: INET - carriers: - - name: Comcast - - name: ATT - - name: Bouygues_Telecom - - name: SFR - - name: Orange - - name: Another-ISP + carriers: + - name: Comcast + - name: ATT + - name: Bouygues_Telecom + - name: SFR + - name: Orange + - name: Another-ISP - name: LTE carriers: - name: Comcast-5G @@ -497,36 +232,36 @@ metadata: carriers: - name: AWS-1 regions: - - name: AVD_Land_West - id: 42 + - id: 42 + name: AVD_Land_West zones: - - name: AVD_Land_West-ZONE - id: 1 + - id: 1 + name: AVD_Land_West-ZONE sites: - - name: Site404 - id: 404 + - id: 404 + name: Site404 location: address: Atlantis - - name: Site405 - id: 405 + - id: 405 + name: Site405 location: address: El Dorado - - name: Site422 - id: 422 + - id: 422 + name: Site422 location: address: Somewhere - - name: Site423 - id: 423 + - id: 423 + name: Site423 location: address: Somewhere-warm - - name: AVD_Land_East - id: 43 + - id: 43 + name: AVD_Land_East zones: - - name: AVD_Land_East-ZONE - id: 1 + - id: 1 + name: AVD_Land_East-ZONE sites: - - name: Site511 - id: 511 + - id: 511 + name: Site511 location: address: Miami vrfs: @@ -613,48 +348,313 @@ metadata: preference: alternate - name: LAN_HA preference: preferred - cv_tags: - device_tags: - - name: Role - value: pathfinder - - name: PathfinderSet - value: PATHFINDERS - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: Bouygues_Telecom - - name: Circuit - value: '777' - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10000' - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: Another-ISP - - name: Circuit - value: '999' -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false + applications: + profiles: + - name: VIDEO + builtin_applications: + - name: skype + user_defined_applications: + - name: CUSTOM-APPLICATION-1 + categories: + - category: VIDEO1 + transport_protocols: + - rtp + - name: APP-PROFILE-CONTROL-PLANE + user_defined_applications: + - name: APP-CONTROL-PLANE + categories: + builtin_applications: + - name: microsoft-teams + category: VIDEO1 + user_defined_applications: + - name: CUSTOM-APPLICATION-2 + category: VIDEO1 + - name: CUSTOM-DSCP-APPLICATION + category: VIDEO1 +platform: + sfe: + data_plane_cpu_allocation_max: 1 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.44.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.44.1:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: pathfinder + profiles: + - name: CUSTOM-CP-POLICY + load_balance_policy: LB-CUSTOM-CP-POLICY + - name: DEFAULT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-POLICY-VIDEO + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: CUSTOM-CP-POLICY + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-POLICY-WITH-CP + profiles: + - name: CUSTOM-CP-POLICY + id: 254 + - name: DEFAULT-POLICY-VIDEO + id: 3 + - name: DEFAULT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-VIDEO + id: 3 + - name: DEFAULT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-VIDEO + id: 3 + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.44.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp_cluster_id: 192.168.44.1 + bgp: + default: + ipv4_unicast: false + listen_ranges: + - prefix: 192.168.142.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + - prefix: 192.168.143.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + - name: WAN-RR-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-RR-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-RR-OVERLAY-PEERS + activate: true + encapsulation: path-selection + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + next_hop: + resolution_disabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + - name: WAN-RR-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + missing_policy: + direction_out_action: deny + - name: WAN-RR-OVERLAY-PEERS + activate: true + path_selection: + roles: + consumer: true + propagator: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.44.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_path_selection: + peer_dynamic_source: stun + path_groups: + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2 + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.16.0.1 + keepalive: + interval: 300 + failure_threshold: 5 + - name: INET + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1 + - name: Ethernet3 + static_peers: + - router_ip: 192.168.144.1 + name: cv-pathfinder-pathfinder + ipv4_addresses: + - 172.17.7.7 + - 10.9.9.9 + - name: LTE + id: 102 + - name: Equinix + id: 103 + - name: Satellite + id: 104 + - name: AWS + id: 105 + - name: LAN_HA + id: 65535 + flow_assignment: lan + load_balance_policies: + - name: LB-CUSTOM-CP-POLICY + lowest_hop_count: true + jitter: 5 + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-POLICY-VIDEO + path_groups: + - name: MPLS + - name: INET + - name: LAN_HA + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: INET + - name: LTE + priority: 42 + - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.7.7.6 +stun: + server: + local_interfaces: + - Ethernet1 + - Ethernet2 + - Ethernet3 + ssl_profile: profileA +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: cv-pathfinder-custom-control-plane-policy-pathfinder-1_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: PROD + vni: 42 + - name: IT + vni: 14 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-custom-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-custom-default-policy.yml index b5c24a7f6b8..65263c4aa31 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-custom-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-custom-default-policy.yml @@ -1,188 +1,82 @@ -hostname: cv-pathfinder-edge-custom-default-policy -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 42 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - vrfs: - - name: default - rd: 192.168.42.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: PROD - rd: 192.168.42.1:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - router_id: 192.168.42.1 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.255.1/32 + flow_tracker: + hardware: custom_flow_track_name enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - switchport: - enabled: false description: ATT_666 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet2 peer_type: l3_interface - ip_address: 172.15.5.5/31 - shutdown: false switchport: enabled: false +- name: Ethernet2 description: Colt_10555 -- name: Ethernet3 - peer_type: l3_interface - ip_address: 172.20.20.20/31 shutdown: false + ip_address: 172.15.5.5/31 + peer_type: l3_interface switchport: enabled: false +- name: Ethernet3 description: Comcast-5G_AF830 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID shutdown: false - ip_address: 192.168.42.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.1:1 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.1:1 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' + ip_address: 172.20.20.20/31 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: custom_flow_track_name + record_export: + on_inactive_timeout: 50000 + on_interval: 300331 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 40000 + shutdown: false +hostname: cv-pathfinder-edge-custom-default-policy ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.1:1 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -218,16 +112,118 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site1 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '666' + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10555' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast-5G + - name: Circuit + value: AF830 + cv_pathfinder: + role: edge + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site1 + vtep_ip: 192.168.255.1 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: '666' + pathgroup: INET + - name: Ethernet2 + carrier: Colt + circuit_id: '10555' + pathgroup: MPLS + - name: Ethernet3 + carrier: Comcast-5G + circuit_id: AF830 + pathgroup: LTE +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.1:1 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.1:1 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -246,6 +242,21 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-VIDEO - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-POLICY-WITH-CP @@ -263,32 +274,107 @@ router_adaptive_virtual_topology: id: 3 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 42 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.42.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: PROD + rd: 192.168.42.1:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.42.1 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -303,7 +389,6 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: MPLS id: 100 local_interfaces: @@ -320,11 +405,11 @@ router_path_selection: - 172.16.0.1 - name: LTE id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 dynamic_peers: enabled: true - ipsec_profile: CP-PROFILE load_balance_policies: - name: LB-DEFAULT-POLICY-CONTROL-PLANE path_groups: @@ -339,8 +424,13 @@ router_path_selection: - name: INET - name: LTE priority: 42 + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -353,111 +443,21 @@ stun: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 ip_address: 172.16.0.1 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.255.1/32 - flow_tracker: - hardware: custom_flow_track_name +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-edge-custom-default-policy_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: custom_flow_track_name - record_export: - on_inactive_timeout: 50000 - on_interval: 300331 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 40000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site1 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '666' - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10555' - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast-5G - - name: Circuit - value: AF830 - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 192.168.255.1 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site1 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: '666' - pathgroup: INET - - name: Ethernet2 - carrier: Colt - circuit_id: '10555' - pathgroup: MPLS - - name: Ethernet3 - carrier: Comcast-5G - circuit_id: AF830 - pathgroup: LTE - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-default-policy.yml index fa97bd07f65..4f80a761394 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-default-policy.yml @@ -1,206 +1,78 @@ -hostname: cv-pathfinder-edge-no-default-policy -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 42 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - vrfs: - - name: default - rd: 192.168.42.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.1:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - router_id: 192.168.42.1 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.1:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - router_id: 192.168.42.1 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.255.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - switchport: - enabled: false description: ATT_666 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet2 peer_type: l3_interface - ip_address: 172.15.5.5/31 - shutdown: false switchport: enabled: false +- name: Ethernet2 description: Colt_10555 -- name: Ethernet3 - peer_type: l3_interface - ip_address: 172.20.20.20/31 shutdown: false + ip_address: 172.15.5.5/31 + peer_type: l3_interface switchport: enabled: false +- name: Ethernet3 description: Comcast-5G_AF830 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID shutdown: false - ip_address: 192.168.42.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' + ip_address: 172.20.20.20/31 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge-no-default-policy ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.1:511 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -236,16 +108,118 @@ ip_security: mode: transport key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '666' + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10555' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast-5G + - name: Circuit + value: AF830 + cv_pathfinder: + role: edge + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + vtep_ip: 192.168.255.1 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: '666' + pathgroup: INET + - name: Ethernet2 + carrier: Colt + circuit_id: '10555' + pathgroup: MPLS + - name: Ethernet3 + carrier: Comcast-5G + circuit_id: AF830 + pathgroup: LTE +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -262,6 +236,17 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - name: DEFAULT-POLICY-CONTROL-PLANE load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE + policies: + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: PROD policy: DEFAULT-POLICY @@ -280,28 +265,122 @@ router_adaptive_virtual_topology: id: 254 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 42 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.42.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: IT + rd: 192.168.42.1:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.42.1 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.1:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.42.1 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -316,9 +395,9 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: MPLS id: 100 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet2 stun: @@ -332,14 +411,13 @@ router_path_selection: name: cv-pathfinder-pathfinder ipv4_addresses: - 172.16.0.1 - ipsec_profile: CP-PROFILE - name: LTE id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 dynamic_peers: enabled: true - ipsec_profile: CP-PROFILE load_balance_policies: - name: LB-DEFAULT-POLICY-DEFAULT path_groups: @@ -350,8 +428,13 @@ router_path_selection: path_groups: - name: INET - name: MPLS + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -364,33 +447,22 @@ stun: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 ip_address: 172.16.0.1 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.255.1/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-edge-no-default-policy_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -398,75 +470,3 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_East - - name: Zone - value: AVD_Land_East-ZONE - - name: Site - value: Site511 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '666' - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10555' - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast-5G - - name: Circuit - value: AF830 - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 192.168.255.1 - region: AVD_Land_East - zone: AVD_Land_East-ZONE - site: Site511 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: '666' - pathgroup: INET - - name: Ethernet2 - carrier: Colt - circuit_id: '10555' - pathgroup: MPLS - - name: Ethernet3 - carrier: Comcast-5G - circuit_id: AF830 - pathgroup: LTE - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml index 5d5afc6d38f..48de294b843 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml @@ -1,396 +1,228 @@ -hostname: cv-pathfinder-edge -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - static: - enabled: true - route_map: RM-STATIC-2-BGP - updates: - wait_install: true - neighbors: - - ip_address: 172.16.9.4 - remote_as: '64520' - description: ATT_666_peer3_Ethernet42 - route_map_in: RM-BGP-172.16.9.4-IN - route_map_out: RM-BGP-172.16.9.4-OUT - - ip_address: 172.16.5.4 - remote_as: '64520' - description: Colt_10555 - route_map_in: RM-BGP-172.16.5.4-IN - route_map_out: RM-BGP-172.16.5.4-OUT - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-disabled-leaf - description: site-ha-disabled-leaf_Ethernet1 - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - address_family_ipv4: - neighbors: - - ip_address: 172.16.9.4 - activate: true - - ip_address: 172.16.5.4 - activate: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - vrfs: - - name: IT - router_id: 192.168.42.1 - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-disabled-leaf_Ethernet1.1000_vrf_IT - rd: 192.168.42.1:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD - router_id: 192.168.42.1 - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-disabled-leaf_Ethernet1.142_vrf_PROD - rd: 192.168.42.1:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK - router_id: 192.168.42.1 - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-disabled-leaf_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK - rd: 192.168.42.1:666 - route_targets: - import: - - address_family: evpn - route_targets: - - 666:666 - export: - - address_family: evpn - route_targets: - - 666:666 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.42.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -prefix_lists: -- name: ALLOW-DEFAULT - sequence_numbers: - - sequence: 10 - action: permit 0.0.0.0/0 -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -- name: PL-STATIC-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - action: permit 66.66.66.0/24 -route_maps: -- name: RM-BGP-172.16.9.4-IN - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list ALLOW-DEFAULT - set: - - community no-advertise additive -- name: RM-BGP-172.16.9.4-OUT - sequence_numbers: - - sequence: 10 - type: deny -- name: RM-BGP-172.16.5.4-IN - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list ALLOW-DEFAULT - set: - - community no-advertise additive -- name: RM-BGP-172.16.5.4-OUT - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list ALLOW-DEFAULT - - sequence: 20 - type: deny -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.1:511 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -- name: RM-STATIC-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-STATIC-VRF-DEFAULT - set: - - extcommunity soo 192.168.42.1:511 additive ethernet_interfaces: - name: Ethernet52 - peer: site-ha-disabled-leaf - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_site-ha-disabled-leaf_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.1/31 -- name: Ethernet52.1000 peer: site-ha-disabled-leaf - peer_interface: Ethernet1.1000 + peer_interface: Ethernet1 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet52.1000 description: P2P_site-ha-disabled-leaf_Ethernet1.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.1/31 -- name: Ethernet52.142 peer: site-ha-disabled-leaf - peer_interface: Ethernet1.142 + peer_interface: Ethernet1.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet52.142 description: P2P_site-ha-disabled-leaf_Ethernet1.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.1/31 -- name: Ethernet52.666 peer: site-ha-disabled-leaf - peer_interface: Ethernet1.666 + peer_interface: Ethernet1.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet52.666 description: P2P_site-ha-disabled-leaf_Ethernet1.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.1/31 + peer: site-ha-disabled-leaf + peer_interface: Ethernet1.666 + peer_type: l3leaf - name: Ethernet1 - peer_type: l3_interface - peer: peer3 - peer_interface: Ethernet42 - ip_address: dhcp - shutdown: false - switchport: - enabled: false description: ATT_666_peer3_Ethernet42 + shutdown: false flow_tracker: hardware: FLOW-TRACKER + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet2 + peer: peer3 + peer_interface: Ethernet42 peer_type: l3_interface - ip_address: 172.15.5.5/31 - shutdown: false switchport: enabled: false +- name: Ethernet2 description: Colt_10555 + shutdown: false + ip_address: 172.15.5.5/31 ip_nat: service_profile: NAT-IE-DIRECT -- name: Ethernet2/1 peer_type: l3_interface - ip_address: 172.15.5.6/31 - shutdown: false switchport: enabled: false +- name: Ethernet2/1 description: Colt_10555 + shutdown: false + ip_address: 172.15.5.6/31 ip_nat: service_profile: NAT-IE-DIRECT -- name: Ethernet3 peer_type: l3_interface - ip_address: 172.20.20.20/31 - shutdown: false switchport: enabled: false +- name: Ethernet3 description: Comcast-5G_AF830 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID shutdown: false - ip_address: 192.168.42.1/32 -static_routes: -- destination_address_prefix: 172.16.0.0/16 - gateway: 172.16.5.4 -- destination_address_prefix: 172.16.0.0/16 - gateway: 172.16.5.9 -- destination_address_prefix: 66.66.66.0/24 - gateway: 172.17.0.0 - vrf: default -- destination_address_prefix: 10.37.121.1/32 - name: IE-ZSCALER-PRI - gateway: 172.20.20.21 -- destination_address_prefix: 10.39.77.1/32 - name: IE-ZSCALER-SEC - gateway: 172.20.20.21 -- destination_address_prefix: 10.50.9.1/32 - name: IE-ZSCALER-TER - gateway: 172.20.20.21 -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' + ip_address: 172.20.20.20/31 + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge +ip_access_lists: +- name: ACL-NAT-IE-DIRECT + entries: + - sequence: 10 + action: deny + protocol: ip + source: 172.15.5.5 + destination: any + - sequence: 20 + action: deny + protocol: ip + source: 172.15.5.6 + destination: any + - sequence: 30 + action: permit + protocol: ip + source: any + destination: any +- name: ACL-NAT-IE-ZSCALER + entries: + - sequence: 10 + action: permit + protocol: ip + source: any + destination: any ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.1:511 +ip_nat: + profiles: + - name: NAT-IE-DIRECT + source: + dynamic: + - access_list: ACL-NAT-IE-DIRECT + nat_type: overload + - name: NAT-IE-ZSCALER + source: + dynamic: + - access_list: ACL-NAT-IE-ZSCALER + nat_type: pool + pool_name: PORT-ONLY-POOL + pools: + - name: PORT-ONLY-POOL + type: port-only + ranges: + - first_port: 1500 + last_port: 65535 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -410,12 +242,12 @@ ip_security: encryption: aes256gcm128 pfs_dh_group: 14 - name: IE-ZSCALER-EXIT-POLICY-1-SA-POLICY - pfs_dh_group: 24 sa_lifetime: value: 8 esp: integrity: sha256 encryption: aes256 + pfs_dh_group: 24 profiles: - name: DP-PROFILE sa_policy: DP-SA-POLICY @@ -439,24 +271,290 @@ ip_security: - name: IE-ZSCALER-EXIT-POLICY-1-PROFILE ike_policy: IE-ZSCALER-EXIT-POLICY-1-IKE-POLICY sa_policy: IE-ZSCALER-EXIT-POLICY-1-SA-POLICY + connection: start shared_key: 0007054B145A1F0E0928424A0C0B4812160C093B101807091F10105E222E2A351B69777F7D2D3A5547666C7F7A616A672374332B7C68263639327A3E2A3B0468 dpd: interval: 10 time: 60 action: clear - connection: start key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileA - certificate: - file: profileA.crt - key: profileA.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet52.1000 + tags: + - name: Type + value: lan + - interface: Ethernet52.142 + tags: + - name: Type + value: lan + - interface: Ethernet52.666 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '666' + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10555' + - interface: Ethernet2/1 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10555' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast-5G + - name: Circuit + value: AF830 + cv_pathfinder: + role: edge + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + vtep_ip: 192.168.142.1 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: '666' + pathgroup: INET + - name: Ethernet2 + carrier: Colt + circuit_id: '10555' + pathgroup: MPLS + - name: Ethernet2/1 + carrier: Colt + circuit_id: '10555' + pathgroup: MPLS + - name: Ethernet3 + carrier: Comcast-5G + circuit_id: AF830 + pathgroup: LTE + internet_exit_policies: + - name: ZSCALER-EXIT-POLICY-1 + type: zscaler + city: Santa Clara, CA + country: United States + firewall: false + ips_control: false + acceptable_use_policy: false + vpn_credentials: + - fqdn: cv-pathfinder-edge_ZSCALER-EXIT-POLICY-1@test.local + vpn_type: UFQDN + pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C093B101807091F10105E222E2A351B69777F7D2D3A5547666C7F7A616A672374332B7C68263639327A3E2A3B0468 + tunnels: + - name: Tunnel100 + preference: Preferred + endpoint: + ip_address: 10.37.121.1 + datacenter: FMT1 + city: Fremont, CA + country: United States + region: us-west1 + latitude: '37' + longitude: '-121' + - name: Tunnel101 + preference: Alternate + endpoint: + ip_address: 10.39.77.1 + datacenter: WAS1 + city: Washington, DC + country: United States + region: us-east1 + latitude: '39' + longitude: '-77' + - name: Tunnel102 + preference: Alternate + endpoint: + ip_address: 10.50.9.1 + datacenter: FRA4 + city: Frankfurt + country: Germany + region: eu-west1 + latitude: '50' + longitude: '9' +monitor_connectivity: + shutdown: false + interface_sets: + - name: SET-Ethernet2 + interfaces: Ethernet2 + - name: SET-Ethernet2_1 + interfaces: Ethernet2/1 + - name: SET-Tunnel100 + interfaces: Tunnel100 + - name: SET-Tunnel101 + interfaces: Tunnel101 + - name: SET-Tunnel102 + interfaces: Tunnel102 + hosts: + - name: IE-Ethernet2 + description: Internet Exit DIRECT-EXIT-POLICY-1 + ip: 172.16.5.4 + local_interfaces: SET-Ethernet2 + address_only: false + - name: IE-Ethernet2_1 + description: Internet Exit DIRECT-EXIT-POLICY-1 + ip: 172.16.5.9 + local_interfaces: SET-Ethernet2_1 + address_only: false + - name: IE-Tunnel100 + description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI + ip: 10.37.121.1 + local_interfaces: SET-Tunnel100 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest + - name: IE-Tunnel101 + description: Internet Exit ZSCALER-EXIT-POLICY-1 SEC + ip: 10.39.77.1 + local_interfaces: SET-Tunnel101 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest + - name: IE-Tunnel102 + description: Internet Exit ZSCALER-EXIT-POLICY-1 TER + ip: 10.50.9.1 + local_interfaces: SET-Tunnel102 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest +prefix_lists: +- name: ALLOW-DEFAULT + sequence_numbers: + - sequence: 10 + action: permit 0.0.0.0/0 +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +- name: PL-STATIC-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + action: permit 66.66.66.0/24 +route_maps: +- name: RM-BGP-172.16.9.4-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + set: + - community no-advertise additive +- name: RM-BGP-172.16.9.4-OUT + sequence_numbers: + - sequence: 10 + type: deny +- name: RM-BGP-172.16.5.4-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + set: + - community no-advertise additive +- name: RM-BGP-172.16.5.4-OUT + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + - sequence: 20 + type: deny +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.1:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +- name: RM-STATIC-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-STATIC-VRF-DEFAULT + set: + - extcommunity soo 192.168.42.1:511 additive router_adaptive_virtual_topology: topology_role: edge region: @@ -487,6 +585,35 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-AVT-POLICY-WITH-CP @@ -520,46 +647,208 @@ router_adaptive_virtual_topology: profiles: - name: DEFAULT-POLICY-DEFAULT id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 172.16.9.4 + remote_as: '64520' + description: ATT_666_peer3_Ethernet42 + route_map_in: RM-BGP-172.16.9.4-IN + route_map_out: RM-BGP-172.16.9.4-OUT + - ip_address: 172.16.5.4 + remote_as: '64520' + description: Colt_10555 + route_map_in: RM-BGP-172.16.5.4-IN + route_map_out: RM-BGP-172.16.5.4-OUT + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-disabled-leaf + description: site-ha-disabled-leaf_Ethernet1 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + static: + enabled: true + route_map: RM-STATIC-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + neighbors: + - ip_address: 172.16.9.4 + activate: true + - ip_address: 172.16.5.4 + activate: true + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: IT + rd: 192.168.42.1:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-disabled-leaf_Ethernet1.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.1:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-disabled-leaf_Ethernet1.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.42.1:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 + router_id: 192.168.42.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-disabled-leaf_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.42.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_internet_exit: policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + - name: DIRECT-EXIT-POLICY-1 + exit_groups: + - name: DIRECT-EXIT-POLICY-1 + - name: ZSCALER-EXIT-POLICY-1 + exit_groups: + - name: ZSCALER-EXIT-POLICY-1_PRI + - name: ZSCALER-EXIT-POLICY-1_SEC + - name: ZSCALER-EXIT-POLICY-1_TER + - name: system-default-exit-group + exit_groups: + - name: DIRECT-EXIT-POLICY-1 + local_connections: + - name: IE-Ethernet2 + - name: IE-Ethernet2_1 + - name: ZSCALER-EXIT-POLICY-1_PRI + local_connections: + - name: IE-Tunnel100 + - name: ZSCALER-EXIT-POLICY-1_SEC + local_connections: + - name: IE-Tunnel101 + - name: ZSCALER-EXIT-POLICY-1_TER + local_connections: + - name: IE-Tunnel102 router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -574,7 +863,6 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: MPLS id: 100 local_interfaces: @@ -599,11 +887,11 @@ router_path_selection: failure_threshold: 5 - name: LTE id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 dynamic_peers: enabled: true - ipsec_profile: CP-PROFILE keepalive: interval: 100 failure_threshold: 12 @@ -622,19 +910,19 @@ router_path_selection: - name: MPLS priority: 4223 - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: MPLS - name: INET priority: 2 - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: MPLS - name: LTE - name: INET priority: 2 - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: MPLS @@ -647,198 +935,68 @@ router_path_selection: path_groups: - name: INET - name: MPLS -router_traffic_engineering: - enabled: true -stun: - client: - server_profiles: - - name: INET-cv-pathfinder-pathfinder-Ethernet1 - ip_address: 172.17.7.7 - ssl_profile: profileA - - name: INET-cv-pathfinder-pathfinder-Ethernet3 - ip_address: 10.9.9.9 - ssl_profile: profileA - - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 - ip_address: 172.16.0.1 - ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -ip_access_lists: -- name: ACL-NAT-IE-DIRECT - entries: - - sequence: 10 - action: deny - protocol: ip - source: 172.15.5.5 - destination: any - - sequence: 20 - action: deny - protocol: ip - source: 172.15.5.6 - destination: any - - sequence: 30 - action: permit - protocol: ip - source: any - destination: any -- name: ACL-NAT-IE-ZSCALER - entries: - - sequence: 10 - action: permit - protocol: ip - source: any - destination: any -ip_nat: - profiles: - - name: NAT-IE-DIRECT - source: - dynamic: - - access_list: ACL-NAT-IE-DIRECT - nat_type: overload - - name: NAT-IE-ZSCALER - source: - dynamic: - - access_list: ACL-NAT-IE-ZSCALER - pool_name: PORT-ONLY-POOL - nat_type: pool - pools: - - name: PORT-ONLY-POOL - type: port-only - ranges: - - first_port: 1500 - last_port: 65535 + tcp_mss_ceiling: + ipv4_segment_size: auto router_service_insertion: enabled: true connections: - name: IE-Ethernet2 - monitor_connectivity_host: IE-Ethernet2 ethernet_interface: name: Ethernet2 next_hop: 172.16.5.4 + monitor_connectivity_host: IE-Ethernet2 - name: IE-Ethernet2_1 - monitor_connectivity_host: IE-Ethernet2_1 ethernet_interface: name: Ethernet2/1 next_hop: 172.16.5.9 + monitor_connectivity_host: IE-Ethernet2_1 - name: IE-Tunnel100 - monitor_connectivity_host: IE-Tunnel100 - tunnel_interface: - primary: Tunnel100 - - name: IE-Tunnel101 - monitor_connectivity_host: IE-Tunnel101 - tunnel_interface: - primary: Tunnel101 - - name: IE-Tunnel102 - monitor_connectivity_host: IE-Tunnel102 - tunnel_interface: - primary: Tunnel102 -router_internet_exit: - exit_groups: - - name: DIRECT-EXIT-POLICY-1 - local_connections: - - name: IE-Ethernet2 - - name: IE-Ethernet2_1 - - name: ZSCALER-EXIT-POLICY-1_PRI - local_connections: - - name: IE-Tunnel100 - - name: ZSCALER-EXIT-POLICY-1_SEC - local_connections: - - name: IE-Tunnel101 - - name: ZSCALER-EXIT-POLICY-1_TER - local_connections: - - name: IE-Tunnel102 - policies: - - name: DIRECT-EXIT-POLICY-1 - exit_groups: - - name: DIRECT-EXIT-POLICY-1 - - name: ZSCALER-EXIT-POLICY-1 - exit_groups: - - name: ZSCALER-EXIT-POLICY-1_PRI - - name: ZSCALER-EXIT-POLICY-1_SEC - - name: ZSCALER-EXIT-POLICY-1_TER - - name: system-default-exit-group -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.1/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: cv-pathfinder-edge_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: IT - vni: 100 - - name: PROD - vni: 42 - - name: ATTRACTED-VRF-FROM-UPLINK - vni: 166 + tunnel_interface: + primary: Tunnel100 + monitor_connectivity_host: IE-Tunnel100 + - name: IE-Tunnel101 + tunnel_interface: + primary: Tunnel101 + monitor_connectivity_host: IE-Tunnel101 + - name: IE-Tunnel102 + tunnel_interface: + primary: Tunnel102 + monitor_connectivity_host: IE-Tunnel102 +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- destination_address_prefix: 172.16.0.0/16 + gateway: 172.16.5.4 +- destination_address_prefix: 172.16.0.0/16 + gateway: 172.16.5.9 +- vrf: default + destination_address_prefix: 66.66.66.0/24 + gateway: 172.17.0.0 +- destination_address_prefix: 10.37.121.1/32 + gateway: 172.20.20.21 + name: IE-ZSCALER-PRI +- destination_address_prefix: 10.39.77.1/32 + gateway: 172.20.20.21 + name: IE-ZSCALER-SEC +- destination_address_prefix: 10.50.9.1/32 + gateway: 172.20.20.21 + name: IE-ZSCALER-TER +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder-Ethernet1 + ip_address: 172.17.7.7 + ssl_profile: profileA + - name: INET-cv-pathfinder-pathfinder-Ethernet3 + ip_address: 10.9.9.9 + ssl_profile: profileA + - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 + ip_address: 172.16.0.1 + ssl_profile: profileA +transceiver_qsfp_default_mode_4x10: false tunnel_interfaces: - name: Tunnel100 description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI @@ -867,188 +1025,30 @@ tunnel_interfaces: destination: 10.50.9.1 ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE nat_profile: NAT-IE-ZSCALER -monitor_connectivity: - interface_sets: - - name: SET-Ethernet2 - interfaces: Ethernet2 - - name: SET-Ethernet2_1 - interfaces: Ethernet2/1 - - name: SET-Tunnel100 - interfaces: Tunnel100 - - name: SET-Tunnel101 - interfaces: Tunnel101 - - name: SET-Tunnel102 - interfaces: Tunnel102 - hosts: - - name: IE-Ethernet2 - description: Internet Exit DIRECT-EXIT-POLICY-1 - ip: 172.16.5.4 - local_interfaces: SET-Ethernet2 - address_only: false - - name: IE-Ethernet2_1 - description: Internet Exit DIRECT-EXIT-POLICY-1 - ip: 172.16.5.9 - local_interfaces: SET-Ethernet2_1 - address_only: false - - name: IE-Tunnel100 - description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI - ip: 10.37.121.1 - local_interfaces: SET-Tunnel100 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - - name: IE-Tunnel101 - description: Internet Exit ZSCALER-EXIT-POLICY-1 SEC - ip: 10.39.77.1 - local_interfaces: SET-Tunnel101 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - - name: IE-Tunnel102 - description: Internet Exit ZSCALER-EXIT-POLICY-1 TER - ip: 10.50.9.1 - local_interfaces: SET-Tunnel102 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - shutdown: false -metadata: - cv_pathfinder: - internet_exit_policies: - - name: ZSCALER-EXIT-POLICY-1 - type: zscaler - city: Santa Clara, CA - country: United States - firewall: false - ips_control: false - acceptable_use_policy: false - vpn_credentials: - - fqdn: cv-pathfinder-edge_ZSCALER-EXIT-POLICY-1@test.local - vpn_type: UFQDN - pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C093B101807091F10105E222E2A351B69777F7D2D3A5547666C7F7A616A672374332B7C68263639327A3E2A3B0468 - tunnels: - - name: Tunnel100 - preference: Preferred - endpoint: - ip_address: 10.37.121.1 - datacenter: FMT1 - city: Fremont, CA - country: United States - region: us-west1 - latitude: '37' - longitude: '-121' - - name: Tunnel101 - preference: Alternate - endpoint: - ip_address: 10.39.77.1 - datacenter: WAS1 - city: Washington, DC - country: United States - region: us-east1 - latitude: '39' - longitude: '-77' - - name: Tunnel102 - preference: Alternate - endpoint: - ip_address: 10.50.9.1 - datacenter: FRA4 - city: Frankfurt - country: Germany - region: eu-west1 - latitude: '50' - longitude: '9' - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.1 - region: AVD_Land_East - zone: AVD_Land_East-ZONE - site: Site511 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: '666' - pathgroup: INET - - name: Ethernet2 - carrier: Colt - circuit_id: '10555' - pathgroup: MPLS - - name: Ethernet2/1 - carrier: Colt - circuit_id: '10555' - pathgroup: MPLS - - name: Ethernet3 - carrier: Comcast-5G - circuit_id: AF830 - pathgroup: LTE - pathfinders: - - vtep_ip: 192.168.144.1 - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_East - - name: Zone - value: AVD_Land_East-ZONE - - name: Site - value: Site511 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet52.1000 - tags: - - name: Type - value: lan - - interface: Ethernet52.142 - tags: - - name: Type - value: lan - - interface: Ethernet52.666 - tags: - - name: Type - value: lan - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '666' - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10555' - - interface: Ethernet2/1 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10555' - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast-5G - - name: Circuit - value: AF830 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true + tenant: TenantC +vxlan_interface: + vxlan1: + description: cv-pathfinder-edge_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml index de3888f213d..b99fc10d303 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml @@ -1,408 +1,247 @@ -hostname: cv-pathfinder-edge1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - neighbors: - - ip_address: 172.29.0.13 - remote_as: '64520' - route_map_in: RM-BGP-172.29.0.13-IN - route_map_out: RM-BGP-172.29.0.13-OUT - - ip_address: 172.28.0.14 - remote_as: '64520' - route_map_out: RM-BGP-172.28.0.14-OUT - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-disabled-leaf - description: site-ha-disabled-leaf_Ethernet2 - - ip_address: 192.168.144.2 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder1 - description: cv-pathfinder-pathfinder1_Dps1 - - ip_address: 192.168.144.3 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder2 - description: cv-pathfinder-pathfinder2_Dps1 - address_family_ipv4: - neighbors: - - ip_address: 172.29.0.13 - activate: true - - ip_address: 172.28.0.14 - activate: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - vrfs: - - name: IT - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-disabled-leaf_Ethernet2.1000_vrf_IT - rd: 192.168.42.2:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-disabled-leaf_Ethernet2.142_vrf_PROD - rd: 192.168.42.2:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-disabled-leaf_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK - rd: 192.168.42.2:666 - route_targets: - import: - - address_family: evpn - route_targets: - - 666:666 - export: - - address_family: evpn - route_targets: - - 666:666 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.42.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.2/32 + - 192.168.144.3/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -prefix_lists: -- name: PL2 - sequence_numbers: - - sequence: 10 - action: permit 5.0.0.0/0 - - sequence: 20 - action: deny 10.00.0.0/24 -- name: ALLOW-DEFAULT - sequence_numbers: - - sequence: 10 - action: permit 0.0.0.0/0 -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.42.0/24 eq 32 -route_maps: -- name: RM-BGP-172.29.0.13-IN - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL2 -- name: RM-BGP-172.29.0.13-OUT - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list ALLOW-DEFAULT - - sequence: 20 - type: deny -- name: RM-BGP-172.28.0.14-OUT - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL2 - - sequence: 20 - type: deny -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.42.2:511 additive -- name: RM-BGP-UNDERLAY-PEERS-IN - sequence_numbers: - - sequence: 40 - type: permit - description: Mark prefixes originated from the LAN - set: - - extcommunity soo 192.168.42.2:511 additive -- name: RM-EVPN-SOO-IN - sequence_numbers: - - sequence: 10 - type: deny - match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.42.2:511 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO ethernet_interfaces: - name: Ethernet52 - peer: site-ha-disabled-leaf - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_site-ha-disabled-leaf_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.3/31 -- name: Ethernet52.1000 peer: site-ha-disabled-leaf - peer_interface: Ethernet2.1000 + peer_interface: Ethernet2 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet52.1000 description: P2P_site-ha-disabled-leaf_Ethernet2.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.3/31 -- name: Ethernet52.142 peer: site-ha-disabled-leaf - peer_interface: Ethernet2.142 + peer_interface: Ethernet2.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet52.142 description: P2P_site-ha-disabled-leaf_Ethernet2.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.3/31 -- name: Ethernet52.666 peer: site-ha-disabled-leaf - peer_interface: Ethernet2.666 + peer_interface: Ethernet2.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet52.666 description: P2P_site-ha-disabled-leaf_Ethernet2.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.3/31 + peer: site-ha-disabled-leaf + peer_interface: Ethernet2.666 + peer_type: l3leaf - name: Ethernet1/49.3 - peer_type: l3_interface - ip_address: dhcp - shutdown: false description: Inmrasat_S511 - access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1_49.3 + shutdown: false encapsulation_dot1q: vlan: 3 -- name: Ethernet2 - peer_type: l3_interface ip_address: dhcp - shutdown: false - switchport: - enabled: false + access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1_49.3 + peer_type: l3_interface +- name: Ethernet2 description: AWS-1_212 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet3 peer_type: l3_interface - ip_address: dhcp - shutdown: false switchport: enabled: false +- name: Ethernet3 description: ATT_404 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true ip_nat: service_profile: NAT-IE-DIRECT -- name: Ethernet4 peer_type: l3_interface - ip_address: dhcp - shutdown: false switchport: enabled: false +- name: Ethernet4 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet5 peer_type: l3_interface - ip_address: dhcp - shutdown: false switchport: enabled: false +- name: Ethernet5 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet1/49 + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID +- name: Ethernet1/49 shutdown: false - ip_address: 192.168.42.2/32 -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge1 ip_access_lists: - name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1_49.3 entries: - - source: any - destination: 172.24.49.3 - sequence: 15 + - sequence: 15 action: deny protocol: ip - - source: 172.24.49.2 + source: any destination: 172.24.49.3 - action: permit + - action: permit protocol: ip + source: 172.24.49.2 + destination: 172.24.49.3 - name: ACL-NAT-IE-DIRECT entries: - - source: any - destination: 5.0.0.0/24 - sequence: 10 + - sequence: 10 action: deny protocol: ip - - source: any - destination: any - sequence: 20 + source: any + destination: 5.0.0.0/24 + - sequence: 20 action: permit protocol: ip + source: any + destination: any - name: ACL-NAT-IE-ZSCALER entries: - - source: any - destination: 10.0.0.0/24 - sequence: 10 + - sequence: 10 action: permit protocol: ip - - source: any - destination: any - sequence: 20 + source: any + destination: 10.0.0.0/24 + - sequence: 20 action: deny protocol: ip + source: any + destination: any ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.42.2:511 +ip_nat: + profiles: + - name: NAT-IE-DIRECT + source: + dynamic: + - access_list: ACL-NAT-IE-DIRECT + nat_type: overload + - name: NAT-IE-ZSCALER + source: + dynamic: + - access_list: ACL-NAT-IE-ZSCALER + nat_type: pool + pool_name: PORT-ONLY-POOL + pools: + - name: PORT-ONLY-POOL + type: port-only + ranges: + - first_port: 1500 + last_port: 65535 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -427,19 +266,19 @@ ip_security: encryption: aes256gcm128 pfs_dh_group: 14 - name: IE-ZSCALER-EXIT-POLICY-1-SA-POLICY - pfs_dh_group: 24 sa_lifetime: value: 8 esp: integrity: sha256 encryption: aes256 - - name: IE-ZSCALER-EXIT-POLICY-2-SA-POLICY pfs_dh_group: 24 + - name: IE-ZSCALER-EXIT-POLICY-2-SA-POLICY sa_lifetime: value: 8 esp: integrity: sha256 encryption: aes256 + pfs_dh_group: 24 profiles: - name: DP-PROFILE sa_policy: DP-SA-POLICY @@ -463,688 +302,849 @@ ip_security: - name: IE-ZSCALER-EXIT-POLICY-1-PROFILE ike_policy: IE-ZSCALER-EXIT-POLICY-1-IKE-POLICY sa_policy: IE-ZSCALER-EXIT-POLICY-1-SA-POLICY + connection: start shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0867637B7B666B3873293274733B31233B6D2A332315696A dpd: interval: 10 time: 60 action: clear - connection: start - name: IE-ZSCALER-EXIT-POLICY-2-PROFILE ike_policy: IE-ZSCALER-EXIT-POLICY-2-IKE-POLICY sa_policy: IE-ZSCALER-EXIT-POLICY-2-SA-POLICY + connection: start shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0B67637B7B666B3873293274733B31233B6D2A332315696A dpd: interval: 10 time: 60 action: clear - connection: start key_controller: profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileA - certificate: - file: profileA.crt - key: profileA.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: edge - region: - name: AVD_Land_East - id: 43 - zone: - name: AVD_Land_East-ZONE - id: 1 - site: - name: Site511 - id: 511 - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - - name: DEFAULT-AVT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO - internet_exit_policy: DIRECT-EXIT-POLICY-1 - - name: DEFAULT-AVT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY-VOICE - load_balance_policy: LB-PROD-AVT-POLICY-VOICE - internet_exit_policy: ZSCALER-EXIT-POLICY-1 - - name: PROD-AVT-POLICY-VIDEO - load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - internet_exit_policy: ZSCALER-EXIT-POLICY-2 - - name: PROD-AVT-POLICY-DEFAULT - load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: Satellite - id: 104 - local_interfaces: + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_East + - name: Zone + value: AVD_Land_East-ZONE + - name: Site + value: Site511 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet52.1000 + tags: + - name: Type + value: lan + - interface: Ethernet52.142 + tags: + - name: Type + value: lan + - interface: Ethernet52.666 + tags: + - name: Type + value: lan + - interface: Ethernet1/49.3 + tags: + - name: Type + value: wan + - name: Carrier + value: Inmrasat + - name: Circuit + value: S511 + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: AWS-1 + - name: Circuit + value: '212' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: '404' + - interface: Ethernet4 + tags: + - name: Type + value: lan + - interface: Ethernet5 + tags: + - name: Type + value: lan + - interface: Ethernet1/49 + tags: + - name: Type + value: lan + cv_pathfinder: + role: edge + region: AVD_Land_East + zone: AVD_Land_East-ZONE + site: Site511 + vtep_ip: 192.168.142.2 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.2 + - vtep_ip: 192.168.144.3 + interfaces: - name: Ethernet1/49.3 - dynamic_peers: - enabled: true - ipsec_profile: CP-PROFILE - keepalive: - auto: true - - name: AWS - id: 105 - local_interfaces: + carrier: Inmrasat + circuit_id: S511 + pathgroup: Satellite - name: Ethernet2 - dynamic_peers: - enabled: true - ipsec_profile: CP-PROFILE - - name: INET - id: 101 - local_interfaces: + carrier: AWS-1 + circuit_id: '212' + pathgroup: AWS - name: Ethernet3 - stun: - server_profiles: - - INET-cv-pathfinder-pathfinder1-Ethernet1 - - INET-cv-pathfinder-pathfinder2-Ethernet1 - dynamic_peers: - enabled: true - static_peers: - - router_ip: 192.168.144.2 - name: cv-pathfinder-pathfinder1 - ipv4_addresses: - - 10.8.8.8 - - router_ip: 192.168.144.3 - name: cv-pathfinder-pathfinder2 - ipv4_addresses: - - 10.9.9.6 - ipsec_profile: CP-PROFILE - load_balance_policies: - - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - path_groups: - - name: INET - - name: Satellite - priority: 2 - - name: LB-DEFAULT-AVT-POLICY-VIDEO - path_groups: - - name: INET - - name: LB-DEFAULT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: LB-PROD-AVT-POLICY-VOICE - path_groups: - - name: INET - priority: 2 - jitter: 42 - lowest_hop_count: true - - name: LB-PROD-AVT-POLICY-VIDEO - path_groups: - - name: INET - priority: 2 - loss_rate: '42.0' - - name: LB-PROD-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: AWS - - name: INET - - name: Satellite - priority: 2 -router_traffic_engineering: - enabled: true -stun: - client: - server_profiles: - - name: INET-cv-pathfinder-pathfinder1-Ethernet1 - ip_address: 10.8.8.8 - ssl_profile: profileA - - name: INET-cv-pathfinder-pathfinder2-Ethernet1 - ip_address: 10.9.9.6 - ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.2/32 - - 192.168.144.3/32 -ip_nat: - profiles: - - name: NAT-IE-DIRECT - source: - dynamic: - - access_list: ACL-NAT-IE-DIRECT - nat_type: overload - - name: NAT-IE-ZSCALER - source: - dynamic: - - access_list: ACL-NAT-IE-ZSCALER - pool_name: PORT-ONLY-POOL - nat_type: pool - pools: - - name: PORT-ONLY-POOL - type: port-only - ranges: - - first_port: 1500 - last_port: 65535 -static_routes: -- destination_address_prefix: 10.37.121.1/32 - name: IE-ZSCALER-PRI - gateway: 172.31.0.1 -- destination_address_prefix: 10.39.77.1/32 - name: IE-ZSCALER-SEC - gateway: 172.31.0.1 -- destination_address_prefix: 10.50.9.1/32 - name: IE-ZSCALER-TER - gateway: 172.31.0.1 -router_service_insertion: - enabled: true - connections: + carrier: ATT + circuit_id: '404' + pathgroup: INET + internet_exit_policies: + - name: ZSCALER-EXIT-POLICY-1 + type: zscaler + city: Santa Clara, CA + country: United States + firewall: false + ips_control: false + acceptable_use_policy: false + vpn_credentials: + - fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-1@test.local + vpn_type: UFQDN + pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0867637B7B666B3873293274733B31233B6D2A332315696A + tunnels: + - name: Tunnel100 + preference: Preferred + endpoint: + ip_address: 10.37.121.1 + datacenter: FMT1 + city: Fremont, CA + country: United States + region: us-west1 + latitude: '37' + longitude: '-121' + - name: Tunnel101 + preference: Alternate + endpoint: + ip_address: 10.39.77.1 + datacenter: WAS1 + city: Washington, DC + country: United States + region: us-east1 + latitude: '39' + longitude: '-77' + - name: Tunnel102 + preference: Alternate + endpoint: + ip_address: 10.50.9.1 + datacenter: FRA4 + city: Frankfurt + country: Germany + region: eu-west1 + latitude: '50' + longitude: '9' + - name: ZSCALER-EXIT-POLICY-2 + type: zscaler + city: Santa Clara, CA + country: United States + firewall: false + ips_control: false + acceptable_use_policy: false + vpn_credentials: + - fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-2@test.local + vpn_type: UFQDN + pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0B67637B7B666B3873293274733B31233B6D2A332315696A + tunnels: + - name: Tunnel110 + preference: Preferred + endpoint: + ip_address: 10.37.121.1 + datacenter: FMT1 + city: Fremont, CA + country: United States + region: us-west1 + latitude: '37' + longitude: '-121' + - name: Tunnel111 + preference: Alternate + endpoint: + ip_address: 10.39.77.1 + datacenter: WAS1 + city: Washington, DC + country: United States + region: us-east1 + latitude: '39' + longitude: '-77' + - name: Tunnel112 + preference: Alternate + endpoint: + ip_address: 10.50.9.1 + datacenter: FRA4 + city: Frankfurt + country: Germany + region: eu-west1 + latitude: '50' + longitude: '9' +monitor_connectivity: + shutdown: false + interface_sets: + - name: SET-Ethernet3 + interfaces: Ethernet3 + - name: SET-Tunnel100 + interfaces: Tunnel100 + - name: SET-Tunnel101 + interfaces: Tunnel101 + - name: SET-Tunnel102 + interfaces: Tunnel102 + - name: SET-Tunnel110 + interfaces: Tunnel110 + - name: SET-Tunnel111 + interfaces: Tunnel111 + - name: SET-Tunnel112 + interfaces: Tunnel112 + hosts: - name: IE-Ethernet3 - monitor_connectivity_host: IE-Ethernet3 - ethernet_interface: - name: Ethernet3 - next_hop: 172.31.0.1 + description: Internet Exit DIRECT-EXIT-POLICY-1 + ip: 172.31.0.1 + local_interfaces: SET-Ethernet3 + address_only: false - name: IE-Tunnel100 - monitor_connectivity_host: IE-Tunnel100 - tunnel_interface: - primary: Tunnel100 + description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI + ip: 10.37.121.1 + local_interfaces: SET-Tunnel100 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest - name: IE-Tunnel101 - monitor_connectivity_host: IE-Tunnel101 - tunnel_interface: - primary: Tunnel101 + description: Internet Exit ZSCALER-EXIT-POLICY-1 SEC + ip: 10.39.77.1 + local_interfaces: SET-Tunnel101 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest - name: IE-Tunnel102 - monitor_connectivity_host: IE-Tunnel102 - tunnel_interface: - primary: Tunnel102 + description: Internet Exit ZSCALER-EXIT-POLICY-1 TER + ip: 10.50.9.1 + local_interfaces: SET-Tunnel102 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest - name: IE-Tunnel110 - monitor_connectivity_host: IE-Tunnel110 - tunnel_interface: - primary: Tunnel110 + description: Internet Exit ZSCALER-EXIT-POLICY-2 PRI + ip: 10.37.121.1 + local_interfaces: SET-Tunnel110 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest - name: IE-Tunnel111 - monitor_connectivity_host: IE-Tunnel111 - tunnel_interface: - primary: Tunnel111 - - name: IE-Tunnel112 - monitor_connectivity_host: IE-Tunnel112 - tunnel_interface: - primary: Tunnel112 -router_internet_exit: - exit_groups: - - name: DIRECT-EXIT-POLICY-1 - local_connections: - - name: IE-Ethernet3 - - name: ZSCALER-EXIT-POLICY-1_PRI - local_connections: - - name: IE-Tunnel100 - - name: ZSCALER-EXIT-POLICY-1_SEC - local_connections: - - name: IE-Tunnel101 - - name: ZSCALER-EXIT-POLICY-1_TER - local_connections: - - name: IE-Tunnel102 - - name: ZSCALER-EXIT-POLICY-2_PRI - local_connections: - - name: IE-Tunnel110 - - name: ZSCALER-EXIT-POLICY-2_SEC - local_connections: - - name: IE-Tunnel111 - - name: ZSCALER-EXIT-POLICY-2_TER - local_connections: - - name: IE-Tunnel112 - policies: - - name: DIRECT-EXIT-POLICY-1 - exit_groups: - - name: DIRECT-EXIT-POLICY-1 - - name: ZSCALER-EXIT-POLICY-1 - exit_groups: - - name: ZSCALER-EXIT-POLICY-1_PRI - - name: ZSCALER-EXIT-POLICY-1_SEC - - name: ZSCALER-EXIT-POLICY-1_TER - - name: system-default-exit-group - - name: ZSCALER-EXIT-POLICY-2 - exit_groups: - - name: ZSCALER-EXIT-POLICY-2_PRI - - name: ZSCALER-EXIT-POLICY-2_SEC - - name: ZSCALER-EXIT-POLICY-2_TER -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.2/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: cv-pathfinder-edge1_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: IT - vni: 100 - - name: PROD - vni: 42 - - name: ATTRACTED-VRF-FROM-UPLINK - vni: 166 -tunnel_interfaces: -- name: Tunnel100 - description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI - mtu: 1394 - ip_address: unnumbered Loopback0 - tunnel_mode: ipsec - source_interface: Ethernet3 - destination: 10.37.121.1 - ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE - nat_profile: NAT-IE-ZSCALER -- name: Tunnel101 - description: Internet Exit ZSCALER-EXIT-POLICY-1 SEC - mtu: 1394 - ip_address: unnumbered Loopback0 - tunnel_mode: ipsec - source_interface: Ethernet3 - destination: 10.39.77.1 - ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE - nat_profile: NAT-IE-ZSCALER -- name: Tunnel102 - description: Internet Exit ZSCALER-EXIT-POLICY-1 TER - mtu: 1394 - ip_address: unnumbered Loopback0 - tunnel_mode: ipsec - source_interface: Ethernet3 - destination: 10.50.9.1 - ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE - nat_profile: NAT-IE-ZSCALER -- name: Tunnel110 - description: Internet Exit ZSCALER-EXIT-POLICY-2 PRI - mtu: 1394 - ip_address: unnumbered Loopback0 - tunnel_mode: ipsec - source_interface: Ethernet3 - destination: 10.37.121.1 - ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE - nat_profile: NAT-IE-ZSCALER -- name: Tunnel111 - description: Internet Exit ZSCALER-EXIT-POLICY-2 SEC - mtu: 1394 - ip_address: unnumbered Loopback0 - tunnel_mode: ipsec - source_interface: Ethernet3 - destination: 10.39.77.1 - ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE - nat_profile: NAT-IE-ZSCALER -- name: Tunnel112 - description: Internet Exit ZSCALER-EXIT-POLICY-2 TER - mtu: 1394 - ip_address: unnumbered Loopback0 - tunnel_mode: ipsec - source_interface: Ethernet3 - destination: 10.50.9.1 - ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE - nat_profile: NAT-IE-ZSCALER -monitor_connectivity: - interface_sets: - - name: SET-Ethernet3 - interfaces: Ethernet3 - - name: SET-Tunnel100 - interfaces: Tunnel100 - - name: SET-Tunnel101 - interfaces: Tunnel101 - - name: SET-Tunnel102 - interfaces: Tunnel102 - - name: SET-Tunnel110 - interfaces: Tunnel110 - - name: SET-Tunnel111 - interfaces: Tunnel111 - - name: SET-Tunnel112 - interfaces: Tunnel112 - hosts: - - name: IE-Ethernet3 - description: Internet Exit DIRECT-EXIT-POLICY-1 - ip: 172.31.0.1 - local_interfaces: SET-Ethernet3 - address_only: false - - name: IE-Tunnel100 - description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI - ip: 10.37.121.1 - local_interfaces: SET-Tunnel100 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - - name: IE-Tunnel101 - description: Internet Exit ZSCALER-EXIT-POLICY-1 SEC - ip: 10.39.77.1 - local_interfaces: SET-Tunnel101 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - - name: IE-Tunnel102 - description: Internet Exit ZSCALER-EXIT-POLICY-1 TER - ip: 10.50.9.1 - local_interfaces: SET-Tunnel102 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - - name: IE-Tunnel110 - description: Internet Exit ZSCALER-EXIT-POLICY-2 PRI - ip: 10.37.121.1 - local_interfaces: SET-Tunnel110 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest - - name: IE-Tunnel111 - description: Internet Exit ZSCALER-EXIT-POLICY-2 SEC - ip: 10.39.77.1 - local_interfaces: SET-Tunnel111 - address_only: false - url: http://gateway.zscalerbeta.net/vpntest + description: Internet Exit ZSCALER-EXIT-POLICY-2 SEC + ip: 10.39.77.1 + local_interfaces: SET-Tunnel111 + address_only: false + url: http://gateway.zscalerbeta.net/vpntest - name: IE-Tunnel112 description: Internet Exit ZSCALER-EXIT-POLICY-2 TER ip: 10.50.9.1 local_interfaces: SET-Tunnel112 address_only: false url: http://gateway.zscalerbeta.net/vpntest - shutdown: false -metadata: - cv_pathfinder: - internet_exit_policies: - - name: ZSCALER-EXIT-POLICY-1 - type: zscaler - city: Santa Clara, CA - country: United States - firewall: false - ips_control: false - acceptable_use_policy: false - vpn_credentials: - - fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-1@test.local - vpn_type: UFQDN - pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0867637B7B666B3873293274733B31233B6D2A332315696A - tunnels: - - name: Tunnel100 - preference: Preferred - endpoint: - ip_address: 10.37.121.1 - datacenter: FMT1 - city: Fremont, CA - country: United States - region: us-west1 - latitude: '37' - longitude: '-121' - - name: Tunnel101 - preference: Alternate - endpoint: - ip_address: 10.39.77.1 - datacenter: WAS1 - city: Washington, DC - country: United States - region: us-east1 - latitude: '39' - longitude: '-77' - - name: Tunnel102 - preference: Alternate - endpoint: - ip_address: 10.50.9.1 - datacenter: FRA4 - city: Frankfurt - country: Germany - region: eu-west1 - latitude: '50' - longitude: '9' - - name: ZSCALER-EXIT-POLICY-2 - type: zscaler - city: Santa Clara, CA - country: United States - firewall: false - ips_control: false - acceptable_use_policy: false - vpn_credentials: - - fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-2@test.local - vpn_type: UFQDN - pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0B67637B7B666B3873293274733B31233B6D2A332315696A - tunnels: - - name: Tunnel110 - preference: Preferred - endpoint: - ip_address: 10.37.121.1 - datacenter: FMT1 - city: Fremont, CA - country: United States - region: us-west1 - latitude: '37' - longitude: '-121' - - name: Tunnel111 - preference: Alternate - endpoint: - ip_address: 10.39.77.1 - datacenter: WAS1 - city: Washington, DC - country: United States - region: us-east1 - latitude: '39' - longitude: '-77' - - name: Tunnel112 - preference: Alternate - endpoint: - ip_address: 10.50.9.1 - datacenter: FRA4 - city: Frankfurt - country: Germany - region: eu-west1 - latitude: '50' - longitude: '9' - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.2 - region: AVD_Land_East - zone: AVD_Land_East-ZONE - site: Site511 - interfaces: - - name: Ethernet1/49.3 - carrier: Inmrasat - circuit_id: S511 - pathgroup: Satellite - - name: Ethernet2 - carrier: AWS-1 - circuit_id: '212' - pathgroup: AWS - - name: Ethernet3 - carrier: ATT - circuit_id: '404' - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.2 - - vtep_ip: 192.168.144.3 - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_East - - name: Zone - value: AVD_Land_East-ZONE - - name: Site - value: Site511 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet52.1000 - tags: - - name: Type - value: lan - - interface: Ethernet52.142 - tags: - - name: Type - value: lan - - interface: Ethernet52.666 - tags: - - name: Type - value: lan - - interface: Ethernet1/49.3 - tags: - - name: Type - value: wan - - name: Carrier - value: Inmrasat - - name: Circuit - value: S511 - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: AWS-1 - - name: Circuit - value: '212' - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: '404' - - interface: Ethernet4 - tags: - - name: Type - value: lan - - interface: Ethernet5 - tags: - - name: Type - value: lan - - interface: Ethernet1/49 - tags: - - name: Type - value: lan -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false +prefix_lists: +- name: PL2 + sequence_numbers: + - sequence: 10 + action: permit 5.0.0.0/0 + - sequence: 20 + action: deny 10.00.0.0/24 +- name: ALLOW-DEFAULT + sequence_numbers: + - sequence: 10 + action: permit 0.0.0.0/0 +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.42.0/24 eq 32 +route_maps: +- name: RM-BGP-172.29.0.13-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL2 +- name: RM-BGP-172.29.0.13-OUT + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + - sequence: 20 + type: deny +- name: RM-BGP-172.28.0.14-OUT + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL2 + - sequence: 20 + type: deny +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.42.2:511 additive +- name: RM-BGP-UNDERLAY-PEERS-IN + sequence_numbers: + - sequence: 40 + type: permit + description: Mark prefixes originated from the LAN + set: + - extcommunity soo 192.168.42.2:511 additive +- name: RM-EVPN-SOO-IN + sequence_numbers: + - sequence: 10 + type: deny + match: + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.42.2:511 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: edge + region: + name: AVD_Land_East + id: 43 + zone: + name: AVD_Land_East-ZONE + id: 1 + site: + name: Site511 + id: 511 + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + internet_exit_policy: DIRECT-EXIT-POLICY-1 + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + internet_exit_policy: ZSCALER-EXIT-POLICY-1 + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + internet_exit_policy: ZSCALER-EXIT-POLICY-2 + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: ATTRACTED-VRF-FROM-UPLINK + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 172.29.0.13 + remote_as: '64520' + route_map_in: RM-BGP-172.29.0.13-IN + route_map_out: RM-BGP-172.29.0.13-OUT + - ip_address: 172.28.0.14 + remote_as: '64520' + route_map_out: RM-BGP-172.28.0.14-OUT + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-disabled-leaf + description: site-ha-disabled-leaf_Ethernet2 + - ip_address: 192.168.144.2 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder1 + description: cv-pathfinder-pathfinder1_Dps1 + - ip_address: 192.168.144.3 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder2 + description: cv-pathfinder-pathfinder2_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + neighbors: + - ip_address: 172.29.0.13 + activate: true + - ip_address: 172.28.0.14 + activate: true + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: IT + rd: 192.168.42.2:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-disabled-leaf_Ethernet2.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.2:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-disabled-leaf_Ethernet2.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.42.2:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-disabled-leaf_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_internet_exit: + policies: + - name: DIRECT-EXIT-POLICY-1 + exit_groups: + - name: DIRECT-EXIT-POLICY-1 + - name: ZSCALER-EXIT-POLICY-1 + exit_groups: + - name: ZSCALER-EXIT-POLICY-1_PRI + - name: ZSCALER-EXIT-POLICY-1_SEC + - name: ZSCALER-EXIT-POLICY-1_TER + - name: system-default-exit-group + - name: ZSCALER-EXIT-POLICY-2 + exit_groups: + - name: ZSCALER-EXIT-POLICY-2_PRI + - name: ZSCALER-EXIT-POLICY-2_SEC + - name: ZSCALER-EXIT-POLICY-2_TER + exit_groups: + - name: DIRECT-EXIT-POLICY-1 + local_connections: + - name: IE-Ethernet3 + - name: ZSCALER-EXIT-POLICY-1_PRI + local_connections: + - name: IE-Tunnel100 + - name: ZSCALER-EXIT-POLICY-1_SEC + local_connections: + - name: IE-Tunnel101 + - name: ZSCALER-EXIT-POLICY-1_TER + local_connections: + - name: IE-Tunnel102 + - name: ZSCALER-EXIT-POLICY-2_PRI + local_connections: + - name: IE-Tunnel110 + - name: ZSCALER-EXIT-POLICY-2_SEC + local_connections: + - name: IE-Tunnel111 + - name: ZSCALER-EXIT-POLICY-2_TER + local_connections: + - name: IE-Tunnel112 +router_path_selection: + path_groups: + - name: Satellite + id: 104 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1/49.3 + dynamic_peers: + enabled: true + keepalive: + auto: true + - name: AWS + id: 105 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet2 + dynamic_peers: + enabled: true + - name: INET + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet3 + stun: + server_profiles: + - INET-cv-pathfinder-pathfinder1-Ethernet1 + - INET-cv-pathfinder-pathfinder2-Ethernet1 + dynamic_peers: + enabled: true + static_peers: + - router_ip: 192.168.144.2 + name: cv-pathfinder-pathfinder1 + ipv4_addresses: + - 10.8.8.8 + - router_ip: 192.168.144.3 + name: cv-pathfinder-pathfinder2 + ipv4_addresses: + - 10.9.9.6 + load_balance_policies: + - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + path_groups: + - name: INET + - name: Satellite + priority: 2 + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: INET + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 + path_groups: + - name: INET + priority: 2 + - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' + path_groups: + - name: INET + priority: 2 + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: AWS + - name: INET + - name: Satellite + priority: 2 + tcp_mss_ceiling: + ipv4_segment_size: auto +router_service_insertion: + enabled: true + connections: + - name: IE-Ethernet3 + ethernet_interface: + name: Ethernet3 + next_hop: 172.31.0.1 + monitor_connectivity_host: IE-Ethernet3 + - name: IE-Tunnel100 + tunnel_interface: + primary: Tunnel100 + monitor_connectivity_host: IE-Tunnel100 + - name: IE-Tunnel101 + tunnel_interface: + primary: Tunnel101 + monitor_connectivity_host: IE-Tunnel101 + - name: IE-Tunnel102 + tunnel_interface: + primary: Tunnel102 + monitor_connectivity_host: IE-Tunnel102 + - name: IE-Tunnel110 + tunnel_interface: + primary: Tunnel110 + monitor_connectivity_host: IE-Tunnel110 + - name: IE-Tunnel111 + tunnel_interface: + primary: Tunnel111 + monitor_connectivity_host: IE-Tunnel111 + - name: IE-Tunnel112 + tunnel_interface: + primary: Tunnel112 + monitor_connectivity_host: IE-Tunnel112 +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- destination_address_prefix: 10.37.121.1/32 + gateway: 172.31.0.1 + name: IE-ZSCALER-PRI +- destination_address_prefix: 10.39.77.1/32 + gateway: 172.31.0.1 + name: IE-ZSCALER-SEC +- destination_address_prefix: 10.50.9.1/32 + gateway: 172.31.0.1 + name: IE-ZSCALER-TER +stun: + client: + server_profiles: + - name: INET-cv-pathfinder-pathfinder1-Ethernet1 + ip_address: 10.8.8.8 + ssl_profile: profileA + - name: INET-cv-pathfinder-pathfinder2-Ethernet1 + ip_address: 10.9.9.6 + ssl_profile: profileA +transceiver_qsfp_default_mode_4x10: false +tunnel_interfaces: +- name: Tunnel100 + description: Internet Exit ZSCALER-EXIT-POLICY-1 PRI + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Ethernet3 + destination: 10.37.121.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel101 + description: Internet Exit ZSCALER-EXIT-POLICY-1 SEC + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Ethernet3 + destination: 10.39.77.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel102 + description: Internet Exit ZSCALER-EXIT-POLICY-1 TER + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Ethernet3 + destination: 10.50.9.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-1-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel110 + description: Internet Exit ZSCALER-EXIT-POLICY-2 PRI + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Ethernet3 + destination: 10.37.121.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel111 + description: Internet Exit ZSCALER-EXIT-POLICY-2 SEC + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Ethernet3 + destination: 10.39.77.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE + nat_profile: NAT-IE-ZSCALER +- name: Tunnel112 + description: Internet Exit ZSCALER-EXIT-POLICY-2 TER + mtu: 1394 + ip_address: unnumbered Loopback0 + tunnel_mode: ipsec + source_interface: Ethernet3 + destination: 10.50.9.1 + ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE + nat_profile: NAT-IE-ZSCALER +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true + tenant: TenantC +vxlan_interface: + vxlan1: + description: cv-pathfinder-edge1_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: IT + vni: 100 + - name: PROD + vni: 42 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml index e5b55b5cdaa..e788af51ac1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml @@ -1,322 +1,328 @@ -hostname: cv-pathfinder-edge2A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-enabled-leaf2A - description: site-ha-enabled-leaf2A_Ethernet1 - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-enabled-leaf2B - description: site-ha-enabled-leaf2B_Ethernet1 - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.142.3 - peer: cv-pathfinder-edge2B - description: cv-pathfinder-edge2B - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: IT - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2A_Ethernet1.1000_vrf_IT - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2B_Ethernet1.1000_vrf_IT - rd: 192.168.42.2:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2A_Ethernet1.142_vrf_PROD - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2B_Ethernet1.142_vrf_PROD - rd: 192.168.42.2:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK - router_id: 192.168.42.2 - neighbors: - - ip_address: 172.17.0.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2A_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK - - ip_address: 172.17.0.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2B_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK - rd: 192.168.42.2:666 - route_targets: - import: - - address_family: evpn - route_targets: - - 666:666 - export: - - address_family: evpn - route_targets: - - 666:666 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.42.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.142.3 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet52 - peer: site-ha-enabled-leaf2A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_site-ha-enabled-leaf2A_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.5/31 -- name: Ethernet52.1000 peer: site-ha-enabled-leaf2A - peer_interface: Ethernet1.1000 + peer_interface: Ethernet1 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet52.1000 description: P2P_site-ha-enabled-leaf2A_Ethernet1.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.5/31 -- name: Ethernet52.142 peer: site-ha-enabled-leaf2A - peer_interface: Ethernet1.142 + peer_interface: Ethernet1.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet52.142 description: P2P_site-ha-enabled-leaf2A_Ethernet1.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.5/31 -- name: Ethernet52.666 peer: site-ha-enabled-leaf2A - peer_interface: Ethernet1.666 + peer_interface: Ethernet1.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet52.666 description: P2P_site-ha-enabled-leaf2A_Ethernet1.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.5/31 -- name: Ethernet53 - peer: site-ha-enabled-leaf2B - peer_interface: Ethernet1 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet1.666 peer_type: l3leaf +- name: Ethernet53 description: P2P_site-ha-enabled-leaf2B_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.7/31 -- name: Ethernet53.1000 peer: site-ha-enabled-leaf2B - peer_interface: Ethernet1.1000 + peer_interface: Ethernet1 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet53.1000 description: P2P_site-ha-enabled-leaf2B_Ethernet1.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.7/31 -- name: Ethernet53.142 peer: site-ha-enabled-leaf2B - peer_interface: Ethernet1.142 + peer_interface: Ethernet1.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet53.142 description: P2P_site-ha-enabled-leaf2B_Ethernet1.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.7/31 -- name: Ethernet53.666 peer: site-ha-enabled-leaf2B - peer_interface: Ethernet1.666 + peer_interface: Ethernet1.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet53.666 description: P2P_site-ha-enabled-leaf2B_Ethernet1.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.7/31 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet1.666 + peer_type: l3leaf - name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp + description: ATT_423-01 shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true + peer_type: l3_interface switchport: enabled: false - description: ATT_423-01 - dhcp_client_accept_default_route: true +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge2A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.142.2 + - name: CP-IKE-POLICY + local_id: 192.168.142.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.42.2/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet52.1000 + tags: + - name: Type + value: lan + - interface: Ethernet52.142 + tags: + - name: Type + value: lan + - interface: Ethernet52.666 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan + - interface: Ethernet53.1000 + tags: + - name: Type + value: lan + - interface: Ethernet53.142 + tags: + - name: Type + value: lan + - interface: Ethernet53.666 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: 423-01 + cv_pathfinder: + role: edge + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site423 + vtep_ip: 192.168.142.2 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: 423-01 + pathgroup: INET prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -417,64 +423,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.2:423 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.142.2 - - name: CP-IKE-POLICY - local_id: 192.168.142.2 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: edge region: @@ -503,6 +451,35 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-AVT-POLICY-WITH-CP @@ -532,50 +509,205 @@ router_adaptive_virtual_topology: - name: DEFAULT-AVT-POLICY-DEFAULT id: 1 - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2A + description: site-ha-enabled-leaf2A_Ethernet1 + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2B + description: site-ha-enabled-leaf2B_Ethernet1 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.142.3 + remote_as: '65000' + peer: cv-pathfinder-edge2B + description: cv-pathfinder-edge2B + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.142.3 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: IT + rd: 192.168.42.2:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet1.1000_vrf_IT + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet1.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.2:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet1.142_vrf_PROD + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet1.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.42.2:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 + router_id: 192.168.42.2 + neighbors: + - ip_address: 172.17.0.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.42.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -590,9 +722,9 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet52 @@ -603,7 +735,6 @@ router_path_selection: ipv4_addresses: - 172.17.0.9 - 172.17.0.11 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE path_groups: @@ -618,18 +749,18 @@ router_path_selection: - name: INET - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: INET priority: 2 - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: INET priority: 2 - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA @@ -641,8 +772,13 @@ router_path_selection: path_groups: - name: INET - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -652,81 +788,25 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.2/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true + tenant: TenantC vxlan_interface: vxlan1: description: cv-pathfinder-edge2A_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -736,83 +816,3 @@ vxlan_interface: vni: 42 - name: ATTRACTED-VRF-FROM-UPLINK vni: 166 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site423 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet52.1000 - tags: - - name: Type - value: lan - - interface: Ethernet52.142 - tags: - - name: Type - value: lan - - interface: Ethernet52.666 - tags: - - name: Type - value: lan - - interface: Ethernet53 - tags: - - name: Type - value: lan - - interface: Ethernet53.1000 - tags: - - name: Type - value: lan - - interface: Ethernet53.142 - tags: - - name: Type - value: lan - - interface: Ethernet53.666 - tags: - - name: Type - value: lan - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: 423-01 - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.2 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site423 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: 423-01 - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml index 13d4ac9ac68..454ca2b13c7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml @@ -1,321 +1,311 @@ -hostname: cv-pathfinder-edge2B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.17.0.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-enabled-leaf2A - description: site-ha-enabled-leaf2A_Ethernet2 - - ip_address: 172.17.0.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-enabled-leaf2B - description: site-ha-enabled-leaf2B_Ethernet2 - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.142.2 - peer: cv-pathfinder-edge2A - description: cv-pathfinder-edge2A - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: IT - router_id: 192.168.42.3 - neighbors: - - ip_address: 172.17.0.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2A_Ethernet2.1000_vrf_IT - - ip_address: 172.17.0.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2B_Ethernet2.1000_vrf_IT - rd: 192.168.42.3:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD - router_id: 192.168.42.3 - neighbors: - - ip_address: 172.17.0.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2A_Ethernet2.142_vrf_PROD - - ip_address: 172.17.0.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2B_Ethernet2.142_vrf_PROD - rd: 192.168.42.3:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK - router_id: 192.168.42.3 - neighbors: - - ip_address: 172.17.0.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2A_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK - - ip_address: 172.17.0.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf2B_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK - rd: 192.168.42.3:666 - route_targets: - import: - - address_family: evpn - route_targets: - - 666:666 - export: - - address_family: evpn - route_targets: - - 666:666 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.42.3:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: vxlan - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.142.2 - activate: true - encapsulation: vxlan - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.3/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet52 - peer: site-ha-enabled-leaf2A - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_site-ha-enabled-leaf2A_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.9/31 -- name: Ethernet52.1000 peer: site-ha-enabled-leaf2A - peer_interface: Ethernet2.1000 + peer_interface: Ethernet2 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet52.1000 description: P2P_site-ha-enabled-leaf2A_Ethernet2.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.9/31 -- name: Ethernet52.142 peer: site-ha-enabled-leaf2A - peer_interface: Ethernet2.142 + peer_interface: Ethernet2.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet52.142 description: P2P_site-ha-enabled-leaf2A_Ethernet2.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.9/31 -- name: Ethernet52.666 peer: site-ha-enabled-leaf2A - peer_interface: Ethernet2.666 + peer_interface: Ethernet2.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet52.666 description: P2P_site-ha-enabled-leaf2A_Ethernet2.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.9/31 -- name: Ethernet53 - peer: site-ha-enabled-leaf2B - peer_interface: Ethernet2 + peer: site-ha-enabled-leaf2A + peer_interface: Ethernet2.666 peer_type: l3leaf +- name: Ethernet53 description: P2P_site-ha-enabled-leaf2B_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.11/31 -- name: Ethernet53.1000 peer: site-ha-enabled-leaf2B - peer_interface: Ethernet2.1000 + peer_interface: Ethernet2 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet53.1000 description: P2P_site-ha-enabled-leaf2B_Ethernet2.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.11/31 -- name: Ethernet53.142 peer: site-ha-enabled-leaf2B - peer_interface: Ethernet2.142 + peer_interface: Ethernet2.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet53.142 description: P2P_site-ha-enabled-leaf2B_Ethernet2.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.11/31 -- name: Ethernet53.666 peer: site-ha-enabled-leaf2B - peer_interface: Ethernet2.666 + peer_interface: Ethernet2.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet53.666 description: P2P_site-ha-enabled-leaf2B_Ethernet2.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.11/31 + peer: site-ha-enabled-leaf2B + peer_interface: Ethernet2.666 + peer_type: l3leaf - name: Ethernet2 - peer_type: l3_interface - ip_address: 172.15.6.6/31 + description: Colt_10423 shutdown: false + ip_address: 172.15.6.6/31 + peer_type: l3_interface switchport: enabled: false - description: Colt_10423 +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge2B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.2:423 +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.142.3 + sa_policies: + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: ONE-PROFILE-TO-CONTROL-THEM-ALL + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: ONE-PROFILE-TO-CONTROL-THEM-ALL +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.42.3/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site423 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet52.1000 + tags: + - name: Type + value: lan + - interface: Ethernet52.142 + tags: + - name: Type + value: lan + - interface: Ethernet52.666 + tags: + - name: Type + value: lan + - interface: Ethernet53 + tags: + - name: Type + value: lan + - interface: Ethernet53.1000 + tags: + - name: Type + value: lan + - interface: Ethernet53.142 + tags: + - name: Type + value: lan + - interface: Ethernet53.666 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10423' + cv_pathfinder: + role: edge + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site423 + vtep_ip: 192.168.142.3 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet2 + carrier: Colt + circuit_id: '10423' + pathgroup: MPLS prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -416,48 +406,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.2:423 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.142.3 - sa_policies: - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: ONE-PROFILE-TO-CONTROL-THEM-ALL - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: ONE-PROFILE-TO-CONTROL-THEM-ALL -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: edge region: @@ -486,6 +434,35 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-AVT-POLICY-WITH-CP @@ -515,47 +492,201 @@ router_adaptive_virtual_topology: - name: DEFAULT-AVT-POLICY-DEFAULT id: 1 - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.3 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2A + description: site-ha-enabled-leaf2A_Ethernet2 + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf2B + description: site-ha-enabled-leaf2B_Ethernet2 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.142.2 + remote_as: '65000' + peer: cv-pathfinder-edge2A + description: cv-pathfinder-edge2A + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.142.2 + activate: true + encapsulation: vxlan + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: vxlan + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: IT + rd: 192.168.42.3:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet2.1000_vrf_IT + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet2.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.3:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet2.142_vrf_PROD + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet2.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.42.3:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 + router_id: 192.168.42.3 + neighbors: + - ip_address: 172.17.0.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2A_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf2B_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.42.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: MPLS id: 100 @@ -577,6 +708,7 @@ router_path_selection: failure_threshold: 5 - name: CUSTOM_LAN_HA id: 65535 + ipsec_profile: ONE-PROFILE-TO-CONTROL-THEM-ALL flow_assignment: lan local_interfaces: - name: Ethernet52 @@ -587,7 +719,6 @@ router_path_selection: ipv4_addresses: - 172.17.0.5 - 172.17.0.7 - ipsec_profile: ONE-PROFILE-TO-CONTROL-THEM-ALL load_balance_policies: - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE path_groups: @@ -603,16 +734,16 @@ router_path_selection: priority: 4223 - name: CUSTOM_LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: MPLS - name: CUSTOM_LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: MPLS - name: CUSTOM_LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: MPLS @@ -626,89 +757,38 @@ router_path_selection: path_groups: - name: MPLS - name: CUSTOM_LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 ip_address: 172.16.0.1 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.3/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true + tenant: TenantC vxlan_interface: vxlan1: description: cv-pathfinder-edge2B_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -718,83 +798,3 @@ vxlan_interface: vni: 42 - name: ATTRACTED-VRF-FROM-UPLINK vni: 166 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site423 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet52.1000 - tags: - - name: Type - value: lan - - interface: Ethernet52.142 - tags: - - name: Type - value: lan - - interface: Ethernet52.666 - tags: - - name: Type - value: lan - - interface: Ethernet53 - tags: - - name: Type - value: lan - - interface: Ethernet53.1000 - tags: - - name: Type - value: lan - - interface: Ethernet53.142 - tags: - - name: Type - value: lan - - interface: Ethernet53.666 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10423' - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.3 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site423 - interfaces: - - name: Ethernet2 - carrier: Colt - circuit_id: '10423' - pathgroup: MPLS - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml index effa2d4a8b3..7994a445c42 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml @@ -1,183 +1,219 @@ -hostname: cv-pathfinder-edge3A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.6 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.142.7 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.142.7 - peer: cv-pathfinder-edge3B - description: cv-pathfinder-edge3B - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: default - rd: 192.168.42.6:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.6:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.6 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.6:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.6 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.6/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: dhcp - shutdown: false - switchport: - enabled: false description: ATT_404-01 + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet52 + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - peer: cv-pathfinder-edge3B - shutdown: false +- name: Ethernet52 description: WAN_HA_cv-pathfinder-edge3B_Ethernet52 - ip_address: 10.10.10.1/24 + shutdown: false + mtu: 9100 flow_tracker: hardware: FLOW-TRACKER - mtu: 9100 + ip_address: 10.10.10.1/24 + peer: cv-pathfinder-edge3B + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge3A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.6:404 +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.142.6 + - name: CP-IKE-POLICY + local_id: 192.168.142.6 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.42.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site404 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT + - name: Circuit + value: 404-01 + - interface: Ethernet52 + tags: + - name: Type + value: lan + cv_pathfinder: + role: edge + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site404 + vtep_ip: 192.168.142.6 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1 + carrier: ATT + circuit_id: 404-01 + pathgroup: INET prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -252,64 +288,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.6:404 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.142.6 - - name: CP-IKE-POLICY - local_id: 192.168.142.6 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: edge region: @@ -336,70 +314,199 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.6 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.142.7 + remote_as: '65000' + peer: cv-pathfinder-edge3B + description: cv-pathfinder-edge3B + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.142.7 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 + rd: 192.168.42.6:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.42.6:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.6 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.6:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.6 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1 stun: @@ -414,9 +521,9 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet52 @@ -425,7 +532,6 @@ router_path_selection: name: cv-pathfinder-edge3B ipv4_addresses: - 10.10.10.2 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE path_groups: @@ -440,18 +546,18 @@ router_path_selection: - name: INET - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: INET priority: 2 - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: INET priority: 2 - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA @@ -459,8 +565,13 @@ router_path_selection: path_groups: - name: INET - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -470,81 +581,22 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.6/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-edge3A_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -552,55 +604,3 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site404 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT - - name: Circuit - value: 404-01 - - interface: Ethernet52 - tags: - - name: Type - value: lan - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.6 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site404 - interfaces: - - name: Ethernet1 - carrier: ATT - circuit_id: 404-01 - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml index 451caef49c9..89398b52e49 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml @@ -1,182 +1,218 @@ -hostname: cv-pathfinder-edge3B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.7 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.142.6 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.142.6 - peer: cv-pathfinder-edge3A - description: cv-pathfinder-edge3A - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: default - rd: 192.168.42.7:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.7:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.7 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.7:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.7 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.7/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet2 - peer_type: l3_interface - ip_address: 172.15.6.6/31 + description: Colt_10423 shutdown: false + ip_address: 172.15.6.6/31 + peer_type: l3_interface switchport: enabled: false - description: Colt_10423 - name: Ethernet52 - switchport: - enabled: false - peer_type: l3_interface - peer: cv-pathfinder-edge3A - shutdown: false description: WAN_HA_cv-pathfinder-edge3A_Ethernet52 - ip_address: 10.10.10.2/24 + shutdown: false + mtu: 9100 flow_tracker: hardware: FLOW-TRACKER - mtu: 9100 + ip_address: 10.10.10.2/24 + peer: cv-pathfinder-edge3A + peer_type: l3_interface + switchport: + enabled: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge3B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.6:404 +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 192.168.142.7 + - name: CP-IKE-POLICY + local_id: 192.168.142.7 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.42.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site404 + interface_tags: + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10423' + - interface: Ethernet52 + tags: + - name: Type + value: lan + cv_pathfinder: + role: edge + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site404 + vtep_ip: 192.168.142.7 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet2 + carrier: Colt + circuit_id: '10423' + pathgroup: MPLS prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -251,64 +287,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.6:404 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.142.7 - - name: CP-IKE-POLICY - local_id: 192.168.142.7 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: edge region: @@ -335,67 +313,195 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.7 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.142.6 + remote_as: '65000' + peer: cv-pathfinder-edge3A + description: cv-pathfinder-edge3A + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.142.6 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 + rd: 192.168.42.7:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.42.7:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.7 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.7:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.7 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: MPLS id: 100 @@ -417,6 +523,7 @@ router_path_selection: failure_threshold: 5 - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet52 @@ -425,7 +532,6 @@ router_path_selection: name: cv-pathfinder-edge3A ipv4_addresses: - 10.10.10.1 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE path_groups: @@ -441,16 +547,16 @@ router_path_selection: priority: 4223 - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: MPLS - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: MPLS - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: MPLS @@ -460,89 +566,35 @@ router_path_selection: - name: MPLS priority: 2 - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 ip_address: 172.16.0.1 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.7/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-edge3B_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -550,55 +602,3 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site404 - interface_tags: - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10423' - - interface: Ethernet52 - tags: - - name: Type - value: lan - cv_pathfinder: - role: edge - ssl_profile: profileA - vtep_ip: 192.168.142.7 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site404 - interfaces: - - name: Ethernet2 - carrier: Colt - circuit_id: '10423' - pathgroup: MPLS - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml index 84006493a56..efa3f082e1d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml @@ -1,210 +1,248 @@ -hostname: cv-pathfinder-edge4A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.8 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.142.9 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.142.9 - peer: cv-pathfinder-edge4B - description: cv-pathfinder-edge4B - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: default - rd: 192.168.42.8:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.8:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.8 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.8:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.8 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.8/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1.42 - peer_type: l3_interface - ip_address: dhcp - shutdown: false description: Comcast + shutdown: false encapsulation_dot1q: vlan: 42 + ip_address: dhcp dhcp_client_accept_default_route: true + peer_type: l3_interface - name: Ethernet1 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false - name: Ethernet42 - peer_type: wan_ha_peer - peer_interface: Ethernet42 - peer: cv-pathfinder-edge4B description: WAN_HA_cv-pathfinder-edge4B_Ethernet42 shutdown: false + mtu: 9194 channel_group: id: 666 mode: active - mtu: 9194 -- name: Ethernet43 - peer_type: wan_ha_peer - peer_interface: Ethernet43 peer: cv-pathfinder-edge4B + peer_interface: Ethernet42 + peer_type: wan_ha_peer +- name: Ethernet43 description: WAN_HA_cv-pathfinder-edge4B_Ethernet43 shutdown: false + mtu: 9194 channel_group: id: 666 mode: active - mtu: 9194 + peer: cv-pathfinder-edge4B + peer_interface: Ethernet43 + peer_type: wan_ha_peer +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge4A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.8:405 +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.142.8 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.8/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site405 + interface_tags: + - interface: Ethernet1.42 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet42 + tags: + - name: Type + value: lan + - interface: Ethernet43 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site405 + vtep_ip: 192.168.142.8 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1.42 + carrier: Comcast + pathgroup: INET port_channel_interfaces: - name: Port-Channel666 - switchport: - enabled: false - peer_type: l3_interface - peer_interface: Port-Channel666 - peer: cv-pathfinder-edge4B - shutdown: false description: WAN_HA_cv-pathfinder-edge4B_Port-Channel666 + shutdown: false + mtu: 9194 ip_address: 10.10.10.1/24 flow_tracker: hardware: FLOW-TRACKER - mtu: 9194 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.8/32 + peer: cv-pathfinder-edge4B + peer_interface: Port-Channel666 + peer_type: l3_interface + switchport: + enabled: false prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -279,61 +317,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.8:405 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.142.8 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: transit region region: @@ -360,70 +343,199 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.8 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.142.9 + remote_as: '65000' + peer: cv-pathfinder-edge4B + description: cv-pathfinder-edge4B + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.142.9 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 + rd: 192.168.42.8:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.42.8:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.8 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.8:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.8 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1.42 stun: @@ -438,7 +550,6 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 flow_assignment: lan @@ -463,18 +574,18 @@ router_path_selection: - name: INET - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: INET priority: 2 - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: INET priority: 2 - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA @@ -482,8 +593,13 @@ router_path_selection: path_groups: - name: INET - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -493,81 +609,22 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.8/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-edge4A_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -575,60 +632,3 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site405 - interface_tags: - - interface: Ethernet1.42 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet42 - tags: - - name: Type - value: lan - - interface: Ethernet43 - tags: - - name: Type - value: lan - cv_pathfinder: - role: transit region - ssl_profile: profileA - vtep_ip: 192.168.142.8 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site405 - interfaces: - - name: Ethernet1.42 - carrier: Comcast - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml index cfa89076411..66944361714 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml @@ -1,210 +1,248 @@ -hostname: cv-pathfinder-edge4B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.42.9 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.142.8 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.142.8 - peer: cv-pathfinder-edge4A - description: cv-pathfinder-edge4A - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: default - rd: 192.168.42.9:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: IT - rd: 192.168.42.9:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - router_id: 192.168.42.9 - redistribute: - connected: - enabled: true - - name: PROD - rd: 192.168.42.9:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - router_id: 192.168.42.9 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.142.9/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1.42 - peer_type: l3_interface - ip_address: dhcp - shutdown: false description: Comcast + shutdown: false encapsulation_dot1q: vlan: 42 + ip_address: dhcp dhcp_client_accept_default_route: true + peer_type: l3_interface - name: Ethernet1 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false - name: Ethernet42 - peer_type: wan_ha_peer - peer_interface: Ethernet42 - peer: cv-pathfinder-edge4A description: WAN_HA_cv-pathfinder-edge4A_Ethernet42 shutdown: false + mtu: 9194 channel_group: id: 666 mode: active - mtu: 9194 -- name: Ethernet43 - peer_type: wan_ha_peer - peer_interface: Ethernet43 peer: cv-pathfinder-edge4A + peer_interface: Ethernet42 + peer_type: wan_ha_peer +- name: Ethernet43 description: WAN_HA_cv-pathfinder-edge4A_Ethernet43 shutdown: false + mtu: 9194 channel_group: id: 666 mode: active - mtu: 9194 + peer: cv-pathfinder-edge4A + peer_interface: Ethernet43 + peer_type: wan_ha_peer +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-edge4B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.42.8:405 +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.142.9 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site405 + interface_tags: + - interface: Ethernet1.42 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet42 + tags: + - name: Type + value: lan + - interface: Ethernet43 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site405 + vtep_ip: 192.168.142.9 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1.42 + carrier: Comcast + pathgroup: INET port_channel_interfaces: - name: Port-Channel666 - switchport: - enabled: false - peer_type: l3_interface - peer_interface: Port-Channel666 - peer: cv-pathfinder-edge4A - shutdown: false description: WAN_HA_cv-pathfinder-edge4A_Port-Channel666 + shutdown: false + mtu: 9194 ip_address: 10.10.10.2/24 flow_tracker: hardware: FLOW-TRACKER - mtu: 9194 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.9/32 + peer: cv-pathfinder-edge4A + peer_interface: Port-Channel666 + peer_type: l3_interface + switchport: + enabled: false prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -279,61 +317,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.42.8:405 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.142.9 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: transit region region: @@ -360,70 +343,199 @@ router_adaptive_virtual_topology: load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - name: PROD-AVT-POLICY-DEFAULT load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.42.9 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.142.8 + remote_as: '65000' + peer: cv-pathfinder-edge4A + description: cv-pathfinder-edge4A + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.142.8 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true vrfs: - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 + rd: 192.168.42.9:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + rd: 192.168.42.9:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.42.9 + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.42.9:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.42.9 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1.42 stun: @@ -438,7 +550,6 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 flow_assignment: lan @@ -463,18 +574,18 @@ router_path_selection: - name: INET - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: INET priority: 2 - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: INET priority: 2 - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: LAN_HA @@ -482,8 +593,13 @@ router_path_selection: path_groups: - name: INET - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -493,81 +609,22 @@ stun: - name: INET-cv-pathfinder-pathfinder-Ethernet3 ip_address: 10.9.9.9 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.142.9/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA vxlan_interface: vxlan1: description: cv-pathfinder-edge4B_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -575,60 +632,3 @@ vxlan_interface: vni: 100 - name: PROD vni: 42 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site405 - interface_tags: - - interface: Ethernet1.42 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet42 - tags: - - name: Type - value: lan - - interface: Ethernet43 - tags: - - name: Type - value: lan - cv_pathfinder: - role: transit region - ssl_profile: profileA - vtep_ip: 192.168.142.9 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site405 - interfaces: - - name: Ethernet1.42 - carrier: Comcast - pathgroup: INET - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index a16d246a099..06cc2bc7cd5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -1,175 +1,125 @@ -hostname: cv-pathfinder-pathfinder -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.44.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - route_reflector_client: true - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - bgp_cluster_id: 192.168.44.1 - listen_ranges: - - prefix: 192.168.142.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - - prefix: 192.168.143.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - next_hop: - resolution_disabled: true - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - missing_policy: - direction_out_action: deny - path_selection: - roles: - consumer: true - propagator: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - vrfs: - - name: default - rd: 192.168.44.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.144.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -platform: - sfe: - data_plane_cpu_allocation_max: 1 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: 10.7.7.7/31 + description: Bouygues_Telecom_777 shutdown: false + ip_address: 10.7.7.7/31 + peer_type: l3_interface switchport: enabled: false - description: Bouygues_Telecom_777 - name: Ethernet2/2 - peer_type: l3_interface - ip_address: 172.16.0.1/31 + description: Colt_10000 shutdown: false + ip_address: 172.16.0.1/31 + peer_type: l3_interface switchport: enabled: false - description: Colt_10000 - name: Ethernet3 - peer_type: l3_interface - ip_address: 10.9.9.9/31 + description: Another-ISP_999 shutdown: false + ip_address: 10.9.9.9/31 + peer_type: l3_interface switchport: enabled: false - description: Another-ISP_999 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.44.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.44.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.44.1:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.7.7.6 -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-pathfinder ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.44.1:0 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -190,379 +140,93 @@ ip_security: time: 50 action: clear mode: transport -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.44.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: pathfinder - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - - name: DEFAULT-AVT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO - - name: DEFAULT-AVT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY-VOICE - load_balance_policy: LB-PROD-AVT-POLICY-VOICE - - name: PROD-AVT-POLICY-VIDEO - load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - - name: PROD-AVT-POLICY-MPLS-ONLY - load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - - name: PROD-AVT-POLICY-DEFAULT - load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - - name: CUSTOM-VOICE-PROFILE-NAME - load_balance_policy: LB-CUSTOM-VOICE-PROFILE-NAME - - name: TRANSIT-AVT-POLICY-DEFAULT - load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: TRANSIT - policy: TRANSIT-AVT-POLICY - profiles: - - name: CUSTOM-VOICE-PROFILE-NAME - id: 42 - - name: TRANSIT-AVT-POLICY-DEFAULT - id: 1 - - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: TRANSIT-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: CUSTOM-VOICE-PROFILE-NAME - - application_profile: default - avt_profile: TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 100 - local_interfaces: - - name: Ethernet2/2 - keepalive: - interval: 300 - failure_threshold: 5 - - name: INET - id: 101 - local_interfaces: + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: pathfinder + - name: PathfinderSet + value: PATHFINDERS + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: Bouygues_Telecom + - name: Circuit + value: '777' + - interface: Ethernet2/2 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10000' + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: Another-ISP + - name: Circuit + value: '999' + cv_pathfinder: + role: pathfinder + site: Global-pathfinder-site + vtep_ip: 192.168.144.1 + ssl_profile: profileA + address: Somewhere under the rainbow + interfaces: - name: Ethernet1 + carrier: Bouygues_Telecom + circuit_id: '777' + pathgroup: INET + public_ip: 172.17.7.7 + - name: Ethernet2/2 + carrier: Colt + circuit_id: '10000' + pathgroup: MPLS + public_ip: 172.16.0.1 - name: Ethernet3 - ipsec_profile: CP-PROFILE - - name: LTE - id: 102 - - name: Equinix - id: 103 - - name: Satellite - id: 104 - - name: AWS - id: 105 - - name: LAN_HA - id: 65535 - flow_assignment: lan - peer_dynamic_source: stun - load_balance_policies: - - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - path_groups: - - name: AWS - - name: Equinix - priority: 2 - - name: INET - - name: MPLS - - name: Satellite - priority: 2 - - name: LAN_HA - - name: LB-DEFAULT-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - - name: INET - - name: Equinix - - name: LAN_HA - - name: LB-DEFAULT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: Equinix - priority: 2 - - name: MPLS - priority: 4223 - - name: LAN_HA - - name: LB-PROD-AVT-POLICY-VOICE - path_groups: + carrier: Another-ISP + circuit_id: '999' + pathgroup: INET + public_ip: 10.9.9.9 + pathgroups: - name: MPLS + carriers: + - name: Colt + - name: ATT-MPLS - name: INET - priority: 2 - - name: LAN_HA - jitter: 42 - lowest_hop_count: true - - name: LB-PROD-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - - name: LTE - - name: INET - priority: 2 - - name: LAN_HA - loss_rate: '42.0' - - name: LB-PROD-AVT-POLICY-MPLS-ONLY - path_groups: - - name: MPLS - - name: LAN_HA - - name: LB-PROD-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-CUSTOM-VOICE-PROFILE-NAME - path_groups: - - name: MPLS - - name: INET - priority: 2 - - name: LAN_HA - - name: LB-TRANSIT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: AWS - - name: Equinix - priority: 2 - - name: INET - - name: MPLS - - name: Satellite - priority: 2 - - name: LAN_HA -router_traffic_engineering: - enabled: true -stun: - server: - local_interfaces: - - Ethernet1 - - Ethernet2/2 - - Ethernet3 - ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.144.1/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: cv-pathfinder-pathfinder_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: PROD - vni: 42 - - name: IT - vni: 100 - - name: TRANSIT - vni: 66 - - name: ATTRACTED-VRF-FROM-UPLINK - vni: 166 -metadata: - cv_pathfinder: - applications: - profiles: - - name: VIDEO - builtin_applications: - - name: skype - user_defined_applications: - - name: CUSTOM-APPLICATION-1 - categories: - - category: VIDEO1 - transport_protocols: - - rtp - - name: VOICE - builtin_applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - user_defined_applications: - - name: APP-CONTROL-PLANE - categories: - builtin_applications: - - name: microsoft-teams - category: VIDEO1 - user_defined_applications: - - name: CUSTOM-APPLICATION-2 - category: VIDEO1 - - name: CUSTOM-DSCP-APPLICATION - category: VIDEO1 - role: pathfinder - ssl_profile: profileA - vtep_ip: 192.168.144.1 - site: Global-pathfinder-site - address: Somewhere under the rainbow - interfaces: - - name: Ethernet1 - carrier: Bouygues_Telecom - circuit_id: '777' - pathgroup: INET - public_ip: 172.17.7.7 - - name: Ethernet2/2 - carrier: Colt - circuit_id: '10000' - pathgroup: MPLS - public_ip: 172.16.0.1 - - name: Ethernet3 - carrier: Another-ISP - circuit_id: '999' - pathgroup: INET - public_ip: 10.9.9.9 - pathgroups: - - name: MPLS - carriers: - - name: Colt - - name: ATT-MPLS - - name: INET - carriers: - - name: Comcast - - name: ATT - - name: Bouygues_Telecom - - name: SFR - - name: Orange - - name: Another-ISP + carriers: + - name: Comcast + - name: ATT + - name: Bouygues_Telecom + - name: SFR + - name: Orange + - name: Another-ISP - name: LTE carriers: - name: Comcast-5G @@ -574,36 +238,36 @@ metadata: carriers: - name: AWS-1 regions: - - name: AVD_Land_West - id: 42 + - id: 42 + name: AVD_Land_West zones: - - name: AVD_Land_West-ZONE - id: 1 + - id: 1 + name: AVD_Land_West-ZONE sites: - - name: Site404 - id: 404 + - id: 404 + name: Site404 location: address: Atlantis - - name: Site405 - id: 405 + - id: 405 + name: Site405 location: address: El Dorado - - name: Site422 - id: 422 + - id: 422 + name: Site422 location: address: Somewhere - - name: Site423 - id: 423 + - id: 423 + name: Site423 location: address: Somewhere-warm - - name: AVD_Land_East - id: 43 + - id: 43 + name: AVD_Land_East zones: - - name: AVD_Land_East-ZONE - id: 1 + - id: 1 + name: AVD_Land_East-ZONE sites: - - name: Site511 - id: 511 + - id: 511 + name: Site511 location: address: Miami vrfs: @@ -669,7 +333,7 @@ metadata: application_profiles: - VOICE - constraints: - lossrate: 42.0 + lossrate: '42.0' id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: @@ -769,48 +433,384 @@ metadata: preference: alternate - name: LAN_HA preference: preferred - cv_tags: - device_tags: - - name: Role - value: pathfinder - - name: PathfinderSet - value: PATHFINDERS - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: Bouygues_Telecom - - name: Circuit - value: '777' - - interface: Ethernet2/2 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10000' - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: Another-ISP - - name: Circuit - value: '999' -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false + applications: + profiles: + - name: VIDEO + builtin_applications: + - name: skype + user_defined_applications: + - name: CUSTOM-APPLICATION-1 + categories: + - category: VIDEO1 + transport_protocols: + - rtp + - name: VOICE + builtin_applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + user_defined_applications: + - name: APP-CONTROL-PLANE + categories: + builtin_applications: + - name: microsoft-teams + category: VIDEO1 + user_defined_applications: + - name: CUSTOM-APPLICATION-2 + category: VIDEO1 + - name: CUSTOM-DSCP-APPLICATION + category: VIDEO1 +platform: + sfe: + data_plane_cpu_allocation_max: 1 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.44.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.44.1:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: pathfinder + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-MPLS-ONLY + load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: CUSTOM-VOICE-PROFILE-NAME + load_balance_policy: LB-CUSTOM-VOICE-PROFILE-NAME + - name: TRANSIT-AVT-POLICY-DEFAULT + load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: CUSTOM-VOICE-PROFILE-NAME + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: TRANSIT + policy: TRANSIT-AVT-POLICY + profiles: + - name: CUSTOM-VOICE-PROFILE-NAME + id: 42 + - name: TRANSIT-AVT-POLICY-DEFAULT + id: 1 + - name: ATTRACTED-VRF-FROM-UPLINK + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.44.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp_cluster_id: 192.168.44.1 + bgp: + default: + ipv4_unicast: false + listen_ranges: + - prefix: 192.168.142.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + - prefix: 192.168.143.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + next_hop: + resolution_disabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + missing_policy: + direction_out_action: deny + path_selection: + roles: + consumer: true + propagator: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.44.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_path_selection: + peer_dynamic_source: stun + path_groups: + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2/2 + keepalive: + interval: 300 + failure_threshold: 5 + - name: INET + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1 + - name: Ethernet3 + - name: LTE + id: 102 + - name: Equinix + id: 103 + - name: Satellite + id: 104 + - name: AWS + id: 105 + - name: LAN_HA + id: 65535 + flow_assignment: lan + load_balance_policies: + - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + path_groups: + - name: AWS + - name: Equinix + priority: 2 + - name: INET + - name: MPLS + - name: Satellite + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: MPLS + - name: INET + - name: Equinix + - name: LAN_HA + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: Equinix + priority: 2 + - name: MPLS + priority: 4223 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 + path_groups: + - name: MPLS + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' + path_groups: + - name: MPLS + - name: LTE + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-MPLS-ONLY + path_groups: + - name: MPLS + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-CUSTOM-VOICE-PROFILE-NAME + path_groups: + - name: MPLS + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-TRANSIT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: AWS + - name: Equinix + priority: 2 + - name: INET + - name: MPLS + - name: Satellite + priority: 2 + - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.7.7.6 +stun: + server: + local_interfaces: + - Ethernet1 + - Ethernet2/2 + - Ethernet3 + ssl_profile: profileA +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: cv-pathfinder-pathfinder_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: PROD + vni: 42 + - name: IT + vni: 100 + - name: TRANSIT + vni: 66 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index fb494dc1aca..faa7e0689ea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -1,192 +1,112 @@ -hostname: cv-pathfinder-pathfinder1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.44.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - route_reflector_client: true - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - - name: WAN-RR-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 42 - bfd_timers: - interval: 2020 - min_rx: 2000 - multiplier: 3 - route_reflector_client: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - - name: WAN-RR-OVERLAY-PEERS - activate: false - bgp_cluster_id: 192.168.44.2 - listen_ranges: - - prefix: 192.168.142.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - - prefix: 192.168.143.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: WAN-RR-OVERLAY-PEERS - activate: true - encapsulation: path-selection - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - next_hop: - resolution_disabled: true - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - missing_policy: - direction_out_action: deny - - name: WAN-RR-OVERLAY-PEERS - activate: true - path_selection: - roles: - consumer: true - propagator: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.3 - peer_group: WAN-RR-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder2 - description: cv-pathfinder-pathfinder2_Dps1 - - ip_address: 6.6.6.6 - peer_group: WAN-RR-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder3 - description: cv-pathfinder-pathfinder3_Dps1 - vrfs: - - name: default - rd: 192.168.44.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.144.2/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.144.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -platform: - sfe: - data_plane_cpu_allocation_max: 3 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: 10.8.8.8/31 + description: Orange_888 shutdown: false + ip_address: 10.8.8.8/31 + peer_type: l3_interface switchport: enabled: false - description: Orange_888 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.44.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.44.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.44.2:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.44.2:0 -ip_security: +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-pathfinder1 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.44.2:0 +ip_routing: true +ip_security: ike_policies: - name: CP-IKE-POLICY local_id: 192.168.144.2 @@ -206,371 +126,70 @@ ip_security: time: 50 action: clear mode: transport +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.44.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileB - certificate: - file: profileB.crt - key: profileB.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: pathfinder - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - - name: DEFAULT-AVT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO - - name: DEFAULT-AVT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY-VOICE - load_balance_policy: LB-PROD-AVT-POLICY-VOICE - - name: PROD-AVT-POLICY-VIDEO - load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - - name: PROD-AVT-POLICY-MPLS-ONLY - load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - - name: PROD-AVT-POLICY-DEFAULT - load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - - name: CUSTOM-VOICE-PROFILE-NAME - load_balance_policy: LB-CUSTOM-VOICE-PROFILE-NAME - - name: TRANSIT-AVT-POLICY-DEFAULT - load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: TRANSIT - policy: TRANSIT-AVT-POLICY - profiles: - - name: CUSTOM-VOICE-PROFILE-NAME - id: 42 - - name: TRANSIT-AVT-POLICY-DEFAULT - id: 1 - - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: TRANSIT-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: CUSTOM-VOICE-PROFILE-NAME - - application_profile: default - avt_profile: TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 100 - - name: INET - id: 101 - local_interfaces: + certificate: + file: profileB.crt + key: profileB.key +metadata: + cv_tags: + device_tags: + - name: Role + value: pathfinder + - name: Region + value: AVD_Land_West + - name: PathfinderSet + value: PATHFINDERS + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: Orange + - name: Circuit + value: '888' + cv_pathfinder: + role: pathfinder + region: AVD_Land_West + site: Site423 + vtep_ip: 192.168.144.2 + ssl_profile: profileB + address: Somewhere-warm + interfaces: - name: Ethernet1 - static_peers: - - router_ip: 192.168.144.3 - name: cv-pathfinder-pathfinder2 - ipv4_addresses: - - 10.9.9.6 - - router_ip: 6.6.6.6 - name: cv-pathfinder-pathfinder3 - ipv4_addresses: - - 10.50.50.50 - ipsec_profile: CP-PROFILE - - name: LTE - id: 102 - - name: Equinix - id: 103 - - name: Satellite - id: 104 - - name: AWS - id: 105 - - name: LAN_HA - id: 65535 - flow_assignment: lan - peer_dynamic_source: stun - load_balance_policies: - - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - path_groups: - - name: AWS - - name: Equinix - priority: 2 - - name: INET - - name: MPLS - - name: Satellite - priority: 2 - - name: LAN_HA - - name: LB-DEFAULT-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - - name: INET - - name: Equinix - - name: LAN_HA - - name: LB-DEFAULT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: Equinix - priority: 2 - - name: MPLS - priority: 4223 - - name: LAN_HA - - name: LB-PROD-AVT-POLICY-VOICE - path_groups: + carrier: Orange + circuit_id: '888' + pathgroup: INET + public_ip: 10.8.8.8 + pathgroups: - name: MPLS + carriers: + - name: Colt + - name: ATT-MPLS - name: INET - priority: 2 - - name: LAN_HA - jitter: 42 - lowest_hop_count: true - - name: LB-PROD-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - - name: LTE - - name: INET - priority: 2 - - name: LAN_HA - loss_rate: '42.0' - - name: LB-PROD-AVT-POLICY-MPLS-ONLY - path_groups: - - name: MPLS - - name: LAN_HA - - name: LB-PROD-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-CUSTOM-VOICE-PROFILE-NAME - path_groups: - - name: MPLS - - name: INET - priority: 2 - - name: LAN_HA - - name: LB-TRANSIT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: AWS - - name: Equinix - priority: 2 - - name: INET - - name: MPLS - - name: Satellite - priority: 2 - - name: LAN_HA -router_traffic_engineering: - enabled: true -stun: - server: - local_interfaces: - - Ethernet1 - ssl_profile: profileB -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.144.2/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.144.2/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: cv-pathfinder-pathfinder1_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: PROD - vni: 42 - - name: IT - vni: 100 - - name: TRANSIT - vni: 66 - - name: ATTRACTED-VRF-FROM-UPLINK - vni: 166 -metadata: - cv_pathfinder: - applications: - profiles: - - name: VIDEO - builtin_applications: - - name: skype - user_defined_applications: - - name: CUSTOM-APPLICATION-1 - categories: - - category: VIDEO1 - transport_protocols: - - rtp - - name: VOICE - builtin_applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - user_defined_applications: - - name: APP-CONTROL-PLANE - categories: - builtin_applications: - - name: microsoft-teams - category: VIDEO1 - user_defined_applications: - - name: CUSTOM-APPLICATION-2 - category: VIDEO1 - - name: CUSTOM-DSCP-APPLICATION - category: VIDEO1 - role: pathfinder - ssl_profile: profileB - vtep_ip: 192.168.144.2 - region: AVD_Land_West - site: Site423 - address: Somewhere-warm - interfaces: - - name: Ethernet1 - carrier: Orange - circuit_id: '888' - pathgroup: INET - public_ip: 10.8.8.8 - pathgroups: - - name: MPLS - carriers: - - name: Colt - - name: ATT-MPLS - - name: INET - carriers: - - name: Comcast - - name: ATT - - name: Bouygues_Telecom - - name: SFR - - name: Orange - - name: Another-ISP + carriers: + - name: Comcast + - name: ATT + - name: Bouygues_Telecom + - name: SFR + - name: Orange + - name: Another-ISP - name: LTE carriers: - name: Comcast-5G @@ -582,36 +201,36 @@ metadata: carriers: - name: AWS-1 regions: - - name: AVD_Land_West - id: 42 + - id: 42 + name: AVD_Land_West zones: - - name: AVD_Land_West-ZONE - id: 1 + - id: 1 + name: AVD_Land_West-ZONE sites: - - name: Site404 - id: 404 + - id: 404 + name: Site404 location: address: Atlantis - - name: Site405 - id: 405 + - id: 405 + name: Site405 location: address: El Dorado - - name: Site422 - id: 422 + - id: 422 + name: Site422 location: address: Somewhere - - name: Site423 - id: 423 + - id: 423 + name: Site423 location: address: Somewhere-warm - - name: AVD_Land_East - id: 43 + - id: 43 + name: AVD_Land_East zones: - - name: AVD_Land_East-ZONE - id: 1 + - id: 1 + name: AVD_Land_East-ZONE sites: - - name: Site511 - id: 511 + - id: 511 + name: Site511 location: address: Miami vrfs: @@ -677,7 +296,7 @@ metadata: application_profiles: - VOICE - constraints: - lossrate: 42.0 + lossrate: '42.0' id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: @@ -777,34 +396,415 @@ metadata: preference: alternate - name: LAN_HA preference: preferred - cv_tags: - device_tags: - - name: Role - value: pathfinder - - name: Region - value: AVD_Land_West - - name: PathfinderSet - value: PATHFINDERS - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: Orange - - name: Circuit - value: '888' -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false + applications: + profiles: + - name: VIDEO + builtin_applications: + - name: skype + user_defined_applications: + - name: CUSTOM-APPLICATION-1 + categories: + - category: VIDEO1 + transport_protocols: + - rtp + - name: VOICE + builtin_applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + user_defined_applications: + - name: APP-CONTROL-PLANE + categories: + builtin_applications: + - name: microsoft-teams + category: VIDEO1 + user_defined_applications: + - name: CUSTOM-APPLICATION-2 + category: VIDEO1 + - name: CUSTOM-DSCP-APPLICATION + category: VIDEO1 +platform: + sfe: + data_plane_cpu_allocation_max: 3 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.44.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.44.2:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: pathfinder + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-MPLS-ONLY + load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: CUSTOM-VOICE-PROFILE-NAME + load_balance_policy: LB-CUSTOM-VOICE-PROFILE-NAME + - name: TRANSIT-AVT-POLICY-DEFAULT + load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: CUSTOM-VOICE-PROFILE-NAME + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: TRANSIT + policy: TRANSIT-AVT-POLICY + profiles: + - name: CUSTOM-VOICE-PROFILE-NAME + id: 42 + - name: TRANSIT-AVT-POLICY-DEFAULT + id: 1 + - name: ATTRACTED-VRF-FROM-UPLINK + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.44.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp_cluster_id: 192.168.44.2 + bgp: + default: + ipv4_unicast: false + listen_ranges: + - prefix: 192.168.142.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + - prefix: 192.168.143.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + - name: WAN-RR-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 2020 + min_rx: 2000 + multiplier: 3 + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 42 + neighbors: + - ip_address: 192.168.144.3 + peer_group: WAN-RR-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder2 + description: cv-pathfinder-pathfinder2_Dps1 + - ip_address: 6.6.6.6 + peer_group: WAN-RR-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder3 + description: cv-pathfinder-pathfinder3_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-RR-OVERLAY-PEERS + activate: true + encapsulation: path-selection + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + next_hop: + resolution_disabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + - name: WAN-RR-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + missing_policy: + direction_out_action: deny + - name: WAN-RR-OVERLAY-PEERS + activate: true + path_selection: + roles: + consumer: true + propagator: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.44.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_path_selection: + peer_dynamic_source: stun + path_groups: + - name: MPLS + id: 100 + - name: INET + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1 + static_peers: + - router_ip: 192.168.144.3 + name: cv-pathfinder-pathfinder2 + ipv4_addresses: + - 10.9.9.6 + - router_ip: 6.6.6.6 + name: cv-pathfinder-pathfinder3 + ipv4_addresses: + - 10.50.50.50 + - name: LTE + id: 102 + - name: Equinix + id: 103 + - name: Satellite + id: 104 + - name: AWS + id: 105 + - name: LAN_HA + id: 65535 + flow_assignment: lan + load_balance_policies: + - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + path_groups: + - name: AWS + - name: Equinix + priority: 2 + - name: INET + - name: MPLS + - name: Satellite + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: MPLS + - name: INET + - name: Equinix + - name: LAN_HA + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: Equinix + priority: 2 + - name: MPLS + priority: 4223 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 + path_groups: + - name: MPLS + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' + path_groups: + - name: MPLS + - name: LTE + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-MPLS-ONLY + path_groups: + - name: MPLS + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-CUSTOM-VOICE-PROFILE-NAME + path_groups: + - name: MPLS + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-TRANSIT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: AWS + - name: Equinix + priority: 2 + - name: INET + - name: MPLS + - name: Satellite + priority: 2 + - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +stun: + server: + local_interfaces: + - Ethernet1 + ssl_profile: profileB +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: cv-pathfinder-pathfinder1_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: PROD + vni: 42 + - name: IT + vni: 100 + - name: TRANSIT + vni: 66 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index 6da01081346..369f7ba54bc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -1,198 +1,118 @@ -hostname: cv-pathfinder-pathfinder2 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.44.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - route_reflector_client: true - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - - name: WAN-RR-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 42 - bfd_timers: - interval: 2020 - min_rx: 2000 - multiplier: 3 - route_reflector_client: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - - name: WAN-RR-OVERLAY-PEERS - activate: false - bgp_cluster_id: 192.168.44.3 - listen_ranges: - - prefix: 192.168.142.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - - prefix: 192.168.143.0/24 - peer_group: WAN-OVERLAY-PEERS - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: WAN-RR-OVERLAY-PEERS - activate: true - encapsulation: path-selection - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - next_hop: - resolution_disabled: true - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - missing_policy: - direction_out_action: deny - - name: WAN-RR-OVERLAY-PEERS - activate: true - path_selection: - roles: - consumer: true - propagator: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - - name: WAN-RR-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - neighbors: - - ip_address: 192.168.144.2 - peer_group: WAN-RR-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder1 - description: cv-pathfinder-pathfinder1_Dps1 - - ip_address: 6.6.6.6 - peer_group: WAN-RR-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder3 - description: cv-pathfinder-pathfinder3_Dps1 - vrfs: - - name: default - rd: 192.168.44.3:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-LOCAL-VTEP-IP + prefix_values: + - 192.168.144.3/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + src_prefix_set_name: PFX-LOCAL-VTEP-IP + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.144.3/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -platform: - sfe: - data_plane_cpu_allocation_max: 3 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: 10.9.9.9/31 + description: SFR_999 shutdown: false + ip_address: 10.9.9.9/31 + peer_type: l3_interface switchport: enabled: false - description: SFR_999 - name: Ethernet2 - peer_type: l3_interface - ip_address: 172.19.9.9/31 + description: ATT-MPLS_10999 shutdown: false + ip_address: 172.19.9.9/31 + peer_type: l3_interface switchport: enabled: false - description: ATT-MPLS_10999 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.44.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.44.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - set: - - extcommunity soo 192.168.44.3:0 additive -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-pathfinder2 ip_extcommunity_lists: - name: ECL-EVPN-SOO entries: - type: permit extcommunities: soo 192.168.44.3:0 +ip_routing: true ip_security: ike_policies: - name: CP-IKE-POLICY @@ -213,388 +133,84 @@ ip_security: time: 50 action: clear mode: transport +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.44.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: ssl_profiles: - name: profileB - certificate: - file: profileB.crt - key: profileB.key + tls_versions: '1.2' trust_certificate: certificates: - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' -router_adaptive_virtual_topology: - topology_role: pathfinder - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - - name: DEFAULT-AVT-POLICY-VIDEO - load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO - - name: DEFAULT-AVT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY-VOICE - load_balance_policy: LB-PROD-AVT-POLICY-VOICE - - name: PROD-AVT-POLICY-VIDEO - load_balance_policy: LB-PROD-AVT-POLICY-VIDEO - - name: PROD-AVT-POLICY-MPLS-ONLY - load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY - - name: PROD-AVT-POLICY-DEFAULT - load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT - - name: CUSTOM-VOICE-PROFILE-NAME - load_balance_policy: LB-CUSTOM-VOICE-PROFILE-NAME - - name: TRANSIT-AVT-POLICY-DEFAULT - load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY-DEFAULT - load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - vrfs: - - name: default - policy: DEFAULT-AVT-POLICY-WITH-CP - profiles: - - name: DEFAULT-AVT-POLICY-CONTROL-PLANE - id: 254 - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: PROD - policy: PROD-AVT-POLICY - profiles: - - name: PROD-AVT-POLICY-VOICE - id: 2 - - name: PROD-AVT-POLICY-VIDEO - id: 4 - - name: PROD-AVT-POLICY-MPLS-ONLY - id: 5 - - name: PROD-AVT-POLICY-DEFAULT - id: 1 - - name: IT - policy: DEFAULT-AVT-POLICY - profiles: - - name: DEFAULT-AVT-POLICY-VIDEO - id: 3 - - name: DEFAULT-AVT-POLICY-DEFAULT - id: 1 - - name: TRANSIT - policy: TRANSIT-AVT-POLICY - profiles: - - name: CUSTOM-VOICE-PROFILE-NAME - id: 42 - - name: TRANSIT-AVT-POLICY-DEFAULT - id: 1 - - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: TRANSIT-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: CUSTOM-VOICE-PROFILE-NAME - - application_profile: default - avt_profile: TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto - path_groups: - - name: MPLS - id: 100 - local_interfaces: - - name: Ethernet2 - static_peers: - - router_ip: 6.6.6.6 - name: cv-pathfinder-pathfinder3 - ipv4_addresses: - - 172.17.17.17 - keepalive: - interval: 300 - failure_threshold: 5 - - name: INET - id: 101 - local_interfaces: + certificate: + file: profileB.crt + key: profileB.key +metadata: + cv_tags: + device_tags: + - name: Role + value: pathfinder + - name: Region + value: AVD_Land_East + - name: PathfinderSet + value: PATHFINDERS + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: SFR + - name: Circuit + value: '999' + - interface: Ethernet2 + tags: + - name: Type + value: wan + - name: Carrier + value: ATT-MPLS + - name: Circuit + value: '10999' + cv_pathfinder: + role: pathfinder + region: AVD_Land_East + vtep_ip: 192.168.144.3 + ssl_profile: profileB + interfaces: - name: Ethernet1 - static_peers: - - router_ip: 192.168.144.2 - name: cv-pathfinder-pathfinder1 - ipv4_addresses: - - 10.8.8.8 - - router_ip: 6.6.6.6 - name: cv-pathfinder-pathfinder3 - ipv4_addresses: - - 10.50.50.50 - ipsec_profile: CP-PROFILE - - name: LTE - id: 102 - - name: Equinix - id: 103 - - name: Satellite - id: 104 - - name: AWS - id: 105 - - name: LAN_HA - id: 65535 - flow_assignment: lan - peer_dynamic_source: stun - load_balance_policies: - - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE - path_groups: - - name: AWS - - name: Equinix - priority: 2 - - name: INET - - name: MPLS - - name: Satellite - priority: 2 - - name: LAN_HA - - name: LB-DEFAULT-AVT-POLICY-VIDEO - path_groups: + carrier: SFR + circuit_id: '999' + pathgroup: INET + public_ip: 10.9.9.6 + - name: Ethernet2 + carrier: ATT-MPLS + circuit_id: '10999' + pathgroup: MPLS + public_ip: 10.9.9.5 + pathgroups: - name: MPLS + carriers: + - name: Colt + - name: ATT-MPLS - name: INET - - name: Equinix - - name: LAN_HA - - name: LB-DEFAULT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: Equinix - priority: 2 - - name: MPLS - priority: 4223 - - name: LAN_HA - - name: LB-PROD-AVT-POLICY-VOICE - path_groups: - - name: MPLS - - name: INET - priority: 2 - - name: LAN_HA - jitter: 42 - lowest_hop_count: true - - name: LB-PROD-AVT-POLICY-VIDEO - path_groups: - - name: MPLS - - name: LTE - - name: INET - priority: 2 - - name: LAN_HA - loss_rate: '42.0' - - name: LB-PROD-AVT-POLICY-MPLS-ONLY - path_groups: - - name: MPLS - - name: LAN_HA - - name: LB-PROD-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-CUSTOM-VOICE-PROFILE-NAME - path_groups: - - name: MPLS - - name: INET - priority: 2 - - name: LAN_HA - - name: LB-TRANSIT-AVT-POLICY-DEFAULT - path_groups: - - name: INET - - name: MPLS - priority: 2 - - name: LAN_HA - - name: LB-DEFAULT-POLICY-DEFAULT - path_groups: - - name: AWS - - name: Equinix - priority: 2 - - name: INET - - name: MPLS - - name: Satellite - priority: 2 - - name: LAN_HA -router_traffic_engineering: - enabled: true -stun: - server: - local_interfaces: - - Ethernet1 - - Ethernet2 - ssl_profile: profileB -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - src_prefix_set_name: PFX-LOCAL-VTEP-IP - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-LOCAL-VTEP-IP - prefix_values: - - 192.168.144.3/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.144.3/32 - flow_tracker: - hardware: FLOW-TRACKER -vxlan_interface: - vxlan1: - description: cv-pathfinder-pathfinder2_VTEP - vxlan: - udp_port: 4789 - source_interface: Dps1 - vrfs: - - name: default - vni: 1 - - name: PROD - vni: 42 - - name: IT - vni: 100 - - name: TRANSIT - vni: 66 - - name: ATTRACTED-VRF-FROM-UPLINK - vni: 166 -metadata: - cv_pathfinder: - applications: - profiles: - - name: VIDEO - builtin_applications: - - name: skype - user_defined_applications: - - name: CUSTOM-APPLICATION-1 - categories: - - category: VIDEO1 - transport_protocols: - - rtp - - name: VOICE - builtin_applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - user_defined_applications: - - name: APP-CONTROL-PLANE - categories: - builtin_applications: - - name: microsoft-teams - category: VIDEO1 - user_defined_applications: - - name: CUSTOM-APPLICATION-2 - category: VIDEO1 - - name: CUSTOM-DSCP-APPLICATION - category: VIDEO1 - role: pathfinder - ssl_profile: profileB - vtep_ip: 192.168.144.3 - region: AVD_Land_East - interfaces: - - name: Ethernet1 - carrier: SFR - circuit_id: '999' - pathgroup: INET - public_ip: 10.9.9.6 - - name: Ethernet2 - carrier: ATT-MPLS - circuit_id: '10999' - pathgroup: MPLS - public_ip: 10.9.9.5 - pathgroups: - - name: MPLS - carriers: - - name: Colt - - name: ATT-MPLS - - name: INET - carriers: - - name: Comcast - - name: ATT - - name: Bouygues_Telecom - - name: SFR - - name: Orange - - name: Another-ISP - - name: LTE - carriers: - - name: Comcast-5G + carriers: + - name: Comcast + - name: ATT + - name: Bouygues_Telecom + - name: SFR + - name: Orange + - name: Another-ISP + - name: LTE + carriers: + - name: Comcast-5G - name: Equinix - name: Satellite carriers: @@ -603,36 +219,36 @@ metadata: carriers: - name: AWS-1 regions: - - name: AVD_Land_West - id: 42 + - id: 42 + name: AVD_Land_West zones: - - name: AVD_Land_West-ZONE - id: 1 + - id: 1 + name: AVD_Land_West-ZONE sites: - - name: Site404 - id: 404 + - id: 404 + name: Site404 location: address: Atlantis - - name: Site405 - id: 405 + - id: 405 + name: Site405 location: address: El Dorado - - name: Site422 - id: 422 + - id: 422 + name: Site422 location: address: Somewhere - - name: Site423 - id: 423 + - id: 423 + name: Site423 location: address: Somewhere-warm - - name: AVD_Land_East - id: 43 + - id: 43 + name: AVD_Land_East zones: - - name: AVD_Land_East-ZONE - id: 1 + - id: 1 + name: AVD_Land_East-ZONE sites: - - name: Site511 - id: 511 + - id: 511 + name: Site511 location: address: Miami vrfs: @@ -698,7 +314,7 @@ metadata: application_profiles: - VOICE - constraints: - lossrate: 42.0 + lossrate: '42.0' id: 4 name: PROD-AVT-POLICY-VIDEO pathgroups: @@ -798,42 +414,426 @@ metadata: preference: alternate - name: LAN_HA preference: preferred - cv_tags: - device_tags: - - name: Role - value: pathfinder - - name: Region - value: AVD_Land_East - - name: PathfinderSet - value: PATHFINDERS - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: SFR - - name: Circuit - value: '999' - - interface: Ethernet2 - tags: - - name: Type - value: wan - - name: Carrier - value: ATT-MPLS - - name: Circuit - value: '10999' -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false + applications: + profiles: + - name: VIDEO + builtin_applications: + - name: skype + user_defined_applications: + - name: CUSTOM-APPLICATION-1 + categories: + - category: VIDEO1 + transport_protocols: + - rtp + - name: VOICE + builtin_applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + user_defined_applications: + - name: APP-CONTROL-PLANE + categories: + builtin_applications: + - name: microsoft-teams + category: VIDEO1 + user_defined_applications: + - name: CUSTOM-APPLICATION-2 + category: VIDEO1 + - name: CUSTOM-DSCP-APPLICATION + category: VIDEO1 +platform: + sfe: + data_plane_cpu_allocation_max: 3 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.44.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + set: + - extcommunity soo 192.168.44.3:0 additive +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO +router_adaptive_virtual_topology: + topology_role: pathfinder + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + load_balance_policy: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + - name: DEFAULT-AVT-POLICY-VIDEO + load_balance_policy: LB-DEFAULT-AVT-POLICY-VIDEO + - name: DEFAULT-AVT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY-VOICE + load_balance_policy: LB-PROD-AVT-POLICY-VOICE + - name: PROD-AVT-POLICY-VIDEO + load_balance_policy: LB-PROD-AVT-POLICY-VIDEO + - name: PROD-AVT-POLICY-MPLS-ONLY + load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY + - name: PROD-AVT-POLICY-DEFAULT + load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT + - name: CUSTOM-VOICE-PROFILE-NAME + load_balance_policy: LB-CUSTOM-VOICE-PROFILE-NAME + - name: TRANSIT-AVT-POLICY-DEFAULT + load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY-DEFAULT + load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: CUSTOM-VOICE-PROFILE-NAME + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + vrfs: + - name: default + policy: DEFAULT-AVT-POLICY-WITH-CP + profiles: + - name: DEFAULT-AVT-POLICY-CONTROL-PLANE + id: 254 + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: PROD + policy: PROD-AVT-POLICY + profiles: + - name: PROD-AVT-POLICY-VOICE + id: 2 + - name: PROD-AVT-POLICY-VIDEO + id: 4 + - name: PROD-AVT-POLICY-MPLS-ONLY + id: 5 + - name: PROD-AVT-POLICY-DEFAULT + id: 1 + - name: IT + policy: DEFAULT-AVT-POLICY + profiles: + - name: DEFAULT-AVT-POLICY-VIDEO + id: 3 + - name: DEFAULT-AVT-POLICY-DEFAULT + id: 1 + - name: TRANSIT + policy: TRANSIT-AVT-POLICY + profiles: + - name: CUSTOM-VOICE-PROFILE-NAME + id: 42 + - name: TRANSIT-AVT-POLICY-DEFAULT + id: 1 + - name: ATTRACTED-VRF-FROM-UPLINK + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.44.3 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp_cluster_id: 192.168.44.3 + bgp: + default: + ipv4_unicast: false + listen_ranges: + - prefix: 192.168.142.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + - prefix: 192.168.143.0/24 + peer_group: WAN-OVERLAY-PEERS + remote_as: '65000' + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + - name: WAN-RR-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + route_reflector_client: true + bfd: true + bfd_timers: + interval: 2020 + min_rx: 2000 + multiplier: 3 + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 42 + neighbors: + - ip_address: 192.168.144.2 + peer_group: WAN-RR-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder1 + description: cv-pathfinder-pathfinder1_Dps1 + - ip_address: 6.6.6.6 + peer_group: WAN-RR-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder3 + description: cv-pathfinder-pathfinder3_Dps1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-RR-OVERLAY-PEERS + activate: true + encapsulation: path-selection + - name: WAN-OVERLAY-PEERS + activate: true + encapsulation: path-selection + next_hop: + resolution_disabled: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + - name: WAN-RR-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + missing_policy: + direction_out_action: deny + - name: WAN-RR-OVERLAY-PEERS + activate: true + path_selection: + roles: + consumer: true + propagator: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + - name: WAN-RR-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 192.168.44.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT +router_path_selection: + peer_dynamic_source: stun + path_groups: + - name: MPLS + id: 100 + local_interfaces: + - name: Ethernet2 + static_peers: + - router_ip: 6.6.6.6 + name: cv-pathfinder-pathfinder3 + ipv4_addresses: + - 172.17.17.17 + keepalive: + interval: 300 + failure_threshold: 5 + - name: INET + id: 101 + ipsec_profile: CP-PROFILE + local_interfaces: + - name: Ethernet1 + static_peers: + - router_ip: 192.168.144.2 + name: cv-pathfinder-pathfinder1 + ipv4_addresses: + - 10.8.8.8 + - router_ip: 6.6.6.6 + name: cv-pathfinder-pathfinder3 + ipv4_addresses: + - 10.50.50.50 + - name: LTE + id: 102 + - name: Equinix + id: 103 + - name: Satellite + id: 104 + - name: AWS + id: 105 + - name: LAN_HA + id: 65535 + flow_assignment: lan + load_balance_policies: + - name: LB-DEFAULT-AVT-POLICY-CONTROL-PLANE + path_groups: + - name: AWS + - name: Equinix + priority: 2 + - name: INET + - name: MPLS + - name: Satellite + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-AVT-POLICY-VIDEO + path_groups: + - name: MPLS + - name: INET + - name: Equinix + - name: LAN_HA + - name: LB-DEFAULT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: Equinix + priority: 2 + - name: MPLS + priority: 4223 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 + path_groups: + - name: MPLS + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' + path_groups: + - name: MPLS + - name: LTE + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-MPLS-ONLY + path_groups: + - name: MPLS + - name: LAN_HA + - name: LB-PROD-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-CUSTOM-VOICE-PROFILE-NAME + path_groups: + - name: MPLS + - name: INET + priority: 2 + - name: LAN_HA + - name: LB-TRANSIT-AVT-POLICY-DEFAULT + path_groups: + - name: INET + - name: MPLS + priority: 2 + - name: LAN_HA + - name: LB-DEFAULT-POLICY-DEFAULT + path_groups: + - name: AWS + - name: Equinix + priority: 2 + - name: INET + - name: MPLS + - name: Satellite + priority: 2 + - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_traffic_engineering: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +stun: + server: + local_interfaces: + - Ethernet1 + - Ethernet2 + ssl_profile: profileB +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +vxlan_interface: + vxlan1: + description: cv-pathfinder-pathfinder2_VTEP + vxlan: + source_interface: Dps1 + udp_port: 4789 + vrfs: + - name: default + vni: 1 + - name: PROD + vni: 42 + - name: IT + vni: 100 + - name: TRANSIT + vni: 66 + - name: ATTRACTED-VRF-FROM-UPLINK + vni: 166 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml index b42ca1cd3e3..5e124a6e268 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml @@ -1,307 +1,333 @@ -hostname: cv-pathfinder-transit1A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.43.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-enabled-leaf1 - description: site-ha-enabled-leaf1_Ethernet1 - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.143.2 - peer: cv-pathfinder-transit1B - description: cv-pathfinder-transit1B - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: IT - router_id: 192.168.43.1 - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf1_Ethernet1.1000_vrf_IT - rd: 192.168.43.1:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD - router_id: 192.168.43.1 - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf1_Ethernet1.142_vrf_PROD - rd: 192.168.43.1:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK - router_id: 192.168.43.1 - neighbors: - - ip_address: 172.17.0.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf1_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK - rd: 192.168.43.1:666 - route_targets: - import: - - address_family: evpn - route_targets: - - 666:666 - export: - - address_family: evpn - route_targets: - - 666:666 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.43.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: NOT-WAN-VRF - router_id: 192.168.43.1 - redistribute: - connected: - enabled: true - - name: TRANSIT - rd: 192.168.43.1:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - router_id: 192.168.43.1 - redistribute: - connected: - enabled: true - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.143.2 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.143.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: NOT-WAN-VRF - tenant: TenantB - ip_routing: true -- name: TRANSIT - tenant: TenantB - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet52 - peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_site-ha-enabled-leaf1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.1/31 -- name: Ethernet52.1000 peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1.1000 + peer_interface: Ethernet1 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet52.1000 description: P2P_site-ha-enabled-leaf1_Ethernet1.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.1/31 -- name: Ethernet52.142 peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1.142 + peer_interface: Ethernet1.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet52.142 description: P2P_site-ha-enabled-leaf1_Ethernet1.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.1/31 -- name: Ethernet52.666 peer: site-ha-enabled-leaf1 - peer_interface: Ethernet1.666 + peer_interface: Ethernet1.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet52.666 description: P2P_site-ha-enabled-leaf1_Ethernet1.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.1/31 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet1.666 + peer_type: l3leaf - name: Ethernet1.42 - peer_type: l3_interface - ip_address: dhcp - shutdown: false description: Comcast + shutdown: false encapsulation_dot1q: vlan: 42 + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet2.42 peer_type: l3_interface - ip_address: 172.16.6.6/31 - shutdown: false +- name: Ethernet2.42 description: Colt_10666 + shutdown: false encapsulation_dot1q: vlan: 666 + ip_address: 172.16.6.6/31 ip_nat: service_profile: NAT-IE-DIRECT + peer_type: l3_interface - name: Ethernet1 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false - name: Ethernet2 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-transit1A +ip_access_lists: +- name: ACL-NAT-IE-DIRECT + entries: + - sequence: 10 + action: deny + protocol: ip + source: 172.16.6.6 + destination: any + - sequence: 20 + action: permit + protocol: ip + source: any + destination: any +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.43.1:422 +ip_nat: + profiles: + - name: NAT-IE-DIRECT + source: + dynamic: + - access_list: ACL-NAT-IE-DIRECT + nat_type: overload +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.143.1 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.43.1/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site422 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet52.1000 + tags: + - name: Type + value: lan + - interface: Ethernet52.142 + tags: + - name: Type + value: lan + - interface: Ethernet52.666 + tags: + - name: Type + value: lan + - interface: Ethernet1.42 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Ethernet2.42 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10666' + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site422 + vtep_ip: 192.168.143.1 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1.42 + carrier: Comcast + pathgroup: INET + - name: Ethernet2.42 + carrier: Colt + circuit_id: '10666' + pathgroup: MPLS +monitor_connectivity: + shutdown: false + interface_sets: + - name: SET-Ethernet2.42 + interfaces: Ethernet2.42 + hosts: + - name: IE-Ethernet2.42 + description: Internet Exit DIRECT-EXIT-POLICY-2 + ip: 123.12.3.4 + local_interfaces: SET-Ethernet2.42 + address_only: false prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -397,62 +423,7 @@ route_maps: - sequence: 10 type: permit match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.43.1:422 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.143.1 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: transit region region: @@ -486,6 +457,41 @@ router_adaptive_virtual_topology: load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: CUSTOM-VOICE-PROFILE-NAME + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-AVT-POLICY-WITH-CP @@ -526,52 +532,214 @@ router_adaptive_virtual_topology: profiles: - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: TRANSIT-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: CUSTOM-VOICE-PROFILE-NAME - - application_profile: default - avt_profile: TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.43.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet1 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.143.2 + remote_as: '65000' + peer: cv-pathfinder-transit1B + description: cv-pathfinder-transit1B + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.143.2 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: IT + rd: 192.168.43.1:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet1.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.43.1:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet1.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.43.1:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 + router_id: 192.168.43.1 + neighbors: + - ip_address: 172.17.0.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet1.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.43.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: NOT-WAN-VRF + router_id: 192.168.43.1 + redistribute: + connected: + enabled: true + - name: TRANSIT + rd: 192.168.43.1:66 + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.43.1 + redistribute: + connected: + enabled: true +router_internet_exit: + policies: + - name: DIRECT-EXIT-POLICY-2 + exit_groups: + - name: DIRECT-EXIT-POLICY-2 + - name: system-default-exit-group + exit_groups: + - name: DIRECT-EXIT-POLICY-2 + local_connections: + - name: IE-Ethernet2.42 router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1.42 stun: @@ -586,7 +754,6 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: MPLS id: 100 local_interfaces: @@ -633,20 +800,20 @@ router_path_selection: priority: 4223 - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: MPLS - name: INET priority: 2 - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: MPLS - name: INET priority: 2 - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: MPLS @@ -674,8 +841,21 @@ router_path_selection: - name: INET - name: MPLS - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto +router_service_insertion: + enabled: true + connections: + - name: IE-Ethernet2.42 + ethernet_interface: + name: Ethernet2.42 + next_hop: 123.12.3.4 + monitor_connectivity_host: IE-Ethernet2.42 router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -688,119 +868,31 @@ stun: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 ip_address: 172.16.0.1 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -ip_access_lists: -- name: ACL-NAT-IE-DIRECT - entries: - - sequence: 10 - action: deny - protocol: ip - source: 172.16.6.6 - destination: any - - sequence: 20 - action: permit - protocol: ip - source: any - destination: any -ip_nat: - profiles: - - name: NAT-IE-DIRECT - source: - dynamic: - - access_list: ACL-NAT-IE-DIRECT - nat_type: overload -router_service_insertion: - enabled: true - connections: - - name: IE-Ethernet2.42 - monitor_connectivity_host: IE-Ethernet2.42 - ethernet_interface: - name: Ethernet2.42 - next_hop: 123.12.3.4 -router_internet_exit: - exit_groups: - - name: DIRECT-EXIT-POLICY-2 - local_connections: - - name: IE-Ethernet2.42 - policies: - - name: DIRECT-EXIT-POLICY-2 - exit_groups: - - name: DIRECT-EXIT-POLICY-2 - - name: system-default-exit-group -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.143.1/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA +- name: NOT-WAN-VRF + ip_routing: true + tenant: TenantB +- name: TRANSIT + ip_routing: true + tenant: TenantB +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true + tenant: TenantC vxlan_interface: vxlan1: description: cv-pathfinder-transit1A_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -812,96 +904,3 @@ vxlan_interface: vni: 66 - name: ATTRACTED-VRF-FROM-UPLINK vni: 166 -monitor_connectivity: - interface_sets: - - name: SET-Ethernet2.42 - interfaces: Ethernet2.42 - hosts: - - name: IE-Ethernet2.42 - description: Internet Exit DIRECT-EXIT-POLICY-2 - ip: 123.12.3.4 - local_interfaces: SET-Ethernet2.42 - address_only: false - shutdown: false -metadata: - cv_pathfinder: - internet_exit_policies: [] - role: transit region - ssl_profile: profileA - vtep_ip: 192.168.143.1 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site422 - interfaces: - - name: Ethernet1.42 - carrier: Comcast - pathgroup: INET - - name: Ethernet2.42 - carrier: Colt - circuit_id: '10666' - pathgroup: MPLS - pathfinders: - - vtep_ip: 192.168.144.1 - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site422 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet52.1000 - tags: - - name: Type - value: lan - - interface: Ethernet52.142 - tags: - - name: Type - value: lan - - interface: Ethernet52.666 - tags: - - name: Type - value: lan - - interface: Ethernet1.42 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast - - interface: Ethernet2.42 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10666' - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: lan -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml index 4b42d7cbaa8..99c4f3c54d2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml @@ -1,305 +1,300 @@ -hostname: cv-pathfinder-transit1B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.43.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65000' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - peer: site-ha-enabled-leaf1 - description: site-ha-enabled-leaf1_Ethernet2 - - ip_address: 192.168.144.1 - peer_group: WAN-OVERLAY-PEERS - peer: cv-pathfinder-pathfinder - description: cv-pathfinder-pathfinder_Dps1 - - ip_address: 192.168.143.1 - peer: cv-pathfinder-transit1A - description: cv-pathfinder-transit1A - remote_as: '65000' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - vrfs: - - name: IT - router_id: 192.168.43.2 - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf1_Ethernet2.1000_vrf_IT - rd: 192.168.43.2:1000 - route_targets: - import: - - address_family: evpn - route_targets: - - 1000:1000 - export: - - address_family: evpn - route_targets: - - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD - router_id: 192.168.43.2 - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf1_Ethernet2.142_vrf_PROD - rd: 192.168.43.2:142 - route_targets: - import: - - address_family: evpn - route_targets: - - 142:142 - export: - - address_family: evpn - route_targets: - - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK - router_id: 192.168.43.2 - neighbors: - - ip_address: 172.17.0.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65199' - description: site-ha-enabled-leaf1_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK - rd: 192.168.43.2:666 - route_targets: - import: - - address_family: evpn - route_targets: - - 666:666 - export: - - address_family: evpn - route_targets: - - 666:666 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.43.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT - - name: NOT-WAN-VRF - router_id: 192.168.43.2 - redistribute: - connected: - enabled: true - - name: TRANSIT - rd: 192.168.43.2:66 - route_targets: - import: - - address_family: evpn - route_targets: - - 66:66 - export: - - address_family: evpn - route_targets: - - 66:66 - router_id: 192.168.43.2 - redistribute: - connected: - enabled: true - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 192.168.143.1 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + categories: + - name: VIDEO1 + applications: + - name: CUSTOM-APPLICATION-2 + - name: CUSTOM-DSCP-APPLICATION + - name: microsoft-teams + field_sets: + l4_ports: + - name: TCP-SRC-2 + port_values: + - '42' + - name: TCP-DEST-2 + port_values: + - '666' + - '777' + ipv4_prefixes: + - name: CUSTOM-SRC-PREFIX-1 + prefix_values: + - 42.42.42.0/24 + - name: CUSTOM-DEST-PREFIX-1 + prefix_values: + - 6.6.6.0/24 + - name: PFX-PATHFINDERS + prefix_values: + - 192.168.144.1/32 + applications: + ipv4_applications: + - name: CUSTOM-APPLICATION-1 + src_prefix_set_name: CUSTOM-SRC-PREFIX-1 + dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 + protocols: + - tcp + - name: CUSTOM-APPLICATION-2 + protocols: + - tcp + tcp_src_port_set_name: TCP-SRC-2 + tcp_dest_port_set_name: TCP-DEST-2 + - name: CUSTOM-DSCP-APPLICATION + dscp_ranges: + - ef + - 12-14 + - cs6 + - '42' + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: VIDEO + applications: + - name: CUSTOM-APPLICATION-1 + - name: skype + application_transports: + - rtp + categories: + - name: VIDEO1 + - name: VOICE + applications: + - name: CUSTOM-VOICE-APPLICATION + - name: MPLS-ONLY + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65000' config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.143.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: NOT-WAN-VRF - tenant: TenantB - ip_routing: true -- name: TRANSIT - tenant: TenantB - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet52 - peer: site-ha-enabled-leaf1 - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_site-ha-enabled-leaf1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.17.0.3/31 -- name: Ethernet52.1000 peer: site-ha-enabled-leaf1 - peer_interface: Ethernet2.1000 + peer_interface: Ethernet2 peer_type: l3leaf - vrf: IT + switchport: + enabled: false +- name: Ethernet52.1000 description: P2P_site-ha-enabled-leaf1_Ethernet2.1000_VRF_IT shutdown: false + mtu: 9214 + vrf: IT encapsulation_dot1q: vlan: 1000 - mtu: 9214 ip_address: 172.17.0.3/31 -- name: Ethernet52.142 peer: site-ha-enabled-leaf1 - peer_interface: Ethernet2.142 + peer_interface: Ethernet2.1000 peer_type: l3leaf - vrf: PROD +- name: Ethernet52.142 description: P2P_site-ha-enabled-leaf1_Ethernet2.142_VRF_PROD shutdown: false + mtu: 9214 + vrf: PROD encapsulation_dot1q: vlan: 142 - mtu: 9214 ip_address: 172.17.0.3/31 -- name: Ethernet52.666 peer: site-ha-enabled-leaf1 - peer_interface: Ethernet2.666 + peer_interface: Ethernet2.142 peer_type: l3leaf - vrf: ATTRACTED-VRF-FROM-UPLINK +- name: Ethernet52.666 description: P2P_site-ha-enabled-leaf1_Ethernet2.666_VRF_ATTRACTED-VRF-FROM-UPLINK shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK encapsulation_dot1q: vlan: 666 - mtu: 9214 ip_address: 172.17.0.3/31 + peer: site-ha-enabled-leaf1 + peer_interface: Ethernet2.666 + peer_type: l3leaf - name: Ethernet1.42 - peer_type: l3_interface - ip_address: dhcp - shutdown: false description: Comcast + shutdown: false encapsulation_dot1q: vlan: 42 + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet2.42 peer_type: l3_interface - ip_address: 172.16.6.6/31 - shutdown: false +- name: Ethernet2.42 description: Colt_10666 + shutdown: false encapsulation_dot1q: vlan: 666 + ip_address: 172.16.6.6/31 + peer_type: l3_interface - name: Ethernet1 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false - name: Ethernet2 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: cv-pathfinder-transit1B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.43.1:422 +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.143.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + sa_policy: DP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890666 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: ABCDEF1234567890 + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.43.2/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65000' +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: profileA + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: profileA.crt + key: profileA.key +metadata: + cv_tags: + device_tags: + - name: Role + value: transit region + - name: Region + value: AVD_Land_West + - name: Zone + value: AVD_Land_West-ZONE + - name: Site + value: Site422 + interface_tags: + - interface: Ethernet52 + tags: + - name: Type + value: lan + - interface: Ethernet52.1000 + tags: + - name: Type + value: lan + - interface: Ethernet52.142 + tags: + - name: Type + value: lan + - interface: Ethernet52.666 + tags: + - name: Type + value: lan + - interface: Ethernet1.42 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - interface: Ethernet2.42 + tags: + - name: Type + value: wan + - name: Carrier + value: Colt + - name: Circuit + value: '10666' + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + cv_pathfinder: + role: transit region + region: AVD_Land_West + zone: AVD_Land_West-ZONE + site: Site422 + vtep_ip: 192.168.143.2 + ssl_profile: profileA + pathfinders: + - vtep_ip: 192.168.144.1 + interfaces: + - name: Ethernet1.42 + carrier: Comcast + pathgroup: INET + - name: Ethernet2.42 + carrier: Colt + circuit_id: '10666' + pathgroup: MPLS prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -360,97 +355,42 @@ route_maps: - sequence: 10 type: deny match: - - extcommunity ECL-EVPN-SOO - - sequence: 20 - type: permit -- name: RM-EVPN-SOO-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - extcommunity soo 192.168.43.1:422 additive -- name: RM-WAN-HA-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - description: Set tag 50 on routes received from HA peer over EVPN - set: - - tag 50 -- name: RM-WAN-HA-PEER-OUT - sequence_numbers: - - sequence: 10 - type: permit - description: Make EVPN routes learned from WAN less preferred on HA peer - match: - - route-type internal - set: - - local-preference 50 - - sequence: 20 - type: permit - description: Make locally injected routes less preferred on HA peer - set: - - local-preference 75 -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.43.1:422 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.143.2 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: profileA - certificate: - file: profileA.crt - key: profileA.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' + - extcommunity ECL-EVPN-SOO + - sequence: 20 + type: permit +- name: RM-EVPN-SOO-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - extcommunity soo 192.168.43.1:422 additive +- name: RM-WAN-HA-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Set tag 50 on routes received from HA peer over EVPN + set: + - tag 50 +- name: RM-WAN-HA-PEER-OUT + sequence_numbers: + - sequence: 10 + type: permit + description: Make EVPN routes learned from WAN less preferred on HA peer + match: + - route-type internal + set: + - local-preference 50 + - sequence: 20 + type: permit + description: Make locally injected routes less preferred on HA peer + set: + - local-preference 75 +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: transit region region: @@ -483,6 +423,41 @@ router_adaptive_virtual_topology: load_balance_policy: LB-TRANSIT-AVT-POLICY-DEFAULT - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-AVT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: PROD-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: PROD-AVT-POLICY-VOICE + - application_profile: VIDEO + avt_profile: PROD-AVT-POLICY-VIDEO + - application_profile: MPLS-ONLY + avt_profile: PROD-AVT-POLICY-MPLS-ONLY + - application_profile: default + avt_profile: PROD-AVT-POLICY-DEFAULT + - name: DEFAULT-AVT-POLICY + matches: + - application_profile: VIDEO + avt_profile: DEFAULT-AVT-POLICY-VIDEO + - application_profile: default + avt_profile: DEFAULT-AVT-POLICY-DEFAULT + - name: TRANSIT-AVT-POLICY + matches: + - application_profile: VOICE + avt_profile: CUSTOM-VOICE-PROFILE-NAME + - application_profile: default + avt_profile: TRANSIT-AVT-POLICY-DEFAULT + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-AVT-POLICY-WITH-CP @@ -512,63 +487,215 @@ router_adaptive_virtual_topology: - name: DEFAULT-AVT-POLICY-DEFAULT id: 1 - name: TRANSIT - policy: TRANSIT-AVT-POLICY - profiles: - - name: CUSTOM-VOICE-PROFILE-NAME - id: 42 - - name: TRANSIT-AVT-POLICY-DEFAULT - id: 1 - - name: ATTRACTED-VRF-FROM-UPLINK - policy: DEFAULT-POLICY - profiles: - - name: DEFAULT-POLICY-DEFAULT - id: 1 - policies: - - name: DEFAULT-AVT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-AVT-POLICY-CONTROL-PLANE - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: PROD-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: PROD-AVT-POLICY-VOICE - - application_profile: VIDEO - avt_profile: PROD-AVT-POLICY-VIDEO - - application_profile: MPLS-ONLY - avt_profile: PROD-AVT-POLICY-MPLS-ONLY - - application_profile: default - avt_profile: PROD-AVT-POLICY-DEFAULT - - name: DEFAULT-AVT-POLICY - matches: - - application_profile: VIDEO - avt_profile: DEFAULT-AVT-POLICY-VIDEO - - application_profile: default - avt_profile: DEFAULT-AVT-POLICY-DEFAULT - - name: TRANSIT-AVT-POLICY - matches: - - application_profile: VOICE - avt_profile: CUSTOM-VOICE-PROFILE-NAME - - application_profile: default - avt_profile: TRANSIT-AVT-POLICY-DEFAULT - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + policy: TRANSIT-AVT-POLICY + profiles: + - name: CUSTOM-VOICE-PROFILE-NAME + id: 42 + - name: TRANSIT-AVT-POLICY-DEFAULT + id: 1 + - name: ATTRACTED-VRF-FROM-UPLINK + policy: DEFAULT-POLICY + profiles: + - name: DEFAULT-POLICY-DEFAULT + id: 1 +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.43.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65000' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + peer: site-ha-enabled-leaf1 + description: site-ha-enabled-leaf1_Ethernet2 + - ip_address: 192.168.144.1 + peer_group: WAN-OVERLAY-PEERS + peer: cv-pathfinder-pathfinder + description: cv-pathfinder-pathfinder_Dps1 + - ip_address: 192.168.143.1 + remote_as: '65000' + peer: cv-pathfinder-transit1A + description: cv-pathfinder-transit1A + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 192.168.143.1 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: IT + rd: 192.168.43.2:1000 + route_targets: + import: + - address_family: evpn + route_targets: + - 1000:1000 + export: + - address_family: evpn + route_targets: + - 1000:1000 + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet2.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD + rd: 192.168.43.2:142 + route_targets: + import: + - address_family: evpn + route_targets: + - 142:142 + export: + - address_family: evpn + route_targets: + - 142:142 + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet2.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK + rd: 192.168.43.2:666 + route_targets: + import: + - address_family: evpn + route_targets: + - 666:666 + export: + - address_family: evpn + route_targets: + - 666:666 + router_id: 192.168.43.2 + neighbors: + - ip_address: 172.17.0.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65199' + description: site-ha-enabled-leaf1_Ethernet2.666_vrf_ATTRACTED-VRF-FROM-UPLINK + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.43.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT + - name: NOT-WAN-VRF + router_id: 192.168.43.2 + redistribute: + connected: + enabled: true + - name: TRANSIT + rd: 192.168.43.2:66 + route_targets: + import: + - address_family: evpn + route_targets: + - 66:66 + export: + - address_family: evpn + route_targets: + - 66:66 + router_id: 192.168.43.2 + redistribute: + connected: + enabled: true router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet1.42 stun: @@ -583,7 +710,6 @@ router_path_selection: ipv4_addresses: - 172.17.7.7 - 10.9.9.9 - ipsec_profile: CP-PROFILE - name: MPLS id: 100 local_interfaces: @@ -630,20 +756,20 @@ router_path_selection: priority: 4223 - name: LAN_HA - name: LB-PROD-AVT-POLICY-VOICE + lowest_hop_count: true + jitter: 42 path_groups: - name: MPLS - name: INET priority: 2 - name: LAN_HA - jitter: 42 - lowest_hop_count: true - name: LB-PROD-AVT-POLICY-VIDEO + loss_rate: '42.0' path_groups: - name: MPLS - name: INET priority: 2 - name: LAN_HA - loss_rate: '42.0' - name: LB-PROD-AVT-POLICY-MPLS-ONLY path_groups: - name: MPLS @@ -671,8 +797,13 @@ router_path_selection: - name: INET - name: MPLS - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none stun: client: server_profiles: @@ -685,81 +816,31 @@ stun: - name: MPLS-cv-pathfinder-pathfinder-Ethernet2_2 ip_address: 172.16.0.1 ssl_profile: profileA -application_traffic_recognition: - application_profiles: - - name: VIDEO - applications: - - name: CUSTOM-APPLICATION-1 - - name: skype - application_transports: - - rtp - categories: - - name: VIDEO1 - - name: VOICE - applications: - - name: CUSTOM-VOICE-APPLICATION - - name: MPLS-ONLY - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - categories: - - name: VIDEO1 - applications: - - name: CUSTOM-APPLICATION-2 - - name: CUSTOM-DSCP-APPLICATION - - name: microsoft-teams - applications: - ipv4_applications: - - name: CUSTOM-APPLICATION-1 - src_prefix_set_name: CUSTOM-SRC-PREFIX-1 - dest_prefix_set_name: CUSTOM-DEST-PREFIX-1 - protocols: - - tcp - - name: CUSTOM-APPLICATION-2 - protocols: - - tcp - tcp_src_port_set_name: TCP-SRC-2 - tcp_dest_port_set_name: TCP-DEST-2 - - name: CUSTOM-DSCP-APPLICATION - dscp_ranges: - - ef - - 12-14 - - cs6 - - '42' - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - l4_ports: - - name: TCP-SRC-2 - port_values: - - '42' - - name: TCP-DEST-2 - port_values: - - '666' - - '777' - ipv4_prefixes: - - name: CUSTOM-SRC-PREFIX-1 - prefix_values: - - 42.42.42.0/24 - - name: CUSTOM-DEST-PREFIX-1 - prefix_values: - - 6.6.6.0/24 - - name: PFX-PATHFINDERS - prefix_values: - - 192.168.144.1/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.143.2/32 - flow_tracker: - hardware: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true + tenant: TenantA +- name: PROD + ip_routing: true + tenant: TenantA +- name: NOT-WAN-VRF + ip_routing: true + tenant: TenantB +- name: TRANSIT + ip_routing: true + tenant: TenantB +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true + tenant: TenantC vxlan_interface: vxlan1: description: cv-pathfinder-transit1B_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 @@ -771,84 +852,3 @@ vxlan_interface: vni: 66 - name: ATTRACTED-VRF-FROM-UPLINK vni: 166 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: transit region - - name: Region - value: AVD_Land_West - - name: Zone - value: AVD_Land_West-ZONE - - name: Site - value: Site422 - interface_tags: - - interface: Ethernet52 - tags: - - name: Type - value: lan - - interface: Ethernet52.1000 - tags: - - name: Type - value: lan - - interface: Ethernet52.142 - tags: - - name: Type - value: lan - - interface: Ethernet52.666 - tags: - - name: Type - value: lan - - interface: Ethernet1.42 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast - - interface: Ethernet2.42 - tags: - - name: Type - value: wan - - name: Carrier - value: Colt - - name: Circuit - value: '10666' - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: lan - cv_pathfinder: - role: transit region - ssl_profile: profileA - vtep_ip: 192.168.143.2 - region: AVD_Land_West - zone: AVD_Land_West-ZONE - site: Site422 - interfaces: - - name: Ethernet1.42 - carrier: Comcast - pathgroup: INET - - name: Ethernet2.42 - carrier: Colt - circuit_id: '10666' - pathgroup: MPLS - pathfinders: - - vtep_ip: 192.168.144.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-cvaas.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-cvaas.yml index 5622e4a459e..6892feb2650 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-cvaas.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-cvaas.yml @@ -1,98 +1,98 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - cv-staging.corp.arista.io:443 + cvauth: + method: token-secure + token_file: /tmp/cv-onboarding-token + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true hostname: cvp-instance-ips-cvaas +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 1.2.3.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 1.2.3.4/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '1234' router_id: 1.2.3.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - cv-staging.corp.arista.io:443 - cvauth: - method: token-secure - token_file: /tmp/cv-onboarding-token - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 1.2.3.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 1.2.3.4/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-onprem-token.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-onprem-token.yml index aecb92f44d2..947be82c504 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-onprem-token.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cvp-instance-ips-onprem-token.yml @@ -1,6 +1,6 @@ -hostname: cvp-instance-ips-onprem-token -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - myonpremcvpserver:9910 @@ -8,26 +8,26 @@ daemon_terminattr: method: token token_file: /tmp/token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +hostname: cvp-instance-ips-onprem-token +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_hostvars.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_hostvars.yml index f5a16e04b92..e05d5e0465b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_hostvars.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_hostvars.yml @@ -1,25 +1,25 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: default_interface_mtu_hostvars +interface_defaults: + mtu: 1234 +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -interface_defaults: - mtu: 1234 vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_platform.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_platform.yml index 94d1881ae2b..9476df042f0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_platform.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_interface_mtu_platform.yml @@ -1,25 +1,25 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: default_interface_mtu_platform +interface_defaults: + mtu: 1234 +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -interface_defaults: - mtu: 1234 vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_cvx.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_cvx.yml index 45200471d43..1c3514cb59d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_cvx.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_cvx.yml @@ -1,65 +1,65 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: default_overlay_protocol_cvx +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.0.42/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY router_bgp: as: '65000' router_id: 192.168.0.42 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.0.42/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_her.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_her.yml index 8bc305cfe4b..003acbc49aa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_her.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/default_overlay_protocol_her.yml @@ -1,65 +1,65 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: default_overlay_protocol_her +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.0.42/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY router_bgp: as: '65000' router_id: 192.168.0.42 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.0.42/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/device.with.dots.in.hostname.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/device.with.dots.in.hostname.yml index 6783f1abce3..5e40e42d1d6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/device.with.dots.in.hostname.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/device.with.dots.in.hostname.yml @@ -1,88 +1,88 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: device.with.dots.in.hostname +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 1.2.3.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 1.2.3.4/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '1234' router_id: 1.2.3.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 1.2.3.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 1.2.3.4/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf1.yml index cf745fa728e..46a78219df6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf1.yml @@ -1,38 +1,89 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_downlink-pools-spine1_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.1/31 + peer: downlink-pools-spine1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_downlink-pools-spine1_Ethernet4 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.3/31 + peer: downlink-pools-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false hostname: downlink-pools-l3leaf1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.1.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.2.10/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.1.0/24 eq 32 + - sequence: 20 + action: permit 192.168.2.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65009' router_id: 192.168.1.10 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.0.1.0 peer_group: IPv4-UNDERLAY-PEERS @@ -46,87 +97,36 @@ router_bgp: description: downlink-pools-spine1_Ethernet4 - ip_address: 192.168.0.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' peer: downlink-pools-spine1 description: downlink-pools-spine1_Loopback0 - remote_as: '65000' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: downlink-pools-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_downlink-pools-spine1_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.1/31 -- name: Ethernet2 - peer: downlink-pools-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_downlink-pools-spine1_Ethernet4 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.3/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.1.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.2.10/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.1.0/24 eq 32 - - sequence: 20 - action: permit 192.168.2.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: downlink-pools-l3leaf1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf2.yml index d5d15a8493b..1f100a06f7b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf2.yml @@ -1,38 +1,89 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_downlink-pools-spine2_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 10.0.2.1/31 + peer: downlink-pools-spine2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_downlink-pools-spine2_Ethernet4 + shutdown: false + mtu: 9214 + ip_address: 10.0.2.3/31 + peer: downlink-pools-spine2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false hostname: downlink-pools-l3leaf2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.1.20/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.2.20/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.1.0/24 eq 32 + - sequence: 20 + action: permit 192.168.2.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65019' router_id: 192.168.1.20 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.0.2.0 peer_group: IPv4-UNDERLAY-PEERS @@ -46,87 +97,36 @@ router_bgp: description: downlink-pools-spine2_Ethernet4 - ip_address: 192.168.0.20 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' peer: downlink-pools-spine2 description: downlink-pools-spine2_Loopback0 - remote_as: '65000' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: downlink-pools-spine2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_downlink-pools-spine2_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.2.1/31 -- name: Ethernet2 - peer: downlink-pools-spine2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_downlink-pools-spine2_Ethernet4 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.2.3/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.1.20/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.2.20/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.1.0/24 eq 32 - - sequence: 20 - action: permit 192.168.2.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: downlink-pools-l3leaf2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf3.yml index e80e9b488a3..171250eaf93 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf3.yml @@ -1,38 +1,109 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_downlink-pools-spine1_Ethernet5 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.5/31 + peer: downlink-pools-spine1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_downlink-pools-spine2_Ethernet5 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.1/31 + peer: downlink-pools-spine2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_downlink-pools-spine1_Ethernet15 + shutdown: false + mtu: 9214 + ip_address: 10.0.3.1/31 + peer: downlink-pools-spine1 + peer_interface: Ethernet15 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_downlink-pools-spine2_Ethernet15 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.5/31 + peer: downlink-pools-spine2 + peer_interface: Ethernet15 + peer_type: spine + switchport: + enabled: false hostname: downlink-pools-l3leaf3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.1.30/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.2.30/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.1.0/24 eq 32 + - sequence: 20 + action: permit 192.168.2.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65029' router_id: 192.168.1.30 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.0.1.4 peer_group: IPv4-UNDERLAY-PEERS @@ -56,112 +127,41 @@ router_bgp: description: downlink-pools-spine2_Ethernet15 - ip_address: 192.168.0.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' peer: downlink-pools-spine1 description: downlink-pools-spine1_Loopback0 - remote_as: '65000' - ip_address: 192.168.0.20 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' peer: downlink-pools-spine2 description: downlink-pools-spine2_Loopback0 - remote_as: '65000' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: downlink-pools-spine1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_downlink-pools-spine1_Ethernet5 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.5/31 -- name: Ethernet2 - peer: downlink-pools-spine2 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_downlink-pools-spine2_Ethernet5 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.1/31 -- name: Ethernet3 - peer: downlink-pools-spine1 - peer_interface: Ethernet15 - peer_type: spine - description: P2P_downlink-pools-spine1_Ethernet15 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.3.1/31 -- name: Ethernet4 - peer: downlink-pools-spine2 - peer_interface: Ethernet15 - peer_type: spine - description: P2P_downlink-pools-spine2_Ethernet15 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.5/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.1.30/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.2.30/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.1.0/24 eq 32 - - sequence: 20 - action: permit 192.168.2.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: downlink-pools-l3leaf3_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf4.yml index ecf4b69e59b..c31e1f3e48c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf4.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-l3leaf4.yml @@ -1,38 +1,109 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_downlink-pools-spine1_Ethernet6 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.7/31 + peer: downlink-pools-spine1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_downlink-pools-spine2_Ethernet6 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.3/31 + peer: downlink-pools-spine2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_downlink-pools-spine1_Ethernet16 + shutdown: false + mtu: 9214 + ip_address: 10.0.3.19/31 + peer: downlink-pools-spine1 + peer_interface: Ethernet16 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_downlink-pools-spine2_Ethernet16 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.7/31 + peer: downlink-pools-spine2 + peer_interface: Ethernet16 + peer_type: spine + switchport: + enabled: false hostname: downlink-pools-l3leaf4 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.1.40/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.2.40/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.1.0/24 eq 32 + - sequence: 20 + action: permit 192.168.2.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65039' router_id: 192.168.1.40 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.0.1.6 peer_group: IPv4-UNDERLAY-PEERS @@ -56,112 +127,41 @@ router_bgp: description: downlink-pools-spine2_Ethernet16 - ip_address: 192.168.0.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' peer: downlink-pools-spine1 description: downlink-pools-spine1_Loopback0 - remote_as: '65000' - ip_address: 192.168.0.20 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' peer: downlink-pools-spine2 description: downlink-pools-spine2_Loopback0 - remote_as: '65000' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: downlink-pools-spine1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_downlink-pools-spine1_Ethernet6 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.7/31 -- name: Ethernet2 - peer: downlink-pools-spine2 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_downlink-pools-spine2_Ethernet6 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.3/31 -- name: Ethernet3 - peer: downlink-pools-spine1 - peer_interface: Ethernet16 - peer_type: spine - description: P2P_downlink-pools-spine1_Ethernet16 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.3.19/31 -- name: Ethernet4 - peer: downlink-pools-spine2 - peer_interface: Ethernet16 - peer_type: spine - description: P2P_downlink-pools-spine2_Ethernet16 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.7/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.1.40/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.2.40/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.1.0/24 eq 32 - - sequence: 20 - action: permit 192.168.2.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true vxlan_interface: vxlan1: description: downlink-pools-l3leaf4_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine1.yml index 18f62d48388..e89700a9501 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine1.yml @@ -1,39 +1,122 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: P2P_downlink-pools-l3leaf1_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.0/31 + peer: downlink-pools-l3leaf1 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_downlink-pools-l3leaf1_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.2/31 + peer: downlink-pools-l3leaf1 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_downlink-pools-l3leaf3_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.4/31 + peer: downlink-pools-l3leaf3 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_downlink-pools-l3leaf4_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.0.1.6/31 + peer: downlink-pools-l3leaf4 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet15 + description: P2P_downlink-pools-l3leaf3_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 10.0.3.0/31 + peer: downlink-pools-l3leaf3 + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet16 + description: P2P_downlink-pools-l3leaf4_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 10.0.3.18/31 + peer: downlink-pools-l3leaf4 + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false hostname: downlink-pools-spine1 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.0.10/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 192.168.0.10 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.0.1.1 peer_group: IPv4-UNDERLAY-PEERS @@ -67,125 +150,42 @@ router_bgp: description: downlink-pools-l3leaf4_Ethernet3 - ip_address: 192.168.1.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65009' peer: downlink-pools-l3leaf1 description: downlink-pools-l3leaf1_Loopback0 - remote_as: '65009' - ip_address: 192.168.1.30 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65029' peer: downlink-pools-l3leaf3 description: downlink-pools-l3leaf3_Loopback0 - remote_as: '65029' - ip_address: 192.168.1.40 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65039' peer: downlink-pools-l3leaf4 description: downlink-pools-l3leaf4_Loopback0 - remote_as: '65039' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet3 - peer: downlink-pools-l3leaf1 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf1_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.0/31 -- name: Ethernet4 - peer: downlink-pools-l3leaf1 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf1_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.2/31 -- name: Ethernet5 - peer: downlink-pools-l3leaf3 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf3_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.4/31 -- name: Ethernet6 - peer: downlink-pools-l3leaf4 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf4_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.1.6/31 -- name: Ethernet15 - peer: downlink-pools-l3leaf3 - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf3_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.3.0/31 -- name: Ethernet16 - peer: downlink-pools-l3leaf4 - peer_interface: Ethernet3 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf4_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.3.18/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.0.10/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine2.yml index cf577e2d601..a3d1b0153b7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/downlink-pools-spine2.yml @@ -1,39 +1,122 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: P2P_downlink-pools-l3leaf2_Ethernet1 + shutdown: false + mtu: 9214 + ip_address: 10.0.2.0/31 + peer: downlink-pools-l3leaf2 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_downlink-pools-l3leaf2_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.0.2.2/31 + peer: downlink-pools-l3leaf2 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_downlink-pools-l3leaf3_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.0/31 + peer: downlink-pools-l3leaf3 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_downlink-pools-l3leaf4_Ethernet2 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.2/31 + peer: downlink-pools-l3leaf4 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet15 + description: P2P_downlink-pools-l3leaf3_Ethernet4 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.4/31 + peer: downlink-pools-l3leaf3 + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet16 + description: P2P_downlink-pools-l3leaf4_Ethernet4 + shutdown: false + mtu: 9214 + ip_address: 10.0.4.6/31 + peer: downlink-pools-l3leaf4 + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false hostname: downlink-pools-spine2 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.0.20/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 192.168.0.20 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.0.2.1 peer_group: IPv4-UNDERLAY-PEERS @@ -67,125 +150,42 @@ router_bgp: description: downlink-pools-l3leaf4_Ethernet4 - ip_address: 192.168.1.20 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65019' peer: downlink-pools-l3leaf2 description: downlink-pools-l3leaf2_Loopback0 - remote_as: '65019' - ip_address: 192.168.1.30 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65029' peer: downlink-pools-l3leaf3 description: downlink-pools-l3leaf3_Loopback0 - remote_as: '65029' - ip_address: 192.168.1.40 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65039' peer: downlink-pools-l3leaf4 description: downlink-pools-l3leaf4_Loopback0 - remote_as: '65039' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet3 - peer: downlink-pools-l3leaf2 - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf2_Ethernet1 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.2.0/31 -- name: Ethernet4 - peer: downlink-pools-l3leaf2 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf2_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.2.2/31 -- name: Ethernet5 - peer: downlink-pools-l3leaf3 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf3_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.0/31 -- name: Ethernet6 - peer: downlink-pools-l3leaf4 - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf4_Ethernet2 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.2/31 -- name: Ethernet15 - peer: downlink-pools-l3leaf3 - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf3_Ethernet4 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.4/31 -- name: Ethernet16 - peer: downlink-pools-l3leaf4 - peer_interface: Ethernet4 - peer_type: l3leaf - description: P2P_downlink-pools-l3leaf4_Ethernet4 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 10.0.4.6/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.0.20/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/duplicate-vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/duplicate-vrfs.yml index 2f805c83450..99dc2740785 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/duplicate-vrfs.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/duplicate-vrfs.yml @@ -1,42 +1,100 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: duplicate-vrfs +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.101/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.101/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '101' router_id: 192.168.255.101 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: DUPLICATE_TENANT1 + rd: 192.168.255.101:10100 + route_targets: + both: + - 10100:10100 + redistribute_routes: + - learned + - id: 200 + tenant: DUPLICATE_TENANT1 + rd: 192.168.255.101:10200 + route_targets: + both: + - 10200:10200 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: VRF1 rd: 192.168.255.101:1 @@ -53,74 +111,26 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 100 - tenant: DUPLICATE_TENANT1 - rd: 192.168.255.101:10100 - route_targets: - both: - - 10100:10100 - redistribute_routes: - - learned - - id: 200 - tenant: DUPLICATE_TENANT1 - rd: 192.168.255.101:10200 - route_targets: - both: - - 10200:10200 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: VLAN100 + shutdown: false + vrf: VRF1 + ip_address_virtual: 10.0.100.1/24 + tenant: DUPLICATE_TENANT1 +- name: Vlan200 + description: VLAN200 + shutdown: false + vrf: VRF1 + ip_address_virtual: 10.0.200.1/24 + tenant: DUPLICATE_TENANT1 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: DUPLICATE_TENANT1 - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.101/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.101/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: VLAN100 @@ -128,28 +138,18 @@ vlans: - id: 200 name: VLAN200 tenant: DUPLICATE_TENANT1 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan100 - tenant: DUPLICATE_TENANT1 - description: VLAN100 - shutdown: false - ip_address_virtual: 10.0.100.1/24 - vrf: VRF1 -- name: Vlan200 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true tenant: DUPLICATE_TENANT1 - description: VLAN200 - shutdown: false - ip_address_virtual: 10.0.200.1/24 - vrf: VRF1 vxlan_interface: vxlan1: description: duplicate-vrfs_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 10100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-to-ipvpn-gateway.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-to-ipvpn-gateway.yml index 5fe3d3faafb..7b2e886c792 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-to-ipvpn-gateway.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-to-ipvpn-gateway.yml @@ -1,41 +1,108 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: evpn-to-ipvpn-gateway +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.10.0.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.11.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.0.0/24 eq 32 + - sequence: 20 + action: permit 10.11.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100.100' router_id: 10.10.0.1 - bgp: - default: - ipv4_unicast: false - bestpath: - d_path: true maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false + bestpath: + d_path: true peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: IPVPN-GATEWAY-PEERS type: mpls + local_as: '65555.100' update_source: Loopback0 bfd: true send_community: all maximum_routes: 111 - local_as: '65555.100' + neighbors: + - ip_address: 10.90.90.90 + peer_group: IPVPN-GATEWAY-PEERS + remote_as: '65099.900' + peer: SOME-EBGP-PEER + description: SOME-EBGP-PEER + ebgp_multihop: 15 + - ip_address: 10.80.80.80 + peer_group: IPVPN-GATEWAY-PEERS + remote_as: '65555.100' + peer: SOME-IBGP-PEER + description: SOME-IBGP-PEER + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 10 + tenant: mytenant + rd: 10.10.0.1:10010 + route_targets: + both: + - 10010:10010 + redistribute_routes: + - learned + address_family_evpn: + domain_identifier: '65100:10' + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS @@ -44,30 +111,13 @@ router_bgp: activate: false - name: IPVPN-GATEWAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - domain_identifier: '65100:10' address_family_vpn_ipv4: - neighbor_default_encapsulation_mpls_next_hop_self: - source_interface: Loopback0 + domain_identifier: '65555:20' peer_groups: - name: IPVPN-GATEWAY-PEERS activate: true - domain_identifier: '65555:20' - neighbors: - - ip_address: 10.90.90.90 - peer_group: IPVPN-GATEWAY-PEERS - peer: SOME-EBGP-PEER - description: SOME-EBGP-PEER - remote_as: '65099.900' - ebgp_multihop: 15 - - ip_address: 10.80.80.80 - peer_group: IPVPN-GATEWAY-PEERS - peer: SOME-IBGP-PEER - description: SOME-IBGP-PEER - remote_as: '65555.100' + neighbor_default_encapsulation_mpls_next_hop_self: + source_interface: Loopback0 vrfs: - name: testvrf rd: 10.10.0.1:1 @@ -84,86 +134,36 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 10 - tenant: mytenant - rd: 10.10.0.1:10010 - route_targets: - both: - - 10010:10010 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan10 + description: TEST_SVI_VLAN_10 + shutdown: true + vrf: testvrf + ip_address_virtual: 10.10.10.10/24 + tenant: mytenant vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true +vlans: +- id: 10 + name: TEST_SVI_VLAN_10 + tenant: mytenant vrfs: - name: MGMT ip_routing: false - name: testvrf - tenant: mytenant ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.10.0.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.11.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.0.0/24 eq 32 - - sequence: 20 - action: permit 10.11.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 10 - name: TEST_SVI_VLAN_10 tenant: mytenant -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:01 -vlan_interfaces: -- name: Vlan10 - tenant: mytenant - description: TEST_SVI_VLAN_10 - shutdown: true - ip_address_virtual: 10.10.10.10/24 - vrf: testvrf vxlan_interface: vxlan1: description: evpn-to-ipvpn-gateway_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 10 vni: 10010 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-vtep-with-default-vrf-not-evpn.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-vtep-with-default-vrf-not-evpn.yml index 58aea21242c..ea4de3b7708 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-vtep-with-default-vrf-not-evpn.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn-vtep-with-default-vrf-not-evpn.yml @@ -1,42 +1,73 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: evpn-vtep-with-default-vrf-not-evpn +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.109/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.109/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '101' router_id: 192.168.255.109 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 110 tenant: MY_FABRIC @@ -46,73 +77,42 @@ router_bgp: - 10110:10110 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan110 + description: SVI-110 + shutdown: false + ip_address_virtual: 10.1.10.1 + tenant: MY_FABRIC vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.109/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.109/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 110 name: SVI-110 tenant: MY_FABRIC -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan110 - tenant: MY_FABRIC - description: SVI-110 - shutdown: false - ip_address_virtual: 10.1.10.1 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: evpn-vtep-with-default-vrf-not-evpn_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 110 vni: 10110 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_l2_multi_domain.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_l2_multi_domain.yml index 76053740f8a..3e2aa31c13e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_l2_multi_domain.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_l2_multi_domain.yml @@ -1,123 +1,100 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: evpn_l2_multi_domain +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.100.101/24 + type: oob +metadata: + platform: vEOS +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true neighbors: - ip_address: 192.168.100.10 peer_group: EVPN-OVERLAY-CORE + remote_as: '65002' peer: DCI_TEST description: DCI_TEST - remote_as: '65002' - vrfs: - - name: L2_MULTI_DOMAIN_ENABLED - rd: 192.168.255.1:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true - - name: L2_MULTI_DOMAIN_NEUTRAL_1 - rd: 192.168.255.1:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true - - name: L2_MULTI_DOMAIN_DISBLED - rd: 192.168.255.1:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true - - name: L2_MULTI_DOMAIN_NEUTRAL_2 - rd: 192.168.255.1:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.1 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 150 tenant: L2_MULTI_DOMAIN_DISABLED rd: 192.168.255.1:10150 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:10150 route_targets: both: - 10150:10150 @@ -126,12 +103,12 @@ router_bgp: route_target: 10150:10150 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:10150 - id: 160 tenant: L2_MULTI_DOMAIN_DISABLED rd: 192.168.255.1:10160 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:10160 route_targets: both: - 10160:10160 @@ -140,9 +117,6 @@ router_bgp: route_target: 10160:10160 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:10160 - id: 170 tenant: L2_MULTI_DOMAIN_DISABLED rd: 192.168.255.1:10170 @@ -162,6 +136,9 @@ router_bgp: - id: 111 tenant: L2_MULTI_DOMAIN_DISABLED rd: 192.168.255.1:10111 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:10111 route_targets: both: - 10111:10111 @@ -170,12 +147,12 @@ router_bgp: route_target: 10111:10111 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:10111 - id: 190 tenant: L2_MULTI_DOMAIN_DISABLED rd: 192.168.255.1:10190 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:10190 route_targets: both: - 10190:10190 @@ -184,9 +161,6 @@ router_bgp: route_target: 10190:10190 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:10190 - id: 180 tenant: L2_MULTI_DOMAIN_DISABLED rd: 192.168.255.1:10180 @@ -214,6 +188,9 @@ router_bgp: - id: 270 tenant: L2_MULTI_DOMAIN_ENABLED rd: 192.168.255.1:20270 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:20270 route_targets: both: - 20270:20270 @@ -222,12 +199,12 @@ router_bgp: route_target: 20270:20270 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:20270 - id: 210 tenant: L2_MULTI_DOMAIN_ENABLED rd: 192.168.255.1:20210 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:20210 route_targets: both: - 20210:20210 @@ -236,9 +213,6 @@ router_bgp: route_target: 20210:20210 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:20210 - id: 211 tenant: L2_MULTI_DOMAIN_ENABLED rd: 192.168.255.1:20211 @@ -258,6 +232,9 @@ router_bgp: - id: 280 tenant: L2_MULTI_DOMAIN_ENABLED rd: 192.168.255.1:20280 + rd_evpn_domain: + domain: remote + rd: 192.168.255.1:20280 route_targets: both: - 20280:20280 @@ -266,76 +243,150 @@ router_bgp: route_target: 20280:20280 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 192.168.255.1:20280 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: L2_MULTI_DOMAIN_ENABLED + rd: 192.168.255.1:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true + - name: L2_MULTI_DOMAIN_NEUTRAL_1 + rd: 192.168.255.1:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true + - name: L2_MULTI_DOMAIN_DISBLED + rd: 192.168.255.1:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true + - name: L2_MULTI_DOMAIN_NEUTRAL_2 + rd: 192.168.255.1:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.1 + redistribute: + connected: + enabled: true service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: L2_MULTI_DOMAIN_ENABLED +vlan_interfaces: +- name: Vlan150 + description: L2_MULTI_DOMAIN_NEUTRAL + shutdown: false + vrf: L2_MULTI_DOMAIN_ENABLED + ip_address_virtual: 10.1.50.1/24 tenant: L2_MULTI_DOMAIN_DISABLED - ip_routing: true -- name: L2_MULTI_DOMAIN_NEUTRAL_1 +- name: Vlan160 + description: L2_MULTI_DOMAIN_NEUTRAL + shutdown: false + vrf: L2_MULTI_DOMAIN_ENABLED + ip_address_virtual: 10.1.60.1/24 tenant: L2_MULTI_DOMAIN_DISABLED - ip_routing: true -- name: L2_MULTI_DOMAIN_DISBLED +- name: Vlan170 + description: L2_MULTI_DOMAIN_DISABLED + shutdown: false + vrf: L2_MULTI_DOMAIN_ENABLED + ip_address_virtual: 10.1.70.1/24 + tenant: L2_MULTI_DOMAIN_DISABLED +- name: Vlan110 + description: L2_MULTI_DOMAIN_NEUTRAL + shutdown: false + vrf: L2_MULTI_DOMAIN_NEUTRAL_1 + ip_address_virtual: 10.1.10.1/24 + tenant: L2_MULTI_DOMAIN_DISABLED +- name: Vlan111 + description: L2_MULTI_DOMAIN_ENABLED + shutdown: false + vrf: L2_MULTI_DOMAIN_NEUTRAL_1 + ip_address_virtual: 10.1.11.1/24 + tenant: L2_MULTI_DOMAIN_DISABLED +- name: Vlan250 + description: L2_MULTI_DOMAIN_NEUTRAL + shutdown: false + vrf: L2_MULTI_DOMAIN_DISBLED + ip_address_virtual: 10.2.50.1/24 tenant: L2_MULTI_DOMAIN_ENABLED - ip_routing: true -- name: L2_MULTI_DOMAIN_NEUTRAL_2 +- name: Vlan260 + description: L2_MULTI_DOMAIN_NEUTRAL + shutdown: false + vrf: L2_MULTI_DOMAIN_DISBLED + ip_address_virtual: 10.2.60.1/24 tenant: L2_MULTI_DOMAIN_ENABLED - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan270 + description: L2_MULTI_DOMAIN_ENABLED shutdown: false - vrf: MGMT - ip_address: 192.168.100.101/24 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: L2_MULTI_DOMAIN_DISBLED + ip_address_virtual: 10.2.70.1/24 + tenant: L2_MULTI_DOMAIN_ENABLED +- name: Vlan210 + description: L2_MULTI_DOMAIN_NEUTRAL shutdown: false - ip_address: 192.168.255.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: L2_MULTI_DOMAIN_NEUTRAL_2 + ip_address_virtual: 10.2.10.1/24 + tenant: L2_MULTI_DOMAIN_ENABLED +- name: Vlan211 + description: L2_MULTI_DOMAIN_DISABLED shutdown: false - ip_address: 192.168.254.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + vrf: L2_MULTI_DOMAIN_NEUTRAL_2 + ip_address_virtual: 10.2.11.1/24 + tenant: L2_MULTI_DOMAIN_ENABLED +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 150 name: L2_MULTI_DOMAIN_NEUTRAL @@ -379,76 +430,27 @@ vlans: - id: 290 name: L2_MULTI_DOMAIN_DISABLED tenant: L2_MULTI_DOMAIN_ENABLED -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan150 - tenant: L2_MULTI_DOMAIN_DISABLED - description: L2_MULTI_DOMAIN_NEUTRAL - shutdown: false - ip_address_virtual: 10.1.50.1/24 - vrf: L2_MULTI_DOMAIN_ENABLED -- name: Vlan160 - tenant: L2_MULTI_DOMAIN_DISABLED - description: L2_MULTI_DOMAIN_NEUTRAL - shutdown: false - ip_address_virtual: 10.1.60.1/24 - vrf: L2_MULTI_DOMAIN_ENABLED -- name: Vlan170 - tenant: L2_MULTI_DOMAIN_DISABLED - description: L2_MULTI_DOMAIN_DISABLED - shutdown: false - ip_address_virtual: 10.1.70.1/24 - vrf: L2_MULTI_DOMAIN_ENABLED -- name: Vlan110 +vrfs: +- name: MGMT + ip_routing: false +- name: L2_MULTI_DOMAIN_ENABLED + ip_routing: true tenant: L2_MULTI_DOMAIN_DISABLED - description: L2_MULTI_DOMAIN_NEUTRAL - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: L2_MULTI_DOMAIN_NEUTRAL_1 -- name: Vlan111 +- name: L2_MULTI_DOMAIN_NEUTRAL_1 + ip_routing: true tenant: L2_MULTI_DOMAIN_DISABLED - description: L2_MULTI_DOMAIN_ENABLED - shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: L2_MULTI_DOMAIN_NEUTRAL_1 -- name: Vlan250 - tenant: L2_MULTI_DOMAIN_ENABLED - description: L2_MULTI_DOMAIN_NEUTRAL - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: L2_MULTI_DOMAIN_DISBLED -- name: Vlan260 - tenant: L2_MULTI_DOMAIN_ENABLED - description: L2_MULTI_DOMAIN_NEUTRAL - shutdown: false - ip_address_virtual: 10.2.60.1/24 - vrf: L2_MULTI_DOMAIN_DISBLED -- name: Vlan270 - tenant: L2_MULTI_DOMAIN_ENABLED - description: L2_MULTI_DOMAIN_ENABLED - shutdown: false - ip_address_virtual: 10.2.70.1/24 - vrf: L2_MULTI_DOMAIN_DISBLED -- name: Vlan210 +- name: L2_MULTI_DOMAIN_DISBLED + ip_routing: true tenant: L2_MULTI_DOMAIN_ENABLED - description: L2_MULTI_DOMAIN_NEUTRAL - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: L2_MULTI_DOMAIN_NEUTRAL_2 -- name: Vlan211 +- name: L2_MULTI_DOMAIN_NEUTRAL_2 + ip_routing: true tenant: L2_MULTI_DOMAIN_ENABLED - description: L2_MULTI_DOMAIN_DISABLED - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: L2_MULTI_DOMAIN_NEUTRAL_2 vxlan_interface: vxlan1: description: evpn_l2_multi_domain_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -487,5 +489,3 @@ vxlan_interface: vni: 21 - name: L2_MULTI_DOMAIN_NEUTRAL_2 vni: 20 -metadata: - platform: vEOS diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_false.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_false.yml index 1c9f99e5f53..d4d7f6ac9b1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_false.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_false.yml @@ -1,295 +1,195 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true hostname: evpn_services_l2_only_false +ip_access_lists: +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 + entries: + - sequence: 15 + action: deny + protocol: ip + source: any + destination: 10.1.10.1 +- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 + entries: + - remark: Some remark will not require source and destination fields. + - action: permit + protocol: ip + source: 10.1.10.1 + destination: any +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.109/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.109/32 +- name: Loopback100 + description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.109/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.101/24 + type: oob + gateway: 192.168.200.5 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '101' router_id: 192.168.255.109 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - ospf: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 + redistribute: + connected: enabled: true - expiry_timeout: 10 - vrfs: + route_map: RM-CONN-2-BGP + ospf: + enabled: true + vlan_aware_bundles: - name: Tenant_A_APP_Zone rd: 192.168.255.109:12 route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-132 - name: Tenant_A_DB_Zone rd: 192.168.255.109:13 route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 - name: Tenant_A_ERP_Zone rd: 192.168.255.109:17 route_targets: - import: - - address_family: evpn - route_targets: - - '17:17' - export: - - address_family: evpn - route_targets: - - '17:17' - router_id: 192.168.255.109 + both: + - '17:17' + redistribute_routes: + - learned + vlan: '122' - name: Tenant_A_OP_Zone rd: 192.168.255.109:9 route_targets: - import: - - address_family: evpn - route_targets: - - '9:9' - export: - - address_family: evpn - route_targets: - - '9:9' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true + both: + - '9:9' + redistribute_routes: + - learned + vlan: 110-113 - name: Tenant_A_WAN_Zone rd: 192.168.255.109:14 route_targets: - import: - - address_family: evpn - route_targets: - - '14:14' - - 65000:456 - export: - - address_family: evpn - route_targets: - - '14:14' - - 65000:789 - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: Tenant_A_WEB_Zone - rd: 192.168.255.109:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: Tenant_B_OP_Zone - rd: 192.168.255.109:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: Tenant_B_WAN_Zone - rd: 192.168.255.109:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.109:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: Tenant_C_WAN_Zone - rd: 192.168.255.109:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: '12345678' - rd: 192.168.255.109:41 - route_targets: - import: - - address_family: evpn - route_targets: - - '41:41' - export: - - address_family: evpn - route_targets: - - '41:41' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.255.109:123 - route_targets: - import: - - address_family: evpn - route_targets: - - 123:123 - export: - - address_family: evpn - route_targets: - - 123:123 - - name: Tenant_D_OP_Zone - rd: 192.168.255.109:40 - route_targets: - import: - - address_family: evpn - route_targets: - - '40:40' - export: - - address_family: evpn - route_targets: - - '40:40' - router_id: 192.168.255.109 - redistribute: - connected: - enabled: true - - name: TENANT_D_WAN_ZONE - rd: 192.168.255.109:42 - route_targets: - import: - - address_family: evpn - route_targets: - - '42:42' - export: - - address_family: evpn - route_targets: - - '42:42' - router_id: 192.168.255.109 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.109:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-132 - - name: Tenant_A_DB_Zone - rd: 192.168.255.109:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_ERP_Zone - rd: 192.168.255.109:17 - route_targets: - both: - - '17:17' - redistribute_routes: - - learned - vlan: '122' - - name: Tenant_A_OP_Zone - rd: 192.168.255.109:9 - route_targets: - both: - - '9:9' - redistribute_routes: - - learned - vlan: 110-113 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.109:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: 150-151 + both: + - '14:14' + redistribute_routes: + - learned + vlan: 150-151 - name: Tenant_A_WEB_Zone rd: 192.168.255.109:11 route_targets: @@ -398,394 +298,347 @@ router_bgp: redistribute_routes: - learned vlan: '453' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.11.0/24 - vrf: Tenant_D_OP_Zone - name: VARP - interface: Vlan411 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_ERP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true - description: Tenant_A_OP_Zone -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -- name: '12345678' - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -- name: Tenant_D_OP_Zone - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -- name: TENANT_D_WAN_ZONE - tenant: Tenant_D - ip_routing: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS evpn_services_l2_only_false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.109/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.109/32 -- name: Loopback100 - description: Tenant_A_OP_Zone_VTEP_DIAGNOSTICS - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.109/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 132 - name: Tenant_A_APP_Zone_3 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 122 - name: Tenant_A_ERP_Zone_1 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 112 - name: Tenant_A_OP_Zone_3 - tenant: Tenant_A -- id: 113 - name: Tenant_A_OP_Zone_4 - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 151 - name: svi_with_no_tags - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 162 - name: l2vlan_with_no_tags - tenant: Tenant_A -- id: 163 - name: overlapping_name - tenant: Tenant_A -- id: 164 - name: overlapping_name - tenant: Tenant_A -- id: 165 - name: overlapping_name - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 450 - name: Tenant_D_v6_WAN_Zone_1 - tenant: Tenant_D -- id: 451 - name: Tenant_D_v6_WAN_Zone_2 - tenant: Tenant_D -- id: 452 - name: Tenant_D_v6_WAN_Zone_3 - tenant: Tenant_D -- id: 1234 - name: VRF_DEFAULT_SVI_WITH_OSPF - tenant: Tenant_D -- id: 410 - name: Tenant_D_v6_OP_Zone_1 - tenant: Tenant_D -- id: 411 - name: Tenant_D_v6_OP_Zone_2 - tenant: Tenant_D -- id: 412 - name: Tenant_D_v6_OP_Zone_1 - tenant: Tenant_D -- id: 413 - name: Tenant_D_v6_OP_Zone_3 - tenant: Tenant_D -- id: 453 - name: Tenant_D_WAN_Zone_1 - tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - source: any - destination: 10.1.10.1 - sequence: 15 - action: deny - protocol: ip -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - source: 10.1.10.1 - destination: any - action: permit - protocol: ip -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 192.168.255.109:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: 192.168.255.109:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_A_ERP_Zone + rd: 192.168.255.109:17 + route_targets: + import: + - address_family: evpn + route_targets: + - '17:17' + export: + - address_family: evpn + route_targets: + - '17:17' + router_id: 192.168.255.109 + - name: Tenant_A_OP_Zone + rd: 192.168.255.109:9 + route_targets: + import: + - address_family: evpn + route_targets: + - '9:9' + export: + - address_family: evpn + route_targets: + - '9:9' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_A_WAN_Zone + rd: 192.168.255.109:14 + route_targets: + import: + - address_family: evpn + route_targets: + - '14:14' + - 65000:456 + export: + - address_family: evpn + route_targets: + - '14:14' + - 65000:789 + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 192.168.255.109:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: 192.168.255.109:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_B_WAN_Zone + rd: 192.168.255.109:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_C_OP_Zone + rd: 192.168.255.109:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: Tenant_C_WAN_Zone + rd: 192.168.255.109:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: '12345678' + rd: 192.168.255.109:41 + route_targets: + import: + - address_family: evpn + route_targets: + - '41:41' + export: + - address_family: evpn + route_targets: + - '41:41' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.255.109:123 + route_targets: + import: + - address_family: evpn + route_targets: + - 123:123 + export: + - address_family: evpn + route_targets: + - 123:123 + - name: Tenant_D_OP_Zone + rd: 192.168.255.109:40 + route_targets: + import: + - address_family: evpn + route_targets: + - '40:40' + export: + - address_family: evpn + route_targets: + - '40:40' + router_id: 192.168.255.109 + redistribute: + connected: + enabled: true + - name: TENANT_D_WAN_ZONE + rd: 192.168.255.109:42 + route_targets: + import: + - address_family: evpn + route_targets: + - '42:42' + export: + - address_family: evpn + route_targets: + - '42:42' + router_id: 192.168.255.109 +router_ospf: + process_ids: + - id: 123 + passive_interface_default: true + router_id: 192.168.255.109 + no_passive_interfaces: + - Vlan1234 + redistribute: + bgp: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS evpn_services_l2_only_false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_D_OP_Zone + destination_address_prefix: 10.3.11.0/24 + interface: Vlan411 + name: VARP +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.109 vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan132 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - erp2 + - app +- name: Vlan132 description: Tenant_A_APP_Zone_3 shutdown: false vrf: Tenant_A_APP_Zone -- name: Vlan140 tenant: Tenant_A tags: - - db - - erp1 + - erp2 +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan122 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A tags: - - erp3 + - db +- name: Vlan122 description: Tenant_A_ERP_Zone_1 shutdown: false + vrf: Tenant_A_ERP_Zone ip_address_virtual: 10.1.30.1/24 ip_address_virtual_secondaries: - 10.2.30.1/24 - 10.2.31.1/24 - vrf: Tenant_A_ERP_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan110 tenant: Tenant_A tags: - - opzone + - erp3 +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan112 tenant: Tenant_A tags: - opzone +- name: Vlan112 description: Tenant_A_OP_Zone_3 shutdown: false - mtu: 1560 vrf: Tenant_A_OP_Zone ip_helpers: - ip_helper: 2.2.2.2 source_interface: lo101 vrf: MGMT -- name: Vlan113 + mtu: 1560 tenant: Tenant_A tags: - - DC1_LEAF1 + - opzone +- name: Vlan113 description: Tenant_A_OP_Zone_4 shutdown: false vrf: Tenant_A_OP_Zone - ospf_area: '0' ospf_network_point_to_point: true + ospf_area: '0' ospf_authentication: message-digest ospf_message_digest_keys: - id: 1 @@ -794,219 +647,369 @@ vlan_interfaces: - id: 2 hash_algorithm: sha512 key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan150 tenant: Tenant_A tags: - - wan + - DC1_LEAF1 +- name: Vlan150 description: Tenant_A_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_WAN_Zone - ospf_area: '1' + ip_address_virtual: 10.1.40.1/24 ospf_network_point_to_point: false + ospf_area: '1' ospf_cost: 100 ospf_authentication: simple ospf_authentication_key: AQQvKeimxJu+uGQ/yYvv9w== -- name: Vlan151 tenant: Tenant_A + tags: + - wan +- name: Vlan151 description: svi_with_no_tags shutdown: false - ip_address_virtual: 10.1.51.1/24 vrf: Tenant_A_WAN_Zone -- name: Vlan120 + ip_address_virtual: 10.1.51.1/24 tenant: Tenant_A - tags: - - web - - erp1 +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false + vrf: Tenant_A_WEB_Zone ip_address_virtual: 10.1.20.1/24 ip_address_virtual_secondaries: - 10.2.20.1/24 - 10.2.21.1/24 - vrf: Tenant_A_WEB_Zone ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan210 - tenant: Tenant_B + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A tags: - - opzone + - web +- name: Vlan210 description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan250 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B tags: - - wan + - opzone +- name: Vlan250 description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.2.50.1/24 vrf: Tenant_B_WAN_Zone -- name: Vlan310 - tenant: Tenant_C + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B tags: - - opzone + - wan +- name: Vlan310 description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan350 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C tags: - - wan + - opzone +- name: Vlan350 description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address_virtual: 10.3.50.1/24 vrf: Tenant_C_WAN_Zone -- name: Vlan450 - tenant: Tenant_D + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C tags: - - v6wan + - wan +- name: Vlan450 description: Tenant_D_v6_WAN_Zone_1 shutdown: false + vrf: '12345678' ipv6_enable: true ipv6_address_virtuals: - 2001:db8:355::1/64 - vrf: '12345678' -- name: Vlan451 tenant: Tenant_D tags: - v6wan +- name: Vlan451 description: Tenant_D_v6_WAN_Zone_2 shutdown: false + vrf: '12345678' ipv6_enable: true - mtu: 1560 ipv6_address_virtuals: - 2001:db8:451::1/64 - vrf: '12345678' -- name: Vlan452 + mtu: 1560 tenant: Tenant_D tags: - v6wan +- name: Vlan452 description: Tenant_D_v6_WAN_Zone_3 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: '12345678' ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: '12345678' -- name: Vlan1234 + mtu: 1560 tenant: Tenant_D + tags: + - v6wan +- name: Vlan1234 description: VRF_DEFAULT_SVI_WITH_OSPF shutdown: true - ospf_area: 0.0.0.0 ospf_network_point_to_point: false -- name: Vlan410 + ospf_area: 0.0.0.0 tenant: Tenant_D - tags: - - v6opzone +- name: Vlan410 description: Tenant_D_v6_OP_Zone_1 shutdown: false - ipv6_enable: true + vrf: Tenant_D_OP_Zone ip_address_virtual: 10.3.10.1/24 + ipv6_enable: true ipv6_address_virtuals: - 2001:db8:310::1/64 - 2001:db8:311::1/64 - 2001:db8:312::1/64 - vrf: Tenant_D_OP_Zone -- name: Vlan411 tenant: Tenant_D tags: - v6opzone +- name: Vlan411 description: Tenant_D_v6_OP_Zone_2 shutdown: false + vrf: Tenant_D_OP_Zone ip_address: 10.3.11.4/24 - ipv6_address: 2001:db8:311::4/64 ip_virtual_router_addresses: - 10.3.11.1/24 + ipv6_address: 2001:db8:311::4/64 ipv6_virtual_router_addresses: - 2001:db8:311::1 - vrf: Tenant_D_OP_Zone -- name: Vlan412 tenant: Tenant_D tags: - v6opzone +- name: Vlan412 description: Tenant_D_v6_OP_Zone_1 shutdown: false - ipv6_enable: false - mtu: 1560 + vrf: Tenant_D_OP_Zone ip_address_virtual: 10.4.12.254/24 + ipv6_enable: false ipv6_address_virtuals: - 2001:db8:412::1/64 - vrf: Tenant_D_OP_Zone -- name: Vlan413 + mtu: 1560 tenant: Tenant_D tags: - v6opzone +- name: Vlan413 description: Tenant_D_v6_OP_Zone_3 shutdown: false + vrf: Tenant_D_OP_Zone ip_address: 12.4.13.2/24 - ipv6_address: 2012:db9:413::2/64 - mtu: 1560 ip_virtual_router_addresses: - 12.4.13.1 - ipv6_virtual_router_addresses: - - 2012:db9:413::1 - vrf: Tenant_D_OP_Zone ip_helpers: - ip_helper: 1.1.1.2 source_interface: lo102 vrf: TEST -- name: Vlan453 + ipv6_address: 2012:db9:413::2/64 + ipv6_virtual_router_addresses: + - 2012:db9:413::1 + mtu: 1560 tenant: Tenant_D tags: - - wan + - v6opzone +- name: Vlan453 description: Tenant_D_WAN_Zone_1 shutdown: false + vrf: TENANT_D_WAN_ZONE ipv6_enable: true ipv6_address_virtuals: - 10.0.10.1/24 - vrf: TENANT_D_WAN_ZONE -router_ospf: - process_ids: - - id: 123 - passive_interface_default: true - router_id: 192.168.255.109 - no_passive_interfaces: - - Vlan1234 - redistribute: - bgp: - enabled: true + tenant: Tenant_D + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 132 + name: Tenant_A_APP_Zone_3 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 122 + name: Tenant_A_ERP_Zone_1 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 112 + name: Tenant_A_OP_Zone_3 + tenant: Tenant_A +- id: 113 + name: Tenant_A_OP_Zone_4 + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 151 + name: svi_with_no_tags + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 162 + name: l2vlan_with_no_tags + tenant: Tenant_A +- id: 163 + name: overlapping_name + tenant: Tenant_A +- id: 164 + name: overlapping_name + tenant: Tenant_A +- id: 165 + name: overlapping_name + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 450 + name: Tenant_D_v6_WAN_Zone_1 + tenant: Tenant_D +- id: 451 + name: Tenant_D_v6_WAN_Zone_2 + tenant: Tenant_D +- id: 452 + name: Tenant_D_v6_WAN_Zone_3 + tenant: Tenant_D +- id: 1234 + name: VRF_DEFAULT_SVI_WITH_OSPF + tenant: Tenant_D +- id: 410 + name: Tenant_D_v6_OP_Zone_1 + tenant: Tenant_D +- id: 411 + name: Tenant_D_v6_OP_Zone_2 + tenant: Tenant_D +- id: 412 + name: Tenant_D_v6_OP_Zone_1 + tenant: Tenant_D +- id: 413 + name: Tenant_D_v6_OP_Zone_3 + tenant: Tenant_D +- id: 453 + name: Tenant_D_WAN_Zone_1 + tenant: Tenant_D +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_ERP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + description: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C +- name: '12345678' + ip_routing: true + ipv6_routing: true + tenant: Tenant_D +- name: Tenant_D_OP_Zone + ip_routing: true + ipv6_routing: true + tenant: Tenant_D +- name: TENANT_D_WAN_ZONE + ip_routing: true + ipv6_routing: true + tenant: Tenant_D vxlan_interface: vxlan1: description: evpn_services_l2_only_false_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -1107,6 +1110,3 @@ vxlan_interface: vni: 40 - name: TENANT_D_WAN_ZONE vni: 42 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.109 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml index 5477946732f..1f109f0e480 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml @@ -1,49 +1,131 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true hostname: evpn_services_l2_only_true +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 2001:db8::1 + vrf: MGMT +- ip_address: 2001:db8::2 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + disabled: true + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. + ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= + cvpadmin@hostmachine.local + secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= + cvpadmin@hostmachine.local +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.109/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.109/32 +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.101/24 + type: oob + gateway: 192.168.200.5 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT + - name: 2001:db8::3 + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '101' router_id: 192.168.255.109 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 5 + redistribute: + connected: enabled: true - expiry_timeout: 10 + route_map: RM-CONN-2-BGP vlan_aware_bundles: - name: Tenant_A_APP_Zone rd: 192.168.255.109:12 @@ -193,113 +275,35 @@ router_bgp: redistribute_routes: - learned vlan: '453' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 5 + expiry_timeout: 10 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: EOS_DESIGNS_UNIT_TESTS evpn_services_l2_only_true static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 2001:db8::1 - vrf: MGMT -- ip_address: 2001:db8::2 - vrf: MGMT -local_users: -- name: admin - disabled: true - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. - ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkU= - cvpadmin@hostmachine.local - secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= - cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true - - name: 2001:db8::3 - vrf: MGMT -snmp_server: - contact: example@example.com - location: EOS_DESIGNS_UNIT_TESTS evpn_services_l2_only_true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.109/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.109/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -406,19 +410,15 @@ vlans: - id: 453 name: Tenant_D_WAN_Zone_1 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: evpn_services_l2_only_true_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle.yml index a88c44fa260..8b52d3b9160 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle.yml @@ -1,103 +1,72 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: evpn_vlan_bundle +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.10.0.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.11.0.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.0.0/24 eq 32 + - sequence: 20 + action: permit 10.11.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.10.0.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: research1 - rd: 10.10.0.3:654556 - route_targets: - import: - - address_family: evpn - route_targets: - - 654556:654556 - export: - - address_family: evpn - route_targets: - - 654556:654556 - router_id: 10.10.0.3 - redistribute: - connected: - enabled: true - - name: SIT2 - rd: 10.10.0.3:654789 - route_targets: - import: - - address_family: evpn - route_targets: - - 654789:654789 - export: - - address_family: evpn - route_targets: - - 654789:654789 - router_id: 10.10.0.3 - redistribute: - connected: - enabled: true - - name: SIT3 - rd: 10.10.0.3:654555 - route_targets: - import: - - address_family: evpn - route_targets: - - 654555:654555 - export: - - address_family: evpn - route_targets: - - 654555:654555 - router_id: 10.10.0.3 - redistribute: - connected: - enabled: true - - name: SIT_VRF - rd: 10.10.0.3:789654 - route_targets: - import: - - address_family: evpn - route_targets: - - 789654:789654 - export: - - address_family: evpn - route_targets: - - 789654:789654 - router_id: 10.10.0.3 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlan_aware_bundles: - name: bundle1 rd: 10.10.0.3:201 @@ -175,66 +144,155 @@ router_bgp: redistribute_routes: - learned vlan: 10,20 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: research1 + rd: 10.10.0.3:654556 + route_targets: + import: + - address_family: evpn + route_targets: + - 654556:654556 + export: + - address_family: evpn + route_targets: + - 654556:654556 + router_id: 10.10.0.3 + redistribute: + connected: + enabled: true + - name: SIT2 + rd: 10.10.0.3:654789 + route_targets: + import: + - address_family: evpn + route_targets: + - 654789:654789 + export: + - address_family: evpn + route_targets: + - 654789:654789 + router_id: 10.10.0.3 + redistribute: + connected: + enabled: true + - name: SIT3 + rd: 10.10.0.3:654555 + route_targets: + import: + - address_family: evpn + route_targets: + - 654555:654555 + export: + - address_family: evpn + route_targets: + - 654555:654555 + router_id: 10.10.0.3 + redistribute: + connected: + enabled: true + - name: SIT_VRF + rd: 10.10.0.3:789654 + route_targets: + import: + - address_family: evpn + route_targets: + - 789654:789654 + export: + - address_family: evpn + route_targets: + - 789654:789654 + router_id: 10.10.0.3 + redistribute: + connected: + enabled: true service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: research1 +vlan_interfaces: +- name: Vlan1016 + description: SVI_9 + shutdown: false + vrf: research1 tenant: research - ip_routing: true -- name: SIT2 + tags: + - research +- name: Vlan1017 + description: SVI_10 + shutdown: false + vrf: research1 + tenant: research + tags: + - research +- name: Vlan1011 + description: SVI_4 + shutdown: false + vrf: SIT2 tenant: SIT - ip_routing: true -- name: SIT3 + tags: + - sit +- name: Vlan1012 + description: SVI_5 + shutdown: false + vrf: SIT2 tenant: SIT - ip_routing: true -- name: SIT_VRF + tags: + - sit +- name: Vlan1013 + description: SVI_6 + shutdown: false + vrf: SIT2 tenant: SIT - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + tags: + - sit +- name: Vlan1014 + description: SVI_7 shutdown: false - ip_address: 10.10.0.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: SIT3 + tenant: SIT + tags: + - sit +- name: Vlan1015 + description: SVI_8 shutdown: false - ip_address: 10.11.0.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.0.0/24 eq 32 - - sequence: 20 - action: permit 10.11.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 + vrf: SIT3 + tenant: SIT + tags: + - sit +- name: Vlan1008 + description: SVI_1 + shutdown: false + vrf: SIT_VRF + tenant: SIT + tags: + - sit +- name: Vlan1009 + description: SVI_2 + shutdown: false + vrf: SIT_VRF + tenant: SIT + tags: + - sit +- name: Vlan1010 + description: SVI_3 + shutdown: false + vrf: SIT_VRF + tenant: SIT + tags: + - sit +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 50 name: ipmi @@ -296,85 +354,27 @@ vlans: - id: 20 name: storage_prod tenant: StorageProd -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan1016 - tenant: research - tags: - - research - description: SVI_9 - shutdown: false - vrf: research1 -- name: Vlan1017 +vrfs: +- name: MGMT + ip_routing: false +- name: research1 + ip_routing: true tenant: research - tags: - - research - description: SVI_10 - shutdown: false - vrf: research1 -- name: Vlan1011 - tenant: SIT - tags: - - sit - description: SVI_4 - shutdown: false - vrf: SIT2 -- name: Vlan1012 - tenant: SIT - tags: - - sit - description: SVI_5 - shutdown: false - vrf: SIT2 -- name: Vlan1013 - tenant: SIT - tags: - - sit - description: SVI_6 - shutdown: false - vrf: SIT2 -- name: Vlan1014 - tenant: SIT - tags: - - sit - description: SVI_7 - shutdown: false - vrf: SIT3 -- name: Vlan1015 - tenant: SIT - tags: - - sit - description: SVI_8 - shutdown: false - vrf: SIT3 -- name: Vlan1008 +- name: SIT2 + ip_routing: true tenant: SIT - tags: - - sit - description: SVI_1 - shutdown: false - vrf: SIT_VRF -- name: Vlan1009 +- name: SIT3 + ip_routing: true tenant: SIT - tags: - - sit - description: SVI_2 - shutdown: false - vrf: SIT_VRF -- name: Vlan1010 +- name: SIT_VRF + ip_routing: true tenant: SIT - tags: - - sit - description: SVI_3 - shutdown: false - vrf: SIT_VRF vxlan_interface: vxlan1: description: evpn_vlan_bundle_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 50 vni: 10050 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle_svi_l2vlan.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle_svi_l2vlan.yml index b8e2fd5ea06..16ab724a7e7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle_svi_l2vlan.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_vlan_bundle_svi_l2vlan.yml @@ -1,58 +1,81 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: evpn_vlan_bundle_svi_l2vlan +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.10.0.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.11.0.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.0.0/24 eq 32 + - sequence: 20 + action: permit 10.11.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.10.0.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: SIT_VRF - rd: 10.10.0.3:789654 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: bundle3 + rd: 1.1.1.1:333 route_targets: - import: - - address_family: evpn - route_targets: - - 789654:789654 - export: - - address_family: evpn - route_targets: - - 789654:789654 - router_id: 10.10.0.3 - redistribute: - connected: - enabled: true + both: + - 303:333 + redistribute_routes: + - learned + vlan: 90,100,1008-1009 vlans: - id: 1010 tenant: SIT @@ -78,66 +101,61 @@ router_bgp: - 20020:20020 redistribute_routes: - learned - vlan_aware_bundles: - - name: bundle3 - rd: 1.1.1.1:333 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: SIT_VRF + rd: 10.10.0.3:789654 route_targets: - both: - - 303:333 - redistribute_routes: - - learned - vlan: 90,100,1008-1009 + import: + - address_family: evpn + route_targets: + - 789654:789654 + export: + - address_family: evpn + route_targets: + - 789654:789654 + router_id: 10.10.0.3 + redistribute: + connected: + enabled: true service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan1008 + description: SVI_1 + shutdown: false + vrf: SIT_VRF + tenant: SIT + tags: + - sit +- name: Vlan1009 + description: SVI_2 + shutdown: false + vrf: SIT_VRF + tenant: SIT + tags: + - sit +- name: Vlan1010 + description: SVI_3 + shutdown: false + vrf: SIT_VRF + tenant: SIT + tags: + - sit vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: SIT_VRF - tenant: SIT - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.10.0.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.11.0.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.0.0/24 eq 32 - - sequence: 20 - action: permit 10.11.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 1008 name: SVI_1 @@ -160,36 +178,18 @@ vlans: - id: 100 name: vlan100 tenant: SIT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan1008 - tenant: SIT - tags: - - sit - description: SVI_1 - shutdown: false - vrf: SIT_VRF -- name: Vlan1009 - tenant: SIT - tags: - - sit - description: SVI_2 - shutdown: false - vrf: SIT_VRF -- name: Vlan1010 +vrfs: +- name: MGMT + ip_routing: false +- name: SIT_VRF + ip_routing: true tenant: SIT - tags: - - sit - description: SVI_3 - shutdown: false - vrf: SIT_VRF vxlan_interface: vxlan1: description: evpn_vlan_bundle_svi_l2vlan_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 1008 vni: 21008 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.only_vlans_in_use.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.only_vlans_in_use.yml index a41e80edacf..681acd620ca 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.only_vlans_in_use.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.only_vlans_in_use.yml @@ -1,28 +1,39 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: SERVER_testserver_Nic1 + shutdown: false + peer: testserver + peer_interface: Nic1 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-2 hostname: filter.only_vlans_in_use +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 10.0.0.1 -service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true vlans: - id: 2 name: vlan2 @@ -30,17 +41,6 @@ vlans: - id: 1 name: vlan1 tenant: test -ip_igmp_snooping: - globally_enabled: true -ethernet_interfaces: -- name: Ethernet1 - peer: testserver - peer_interface: Nic1 - peer_type: server - description: SERVER_testserver_Nic1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-2 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml index c7ccfc8459d..2bc1969a7c6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml @@ -1,95 +1,95 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: filter.vrfs +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.0.1/32 +- name: Loopback2 + shutdown: false + vrf: VRF2 + ip_address: 192.168.1.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 10.0.0.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false - name: VRF2 - tenant: TENANT1 - ip_routing: true description: This VRF is attracted by Loopback and will be configured because it is permitted by filter.allow_vrfs -- name: VRF5 - tenant: TENANT2 ip_routing: true + tenant: TENANT1 +- name: VRF5 description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.allow_vrfs -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.0.1/32 -- name: Loopback2 - ip_address: 192.168.1.1/32 - shutdown: false - vrf: VRF2 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true + ip_routing: true + tenant: TENANT2 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf1.yml index f87343dcfd4..ebb0c844a9f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf1.yml @@ -1,92 +1,35 @@ -hostname: flow-tracking-tests-l2-leaf1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.254.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.201/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: flow-tracking-tests-leaf3 - peer_interface: Ethernet31 - peer_type: l3leaf description: L2_flow-tracking-tests-leaf3_Ethernet31 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: flow-tracking-tests-leaf4 + peer: flow-tracking-tests-leaf3 peer_interface: Ethernet31 peer_type: l3leaf +- name: Ethernet2 description: L2_flow-tracking-tests-leaf4_Ethernet31 shutdown: false channel_group: id: 1 mode: active -port_channel_interfaces: -- name: Port-Channel1 - description: L2_flow-tracking-tests-leaf-mlag_Port-Channel31 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - flow_tracker: - sampled: FLOW-TRACKER -vlans: -- id: 11 - name: VLAN11 - tenant: FLOW_TRACKING -- id: 4092 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.254.254.4/24 - type: inband_mgmt + peer: flow-tracking-tests-leaf4 + peer_interface: Ethernet31 + peer_type: l3leaf flow_tracking: sampled: sample: 10000 trackers: - - name: FLOW-TRACKER - record_export: + - record_export: on_inactive_timeout: 70000 on_interval: 300000 + name: FLOW-TRACKER exporters: - name: CV-TELEMETRY collector: @@ -94,5 +37,62 @@ flow_tracking: local_interface: Loopback0 template_interval: 3600000 shutdown: false +hostname: flow-tracking-tests-l2-leaf1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.201/24 + type: oob + gateway: 192.168.0.1 metadata: platform: vEOS-lab +port_channel_interfaces: +- name: Port-Channel1 + description: L2_flow-tracking-tests-leaf-mlag_Port-Channel31 + shutdown: false + flow_tracker: + sampled: FLOW-TRACKER + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.254.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 10.254.254.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: FLOW_TRACKING +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf2.yml index ee84b476acd..d9c01608b07 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-l2-leaf2.yml @@ -1,92 +1,35 @@ -hostname: flow-tracking-tests-l2-leaf2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.254.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.202/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: flow-tracking-tests-leaf3 - peer_interface: Ethernet32 - peer_type: l3leaf description: L2_flow-tracking-tests-leaf3_Ethernet32 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: flow-tracking-tests-leaf4 + peer: flow-tracking-tests-leaf3 peer_interface: Ethernet32 peer_type: l3leaf +- name: Ethernet2 description: L2_flow-tracking-tests-leaf4_Ethernet32 shutdown: false channel_group: id: 1 mode: active -port_channel_interfaces: -- name: Port-Channel1 - description: L2_flow-tracking-tests-leaf-mlag_Port-Channel32 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - flow_tracker: - sampled: FLOW-TRACKER -vlans: -- id: 11 - name: VLAN11 - tenant: FLOW_TRACKING -- id: 4092 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.254.254.5/24 - type: inband_mgmt + peer: flow-tracking-tests-leaf4 + peer_interface: Ethernet32 + peer_type: l3leaf flow_tracking: sampled: sample: 10000 trackers: - - name: FLOW-TRACKER - record_export: + - record_export: on_inactive_timeout: 70000 on_interval: 300000 + name: FLOW-TRACKER exporters: - name: CV-TELEMETRY collector: @@ -94,5 +37,62 @@ flow_tracking: local_interface: Loopback0 template_interval: 3600000 shutdown: false +hostname: flow-tracking-tests-l2-leaf2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.202/24 + type: oob + gateway: 192.168.0.1 metadata: platform: vEOS-lab +port_channel_interfaces: +- name: Port-Channel1 + description: L2_flow-tracking-tests-leaf-mlag_Port-Channel32 + shutdown: false + flow_tracker: + sampled: FLOW-TRACKER + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.254.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 10.254.254.5/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: FLOW_TRACKING +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf1.yml index 90ed4585ab2..6d5808a8e65 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf1.yml @@ -1,231 +1,143 @@ -hostname: flow-tracking-tests-leaf1 -is_deployed: true -router_bgp: - as: '65101' - router_id: 10.254.1.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Ethernet1 - - ip_address: 10.254.2.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Ethernet2 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Loopback0 - remote_as: '65200' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.1 - redistribute: - connected: - enabled: true - vlans: - - id: 11 - tenant: FLOW_TRACKING - rd: 10.254.1.1:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: FLOW_TRACKING - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.101/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: flow-tracking-tests-spine1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_flow-tracking-tests-spine1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.254.2.1/31 -- name: Ethernet2 - peer: flow-tracking-tests-spine2 - peer_interface: Ethernet2 + peer: flow-tracking-tests-spine1 + peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_flow-tracking-tests-spine2_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.254.2.3/31 + peer: flow-tracking-tests-spine2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false - name: Ethernet81 - peer_type: l3_interface - ip_address: 10.1.55.0/31 shutdown: false + vrf: VRF1 flow_tracker: hardware: FLOW-TRACKER-3 + ip_address: 10.1.55.0/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet82 - peer_type: l3_interface - ip_address: 10.1.55.0/31 shutdown: false + vrf: VRF1 + ip_address: 10.1.55.0/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet83 - peer_type: l3_interface - ip_address: 10.1.55.0/31 shutdown: false + vrf: VRF1 flow_tracker: hardware: FLOW-TRACKER + ip_address: 10.1.55.0/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet84 - peer_type: l3_interface - ip_address: 10.1.55.0/31 shutdown: false + vrf: VRF1 flow_tracker: hardware: FLOW-TRACKER + ip_address: 10.1.55.0/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet10 + description: SERVER_single-interface-true_eth1 + shutdown: false + flow_tracker: + hardware: FLOW-TRACKER-3 peer: single-interface-true peer_interface: eth1 peer_type: server - description: SERVER_single-interface-true_eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - flow_tracker: - hardware: FLOW-TRACKER-3 - name: Ethernet11 + description: SERVER_single-interface-false_eth11 + shutdown: false peer: single-interface-false peer_interface: eth11 peer_type: server - description: SERVER_single-interface-false_eth11 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - name: Ethernet12 + description: SERVER_single-interface-no-definition_eth12 + shutdown: false + flow_tracker: + hardware: FLOW-TRACKER peer: single-interface-no-definition peer_interface: eth12 peer_type: server - description: SERVER_single-interface-no-definition_eth12 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 +- name: Ethernet13 + description: SERVER_single-interface-true4_eth1 + shutdown: false flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet13 peer: single-interface-true4 peer_interface: eth1 peer_type: server - description: SERVER_single-interface-true4_eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - flow_tracker: - hardware: FLOW-TRACKER +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 50001 + on_interval: 300332 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.2 + local_interface: Loopback0 + template_interval: 40002 + - name: FLOW-TRACKER-3 + record_export: + on_inactive_timeout: 50000 + on_interval: 300331 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 40000 + shutdown: false +hostname: flow-tracking-tests-leaf1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -235,6 +147,20 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 10.254.11.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.101/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -254,55 +180,129 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -vlans: -- id: 11 - name: VLAN11 - tenant: FLOW_TRACKING -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 +router_bgp: + as: '65101' + router_id: 10.254.1.1 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Ethernet1 + - ip_address: 10.254.2.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Ethernet2 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: FLOW_TRACKING + rd: 10.254.1.1:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.1 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan11 - tenant: FLOW_TRACKING description: VLAN11 shutdown: false - ip_address: 172.16.11.1/24 vrf: VRF1 + ip_address: 172.16.11.1/24 + tenant: FLOW_TRACKING +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: FLOW_TRACKING +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: FLOW_TRACKING vxlan_interface: vxlan1: description: flow-tracking-tests-leaf1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 11 vni: 10011 vrfs: - name: VRF1 vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 50001 - on_interval: 300332 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.2 - local_interface: Loopback0 - template_interval: 40002 - - name: FLOW-TRACKER-3 - record_export: - on_inactive_timeout: 50000 - on_interval: 300331 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 40000 - shutdown: false -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf2.yml index d591713857d..5a0a67976c5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf2.yml @@ -1,221 +1,140 @@ -hostname: flow-tracking-tests-leaf2 -is_deployed: true -router_bgp: - as: '65102' - router_id: 10.254.1.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Ethernet3 - - ip_address: 10.254.2.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Ethernet4 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Loopback0 - remote_as: '65200' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.2 - redistribute: - connected: - enabled: true - vlans: - - id: 11 - tenant: FLOW_TRACKING - rd: 10.254.1.2:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: FLOW_TRACKING - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.102/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: flow-tracking-tests-spine1 - peer_interface: Ethernet3 - peer_type: spine description: P2P_flow-tracking-tests-spine1_Ethernet3 shutdown: false mtu: 9214 + ip_address: 10.254.2.5/31 + peer: flow-tracking-tests-spine1 + peer_interface: Ethernet3 + peer_type: spine switchport: enabled: false - ip_address: 10.254.2.5/31 - name: Ethernet2 - peer: flow-tracking-tests-spine2 - peer_interface: Ethernet4 - peer_type: spine description: P2P_flow-tracking-tests-spine2_Ethernet4 shutdown: false mtu: 9214 + ip_address: 10.254.2.7/31 + peer: flow-tracking-tests-spine2 + peer_interface: Ethernet4 + peer_type: spine switchport: enabled: false - ip_address: 10.254.2.7/31 - name: Ethernet81 - peer_type: l3_interface - ip_address: 10.1.55.2/31 shutdown: false + vrf: VRF1 flow_tracker: sampled: FLOW-TRACKER-3 + ip_address: 10.1.55.2/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet82 - peer_type: l3_interface - ip_address: 10.1.55.2/31 shutdown: false + vrf: VRF1 + ip_address: 10.1.55.2/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet83 - peer_type: l3_interface - ip_address: 10.1.55.2/31 shutdown: false + vrf: VRF1 + ip_address: 10.1.55.2/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet84 - peer_type: l3_interface - ip_address: 10.1.55.2/31 shutdown: false + vrf: VRF1 flow_tracker: sampled: FLOW-TRACKER-4 + ip_address: 10.1.55.2/31 + peer_type: l3_interface switchport: enabled: false - vrf: VRF1 - name: Ethernet10 + description: SERVER_single-interface-true_eth2 + shutdown: false peer: single-interface-true peer_interface: eth2 peer_type: server - description: SERVER_single-interface-true_eth2 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - name: Ethernet11 + description: SERVER_single-interface-false_eth12 + shutdown: false peer: single-interface-false peer_interface: eth12 peer_type: server - description: SERVER_single-interface-false_eth12 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - name: Ethernet12 + description: SERVER_single-interface-no-definition_eth13 + shutdown: false + flow_tracker: + sampled: FLOW-TRACKER-3 peer: single-interface-no-definition peer_interface: eth13 peer_type: server - description: SERVER_single-interface-no-definition_eth13 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - flow_tracker: - sampled: FLOW-TRACKER-3 - name: Ethernet13 + description: SERVER_single-interface-true4_eth1 + shutdown: false peer: single-interface-true4 peer_interface: eth1 peer_type: server - description: SERVER_single-interface-true4_eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 +flow_tracking: + sampled: + encapsulation: + mpls: true + sample: 50000 + hardware_offload: + ipv4: true + ipv6: true + threshold_minimum: 1332 + trackers: + - record_export: + on_inactive_timeout: 50000 + on_interval: 300331 + name: FLOW-TRACKER-3 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 40000 + - record_export: + on_inactive_timeout: 50020 + on_interval: 300321 + name: FLOW-TRACKER-4 + exporters: + - name: ayush_exporter + collector: + host: 127.0.2.1 + local_interface: Loopback0 + template_interval: 40020 + shutdown: false +hostname: flow-tracking-tests-leaf2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -225,6 +144,20 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 10.254.11.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.102/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -244,62 +177,129 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -vlans: -- id: 11 - name: VLAN11 - tenant: FLOW_TRACKING -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 +router_bgp: + as: '65102' + router_id: 10.254.1.2 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Ethernet3 + - ip_address: 10.254.2.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Ethernet4 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: FLOW_TRACKING + rd: 10.254.1.2:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.2 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan11 - tenant: FLOW_TRACKING description: VLAN11 shutdown: false - ip_address: 172.17.11.1/24 vrf: VRF1 + ip_address: 172.17.11.1/24 + tenant: FLOW_TRACKING +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: FLOW_TRACKING +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: FLOW_TRACKING vxlan_interface: vxlan1: description: flow-tracking-tests-leaf2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 11 vni: 10011 vrfs: - name: VRF1 vni: 1 -flow_tracking: - sampled: - encapsulation: - mpls: true - sample: 50000 - hardware_offload: - ipv4: true - ipv6: true - threshold_minimum: 1332 - trackers: - - name: FLOW-TRACKER-3 - record_export: - on_inactive_timeout: 50000 - on_interval: 300331 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 40000 - - name: FLOW-TRACKER-4 - record_export: - on_inactive_timeout: 50020 - on_interval: 300321 - exporters: - - name: ayush_exporter - collector: - host: 127.0.2.1 - local_interface: Loopback0 - template_interval: 40020 - shutdown: false -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf3.yml index 45b4bbe6c63..a5d9662e7b1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf3.yml @@ -1,354 +1,149 @@ -hostname: flow-tracking-tests-leaf3 -is_deployed: true -router_bgp: - as: '65105' - router_id: 10.254.1.5 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65105' - next_hop_self: true - description: flow-tracking-tests-leaf4 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.1.105 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: flow-tracking-tests-leaf4 - description: flow-tracking-tests-leaf4_Vlan4093 - - ip_address: 10.254.2.16 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Ethernet5 - - ip_address: 10.254.2.18 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Ethernet6 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Loopback0 - remote_as: '65200' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.5:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.254.1.105 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: flow-tracking-tests-leaf4_Vlan3000 - vlans: - - id: 11 - tenant: FLOW_TRACKING - rd: 10.254.1.5:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: FLOW_TRACKING - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.103/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VLAN11 - tenant: FLOW_TRACKING -- id: 3000 - name: MLAG_L3_VRF_VRF1 - trunk_groups: - - MLAG - tenant: FLOW_TRACKING -- id: 4092 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.254.1.104/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.254.1.72/31 -- name: Vlan11 - tenant: FLOW_TRACKING - description: VLAN11 - shutdown: false - vrf: VRF1 -- name: Vlan3000 - tenant: FLOW_TRACKING - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF1 - vrf: VRF1 - mtu: 9214 - ip_address: 10.254.1.104/31 -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 10.254.254.2/24 - ip_virtual_router_addresses: - - 10.254.254.1 -port_channel_interfaces: -- name: Port-Channel21 - description: MLAG_flow-tracking-tests-leaf4_Port-Channel21 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel31 - description: L2_flow-tracking-tests-l2-leaf1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - flow_tracker: - hardware: FLOW-TRACKER - mlag: 31 -- name: Port-Channel32 - description: L2_flow-tracking-tests-l2-leaf2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - flow_tracker: - hardware: FLOW-TRACKER - mlag: 32 -- name: Port-Channel14 - description: SERVER_port-channel-interface-true - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 14 -- name: Port-Channel15 - description: SERVER_port-channel-interface-false - shutdown: false - flow_tracker: - hardware: FLOW-TRACKER - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 15 -- name: Port-Channel16 - description: SERVER_port-channel-interface-no-definition - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 16 ethernet_interfaces: - name: Ethernet21 - peer: flow-tracking-tests-leaf4 - peer_interface: Ethernet21 - peer_type: mlag_peer description: MLAG_flow-tracking-tests-leaf4_Ethernet21 shutdown: false channel_group: id: 21 mode: active -- name: Ethernet22 peer: flow-tracking-tests-leaf4 - peer_interface: Ethernet22 + peer_interface: Ethernet21 peer_type: mlag_peer +- name: Ethernet22 description: MLAG_flow-tracking-tests-leaf4_Ethernet22 shutdown: false channel_group: id: 21 mode: active + peer: flow-tracking-tests-leaf4 + peer_interface: Ethernet22 + peer_type: mlag_peer - name: Ethernet1 - peer: flow-tracking-tests-spine1 - peer_interface: Ethernet5 - peer_type: spine description: P2P_flow-tracking-tests-spine1_Ethernet5 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER-3 ip_address: 10.254.2.17/31 -- name: Ethernet2 - peer: flow-tracking-tests-spine2 - peer_interface: Ethernet6 + peer: flow-tracking-tests-spine1 + peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_flow-tracking-tests-spine2_Ethernet6 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER-3 ip_address: 10.254.2.19/31 + peer: flow-tracking-tests-spine2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false - name: Ethernet31 - peer: flow-tracking-tests-l2-leaf1 - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_flow-tracking-tests-l2-leaf1_Ethernet1 shutdown: false channel_group: id: 31 mode: active -- name: Ethernet32 - peer: flow-tracking-tests-l2-leaf2 + peer: flow-tracking-tests-l2-leaf1 peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet32 description: L2_flow-tracking-tests-l2-leaf2_Ethernet1 shutdown: false channel_group: id: 32 mode: active + peer: flow-tracking-tests-l2-leaf2 + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet14 - peer: port-channel-interface-true - peer_interface: PCI1 - peer_type: server description: SERVER_port-channel-interface-true_PCI1 shutdown: false channel_group: id: 14 mode: 'on' -- name: Ethernet15 - peer: port-channel-interface-false - peer_interface: PCI11 + peer: port-channel-interface-true + peer_interface: PCI1 peer_type: server +- name: Ethernet15 description: SERVER_port-channel-interface-false_PCI11 shutdown: false channel_group: id: 15 mode: 'on' -- name: Ethernet16 - peer: port-channel-interface-no-definition - peer_interface: PCI13 + peer: port-channel-interface-false + peer_interface: PCI11 peer_type: server +- name: Ethernet16 description: SERVER_port-channel-interface-no-definition_PCI13 shutdown: false channel_group: id: 16 mode: 'on' + peer: port-channel-interface-no-definition + peer_interface: PCI13 + peer_type: server +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 50001 + on_interval: 300332 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.2 + local_interface: Loopback0 + template_interval: 40002 + - name: FLOW-TRACKER-3 + record_export: + on_inactive_timeout: 50000 + on_interval: 300331 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 40000 + shutdown: false +hostname: flow-tracking-tests-leaf3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.103/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab mlag_configuration: domain_id: flow-tracking-tests-leaf-mlag local_interface: Vlan4094 @@ -356,14 +151,90 @@ mlag_configuration: peer_link: Port-Channel21 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel21 + description: MLAG_flow-tracking-tests-leaf4_Port-Channel21 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel31 + description: L2_flow-tracking-tests-l2-leaf1_Port-Channel1 + shutdown: false + mlag: 31 + flow_tracker: + hardware: FLOW-TRACKER + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel32 + description: L2_flow-tracking-tests-l2-leaf2_Port-Channel1 + shutdown: false + mlag: 32 + flow_tracker: + hardware: FLOW-TRACKER + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel14 + description: SERVER_port-channel-interface-true + shutdown: false + mlag: 14 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Port-Channel15 + description: SERVER_port-channel-interface-false + shutdown: false + mlag: 15 + spanning_tree_portfast: edge + flow_tracker: + hardware: FLOW-TRACKER + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Port-Channel16 + description: SERVER_port-channel-interface-no-definition + shutdown: false + mlag: 16 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: access + access_vlan: 11 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.104/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 10.254.254.0/24 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -382,44 +253,199 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.104/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 10.254.254.0/24 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 +router_bgp: + as: '65105' + router_id: 10.254.1.5 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65105' + description: flow-tracking-tests-leaf4 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.1.105 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: flow-tracking-tests-leaf4 + description: flow-tracking-tests-leaf4_Vlan4093 + - ip_address: 10.254.2.16 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Ethernet5 + - ip_address: 10.254.2.18 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Ethernet6 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Loopback0 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: FLOW_TRACKING + rd: 10.254.1.5:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.5:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.5 + neighbors: + - ip_address: 10.254.1.105 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: flow-tracking-tests-leaf4_Vlan3000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.254.1.104/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.254.1.72/31 + mtu: 9214 + no_autostate: true +- name: Vlan11 + description: VLAN11 + shutdown: false + vrf: VRF1 + tenant: FLOW_TRACKING +- name: Vlan3000 + description: MLAG_L3_VRF_VRF1 + shutdown: false + vrf: VRF1 + ip_address: 10.254.1.104/31 + mtu: 9214 + tenant: FLOW_TRACKING + type: underlay_peering +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 10.254.254.2/24 + ip_virtual_router_addresses: + - 10.254.254.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VLAN11 + tenant: FLOW_TRACKING +- id: 3000 + name: MLAG_L3_VRF_VRF1 + trunk_groups: + - MLAG + tenant: FLOW_TRACKING +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: FLOW_TRACKING vxlan_interface: vxlan1: description: flow-tracking-tests-leaf3_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -427,29 +453,3 @@ vxlan_interface: vrfs: - name: VRF1 vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER-3 - record_export: - on_inactive_timeout: 50000 - on_interval: 300331 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 40000 - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 50001 - on_interval: 300332 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.2 - local_interface: Loopback0 - template_interval: 40002 - shutdown: false -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf4.yml index 7b9adefe184..0ff3e44351e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf4.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-leaf4.yml @@ -1,354 +1,149 @@ -hostname: flow-tracking-tests-leaf4 -is_deployed: true -router_bgp: - as: '65105' - router_id: 10.254.1.6 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65105' - next_hop_self: true - description: flow-tracking-tests-leaf3 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.1.104 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: flow-tracking-tests-leaf3 - description: flow-tracking-tests-leaf3_Vlan4093 - - ip_address: 10.254.2.20 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Ethernet7 - - ip_address: 10.254.2.22 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Ethernet8 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine1 - description: flow-tracking-tests-spine1_Loopback0 - remote_as: '65200' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-spine2 - description: flow-tracking-tests-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.6:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.254.1.104 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: flow-tracking-tests-leaf3_Vlan3000 - vlans: - - id: 11 - tenant: FLOW_TRACKING - rd: 10.254.1.6:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: FLOW_TRACKING - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.104/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VLAN11 - tenant: FLOW_TRACKING -- id: 3000 - name: MLAG_L3_VRF_VRF1 - trunk_groups: - - MLAG - tenant: FLOW_TRACKING -- id: 4092 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.254.1.105/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.254.1.73/31 -- name: Vlan11 - tenant: FLOW_TRACKING - description: VLAN11 - shutdown: false - vrf: VRF1 -- name: Vlan3000 - tenant: FLOW_TRACKING - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF1 - vrf: VRF1 - mtu: 9214 - ip_address: 10.254.1.105/31 -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 10.254.254.3/24 - ip_virtual_router_addresses: - - 10.254.254.1 -port_channel_interfaces: -- name: Port-Channel21 - description: MLAG_flow-tracking-tests-leaf3_Port-Channel21 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - flow_tracker: - hardware: FLOW-TRACKER -- name: Port-Channel31 - description: L2_flow-tracking-tests-l2-leaf1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - mlag: 31 -- name: Port-Channel32 - description: L2_flow-tracking-tests-l2-leaf2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - mlag: 32 -- name: Port-Channel14 - description: SERVER_port-channel-interface-true - shutdown: false - flow_tracker: - hardware: FLOW-TRACKER-4 - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 14 -- name: Port-Channel15 - description: SERVER_port-channel-interface-false - shutdown: false - flow_tracker: - hardware: FLOW-TRACKER - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 15 -- name: Port-Channel16 - description: SERVER_port-channel-interface-no-definition - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 16 ethernet_interfaces: - name: Ethernet21 - peer: flow-tracking-tests-leaf3 - peer_interface: Ethernet21 - peer_type: mlag_peer description: MLAG_flow-tracking-tests-leaf3_Ethernet21 shutdown: false channel_group: id: 21 mode: active -- name: Ethernet22 peer: flow-tracking-tests-leaf3 - peer_interface: Ethernet22 + peer_interface: Ethernet21 peer_type: mlag_peer +- name: Ethernet22 description: MLAG_flow-tracking-tests-leaf3_Ethernet22 shutdown: false channel_group: id: 21 mode: active + peer: flow-tracking-tests-leaf3 + peer_interface: Ethernet22 + peer_type: mlag_peer - name: Ethernet1 - peer: flow-tracking-tests-spine1 - peer_interface: Ethernet7 - peer_type: spine description: P2P_flow-tracking-tests-spine1_Ethernet7 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.254.2.21/31 -- name: Ethernet2 - peer: flow-tracking-tests-spine2 - peer_interface: Ethernet8 + peer: flow-tracking-tests-spine1 + peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_flow-tracking-tests-spine2_Ethernet8 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER ip_address: 10.254.2.23/31 + peer: flow-tracking-tests-spine2 + peer_interface: Ethernet8 + peer_type: spine + switchport: + enabled: false - name: Ethernet31 - peer: flow-tracking-tests-l2-leaf1 - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_flow-tracking-tests-l2-leaf1_Ethernet2 shutdown: false channel_group: id: 31 mode: active -- name: Ethernet32 - peer: flow-tracking-tests-l2-leaf2 + peer: flow-tracking-tests-l2-leaf1 peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet32 description: L2_flow-tracking-tests-l2-leaf2_Ethernet2 shutdown: false channel_group: id: 32 mode: active + peer: flow-tracking-tests-l2-leaf2 + peer_interface: Ethernet2 + peer_type: l2leaf - name: Ethernet14 - peer: port-channel-interface-true - peer_interface: PCI2 - peer_type: server description: SERVER_port-channel-interface-true_PCI2 shutdown: false channel_group: id: 14 mode: 'on' -- name: Ethernet15 - peer: port-channel-interface-false - peer_interface: PCI12 + peer: port-channel-interface-true + peer_interface: PCI2 peer_type: server +- name: Ethernet15 description: SERVER_port-channel-interface-false_PCI12 shutdown: false channel_group: id: 15 mode: 'on' -- name: Ethernet16 - peer: port-channel-interface-no-definition - peer_interface: PCI14 + peer: port-channel-interface-false + peer_interface: PCI12 peer_type: server +- name: Ethernet16 description: SERVER_port-channel-interface-no-definition_PCI14 shutdown: false channel_group: id: 16 mode: 'on' + peer: port-channel-interface-no-definition + peer_interface: PCI14 + peer_type: server +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 50001 + on_interval: 300332 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.2 + local_interface: Loopback0 + template_interval: 40002 + - name: FLOW-TRACKER-4 + record_export: + on_inactive_timeout: 50020 + on_interval: 300321 + exporters: + - name: ayush_exporter + collector: + host: 127.0.2.1 + local_interface: Loopback0 + template_interval: 40020 + shutdown: false +hostname: flow-tracking-tests-leaf4 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.104/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab mlag_configuration: domain_id: flow-tracking-tests-leaf-mlag local_interface: Vlan4094 @@ -356,14 +151,90 @@ mlag_configuration: peer_link: Port-Channel21 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel21 + description: MLAG_flow-tracking-tests-leaf3_Port-Channel21 + shutdown: false + flow_tracker: + hardware: FLOW-TRACKER + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel31 + description: L2_flow-tracking-tests-l2-leaf1_Port-Channel1 + shutdown: false + mlag: 31 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel32 + description: L2_flow-tracking-tests-l2-leaf2_Port-Channel1 + shutdown: false + mlag: 32 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel14 + description: SERVER_port-channel-interface-true + shutdown: false + mlag: 14 + spanning_tree_portfast: edge + flow_tracker: + hardware: FLOW-TRACKER-4 + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Port-Channel15 + description: SERVER_port-channel-interface-false + shutdown: false + mlag: 15 + spanning_tree_portfast: edge + flow_tracker: + hardware: FLOW-TRACKER + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Port-Channel16 + description: SERVER_port-channel-interface-no-definition + shutdown: false + mlag: 16 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: access + access_vlan: 11 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.104/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 10.254.254.0/24 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -382,44 +253,199 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.104/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 10.254.254.0/24 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 +router_bgp: + as: '65105' + router_id: 10.254.1.6 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65105' + description: flow-tracking-tests-leaf3 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.1.104 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: flow-tracking-tests-leaf3 + description: flow-tracking-tests-leaf3_Vlan4093 + - ip_address: 10.254.2.20 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Ethernet7 + - ip_address: 10.254.2.22 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Ethernet8 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine1 + description: flow-tracking-tests-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: flow-tracking-tests-spine2 + description: flow-tracking-tests-spine2_Loopback0 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: FLOW_TRACKING + rd: 10.254.1.6:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.6:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.6 + neighbors: + - ip_address: 10.254.1.104 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: flow-tracking-tests-leaf3_Vlan3000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.254.1.105/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.254.1.73/31 + mtu: 9214 + no_autostate: true +- name: Vlan11 + description: VLAN11 + shutdown: false + vrf: VRF1 + tenant: FLOW_TRACKING +- name: Vlan3000 + description: MLAG_L3_VRF_VRF1 + shutdown: false + vrf: VRF1 + ip_address: 10.254.1.105/31 + mtu: 9214 + tenant: FLOW_TRACKING + type: underlay_peering +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 10.254.254.3/24 + ip_virtual_router_addresses: + - 10.254.254.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VLAN11 + tenant: FLOW_TRACKING +- id: 3000 + name: MLAG_L3_VRF_VRF1 + trunk_groups: + - MLAG + tenant: FLOW_TRACKING +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: FLOW_TRACKING vxlan_interface: vxlan1: description: flow-tracking-tests-leaf4_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -427,29 +453,3 @@ vxlan_interface: vrfs: - name: VRF1 vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 50001 - on_interval: 300332 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.2 - local_interface: Loopback0 - template_interval: 40002 - - name: FLOW-TRACKER-4 - record_export: - on_inactive_timeout: 50020 - on_interval: 300321 - exporters: - - name: ayush_exporter - collector: - host: 127.0.2.1 - local_interface: Loopback0 - template_interval: 40020 - shutdown: false -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine1.yml index 246c38a7977..4845a1d17df 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine1.yml @@ -1,299 +1,299 @@ -hostname: flow-tracking-tests-spine1 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: flow-tracking-tests-leaf1 - description: flow-tracking-tests-leaf1_Ethernet1 - - ip_address: 10.254.2.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: flow-tracking-tests-leaf2 - description: flow-tracking-tests-leaf2_Ethernet1 - - ip_address: 10.254.2.17 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: flow-tracking-tests-leaf3 - description: flow-tracking-tests-leaf3_Ethernet1 - - ip_address: 10.254.2.21 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: flow-tracking-tests-leaf4 - description: flow-tracking-tests-leaf4_Ethernet1 - - ip_address: 10.254.1.1 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf1 - description: flow-tracking-tests-leaf1_Loopback0 - remote_as: '65101' - - ip_address: 10.254.1.2 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf2 - description: flow-tracking-tests-leaf2_Loopback0 - remote_as: '65102' - - ip_address: 10.254.1.5 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf3 - description: flow-tracking-tests-leaf3_Loopback0 - remote_as: '65105' - - ip_address: 10.254.1.6 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf4 - description: flow-tracking-tests-leaf4_Loopback0 - remote_as: '65105' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.11/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: flow-tracking-tests-leaf1 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_flow-tracking-tests-leaf1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: sampled: FLOW-TRACKER ip_address: 10.254.2.0/31 -- name: Ethernet3 - peer: flow-tracking-tests-leaf2 + peer: flow-tracking-tests-leaf1 peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_flow-tracking-tests-leaf2_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: sampled: FLOW-TRACKER ip_address: 10.254.2.4/31 -- name: Ethernet5 - peer: flow-tracking-tests-leaf3 + peer: flow-tracking-tests-leaf2 peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_flow-tracking-tests-leaf3_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: sampled: FLOW-TRACKER ip_address: 10.254.2.16/31 -- name: Ethernet7 - peer: flow-tracking-tests-leaf4 + peer: flow-tracking-tests-leaf3 peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_flow-tracking-tests-leaf4_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: sampled: FLOW-TRACKER ip_address: 10.254.2.20/31 + peer: flow-tracking-tests-leaf4 + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false - name: Ethernet9 + description: P2P_flow-tracking-tests-spine2_Ethernet9 + shutdown: false + mtu: 9214 + flow_tracker: + sampled: FLOW-TRACKER peer: flow-tracking-tests-spine2 peer_interface: Ethernet9 peer_type: spine switchport: enabled: false +- name: Ethernet10 + description: P2P_flow-tracking-tests-spine2_Ethernet10 shutdown: false mtu: 9214 flow_tracker: - sampled: FLOW-TRACKER - description: P2P_flow-tracking-tests-spine2_Ethernet9 -- name: Ethernet10 + sampled: FLOW-TRACKER-1 peer: flow-tracking-tests-spine2 peer_interface: Ethernet10 peer_type: spine switchport: enabled: false +- name: Ethernet11 + description: P2P_flow-tracking-tests-spine2_Ethernet11 shutdown: false mtu: 9214 - flow_tracker: - sampled: FLOW-TRACKER-1 - description: P2P_flow-tracking-tests-spine2_Ethernet10 -- name: Ethernet11 peer: flow-tracking-tests-spine2 peer_interface: Ethernet11 peer_type: spine switchport: enabled: false +- name: Ethernet12 + description: P2P_flow-tracking-tests-spine2_Ethernet12 shutdown: false mtu: 9214 - description: P2P_flow-tracking-tests-spine2_Ethernet11 -- name: Ethernet12 + flow_tracker: + sampled: FLOW-TRACKER peer: flow-tracking-tests-spine2 peer_interface: Ethernet12 peer_type: spine switchport: enabled: false +- name: Ethernet13 + description: P2P_flow-tracking-tests-spine2_Ethernet13 shutdown: false mtu: 9214 flow_tracker: sampled: FLOW-TRACKER - description: P2P_flow-tracking-tests-spine2_Ethernet12 -- name: Ethernet13 peer: flow-tracking-tests-spine2 peer_interface: Ethernet13 peer_type: spine switchport: enabled: false +- name: Ethernet14 + description: P2P_flow-tracking-tests-spine2_Ethernet14 shutdown: false mtu: 9214 flow_tracker: - sampled: FLOW-TRACKER - description: P2P_flow-tracking-tests-spine2_Ethernet13 -- name: Ethernet14 + sampled: FLOW-TRACKER-1 peer: flow-tracking-tests-spine2 peer_interface: Ethernet14 peer_type: spine switchport: enabled: false +- name: Ethernet15 + description: P2P_flow-tracking-tests-spine2_Ethernet15 shutdown: false mtu: 9214 - flow_tracker: - sampled: FLOW-TRACKER-1 - description: P2P_flow-tracking-tests-spine2_Ethernet14 -- name: Ethernet15 peer: flow-tracking-tests-spine2 peer_interface: Ethernet15 peer_type: spine switchport: enabled: false +- name: Ethernet16 + description: P2P_flow-tracking-tests-spine2_Ethernet16 shutdown: false mtu: 9214 - description: P2P_flow-tracking-tests-spine2_Ethernet15 -- name: Ethernet16 + flow_tracker: + sampled: FLOW-TRACKER peer: flow-tracking-tests-spine2 peer_interface: Ethernet16 peer_type: spine switchport: enabled: false - shutdown: false - mtu: 9214 - flow_tracker: - sampled: FLOW-TRACKER - description: P2P_flow-tracking-tests-spine2_Ethernet16 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 flow_tracking: sampled: sample: 10000 trackers: - - name: FLOW-TRACKER - record_export: + - record_export: on_inactive_timeout: 50001 on_interval: 300332 + name: FLOW-TRACKER exporters: - name: ayush_exporter collector: host: 127.0.0.2 local_interface: Loopback0 template_interval: 40002 - - name: FLOW-TRACKER-1 + - table_size: 4331 record_export: + mpls: true on_inactive_timeout: 50000 on_interval: 300331 - mpls: true + name: FLOW-TRACKER-1 exporters: - name: ayush_exporter collector: host: 127.0.0.1 local_interface: Loopback0 template_interval: 40000 - table_size: 4331 shutdown: false +hostname: flow-tracking-tests-spine1 +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.11/24 + type: oob + gateway: 192.168.0.1 metadata: platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65200' + router_id: 10.255.0.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: flow-tracking-tests-leaf1 + description: flow-tracking-tests-leaf1_Ethernet1 + - ip_address: 10.254.2.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: flow-tracking-tests-leaf2 + description: flow-tracking-tests-leaf2_Ethernet1 + - ip_address: 10.254.2.17 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf3 + description: flow-tracking-tests-leaf3_Ethernet1 + - ip_address: 10.254.2.21 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf4 + description: flow-tracking-tests-leaf4_Ethernet1 + - ip_address: 10.254.1.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: flow-tracking-tests-leaf1 + description: flow-tracking-tests-leaf1_Loopback0 + - ip_address: 10.254.1.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: flow-tracking-tests-leaf2 + description: flow-tracking-tests-leaf2_Loopback0 + - ip_address: 10.254.1.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf3 + description: flow-tracking-tests-leaf3_Loopback0 + - ip_address: 10.254.1.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf4 + description: flow-tracking-tests-leaf4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine2.yml index 84ce51c94b5..fbd63369518 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/flow-tracking-tests-spine2.yml @@ -1,252 +1,185 @@ -hostname: flow-tracking-tests-spine2 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: flow-tracking-tests-leaf1 - description: flow-tracking-tests-leaf1_Ethernet2 - - ip_address: 10.254.2.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: flow-tracking-tests-leaf2 - description: flow-tracking-tests-leaf2_Ethernet2 - - ip_address: 10.254.2.19 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: flow-tracking-tests-leaf3 - description: flow-tracking-tests-leaf3_Ethernet2 - - ip_address: 10.254.2.23 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: flow-tracking-tests-leaf4 - description: flow-tracking-tests-leaf4_Ethernet2 - - ip_address: 10.254.1.1 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf1 - description: flow-tracking-tests-leaf1_Loopback0 - remote_as: '65101' - - ip_address: 10.254.1.2 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf2 - description: flow-tracking-tests-leaf2_Loopback0 - remote_as: '65102' - - ip_address: 10.254.1.5 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf3 - description: flow-tracking-tests-leaf3_Loopback0 - remote_as: '65105' - - ip_address: 10.254.1.6 - peer_group: EVPN-OVERLAY-PEERS - peer: flow-tracking-tests-leaf4 - description: flow-tracking-tests-leaf4_Loopback0 - remote_as: '65105' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.21/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet2 - peer: flow-tracking-tests-leaf1 - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_flow-tracking-tests-leaf1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER-2 ip_address: 10.254.2.2/31 -- name: Ethernet4 - peer: flow-tracking-tests-leaf2 + peer: flow-tracking-tests-leaf1 peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_flow-tracking-tests-leaf2_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER-2 ip_address: 10.254.2.6/31 -- name: Ethernet6 - peer: flow-tracking-tests-leaf3 + peer: flow-tracking-tests-leaf2 peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_flow-tracking-tests-leaf3_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER-2 ip_address: 10.254.2.18/31 -- name: Ethernet8 - peer: flow-tracking-tests-leaf4 + peer: flow-tracking-tests-leaf3 peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet8 description: P2P_flow-tracking-tests-leaf4_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false flow_tracker: hardware: FLOW-TRACKER-2 ip_address: 10.254.2.22/31 + peer: flow-tracking-tests-leaf4 + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false - name: Ethernet9 + description: P2P_flow-tracking-tests-spine1_Ethernet9 + shutdown: false + mtu: 9214 + flow_tracker: + hardware: FLOW-TRACKER-2 peer: flow-tracking-tests-spine1 peer_interface: Ethernet9 peer_type: spine switchport: enabled: false +- name: Ethernet10 + description: P2P_flow-tracking-tests-spine1_Ethernet10 shutdown: false mtu: 9214 flow_tracker: - hardware: FLOW-TRACKER-2 - description: P2P_flow-tracking-tests-spine1_Ethernet9 -- name: Ethernet10 + hardware: FLOW-TRACKER-1 peer: flow-tracking-tests-spine1 peer_interface: Ethernet10 peer_type: spine switchport: enabled: false +- name: Ethernet11 + description: P2P_flow-tracking-tests-spine1_Ethernet11 shutdown: false mtu: 9214 - flow_tracker: - hardware: FLOW-TRACKER-1 - description: P2P_flow-tracking-tests-spine1_Ethernet10 -- name: Ethernet11 peer: flow-tracking-tests-spine1 peer_interface: Ethernet11 peer_type: spine switchport: enabled: false +- name: Ethernet12 + description: P2P_flow-tracking-tests-spine1_Ethernet12 shutdown: false mtu: 9214 - description: P2P_flow-tracking-tests-spine1_Ethernet11 -- name: Ethernet12 peer: flow-tracking-tests-spine1 peer_interface: Ethernet12 peer_type: spine switchport: enabled: false +- name: Ethernet13 + description: P2P_flow-tracking-tests-spine1_Ethernet13 shutdown: false mtu: 9214 - description: P2P_flow-tracking-tests-spine1_Ethernet12 -- name: Ethernet13 + flow_tracker: + hardware: FLOW-TRACKER-2 peer: flow-tracking-tests-spine1 peer_interface: Ethernet13 peer_type: spine switchport: enabled: false +- name: Ethernet14 + description: P2P_flow-tracking-tests-spine1_Ethernet14 shutdown: false mtu: 9214 flow_tracker: - hardware: FLOW-TRACKER-2 - description: P2P_flow-tracking-tests-spine1_Ethernet13 -- name: Ethernet14 + hardware: FLOW-TRACKER-1 peer: flow-tracking-tests-spine1 peer_interface: Ethernet14 peer_type: spine switchport: enabled: false +- name: Ethernet15 + description: P2P_flow-tracking-tests-spine1_Ethernet15 shutdown: false mtu: 9214 - flow_tracker: - hardware: FLOW-TRACKER-1 - description: P2P_flow-tracking-tests-spine1_Ethernet14 -- name: Ethernet15 peer: flow-tracking-tests-spine1 peer_interface: Ethernet15 peer_type: spine switchport: enabled: false +- name: Ethernet16 + description: P2P_flow-tracking-tests-spine1_Ethernet16 shutdown: false mtu: 9214 - description: P2P_flow-tracking-tests-spine1_Ethernet15 -- name: Ethernet16 peer: flow-tracking-tests-spine1 peer_interface: Ethernet16 peer_type: spine switchport: enabled: false - shutdown: false - mtu: 9214 - description: P2P_flow-tracking-tests-spine1_Ethernet16 +flow_tracking: + hardware: + record: + format_ipfix_standard_timestamps_counters: true + trackers: + - name: FLOW-TRACKER-1 + record_export: + on_inactive_timeout: 50000 + on_interval: 300331 + exporters: + - name: ayush_exporter + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 40000 + - name: FLOW-TRACKER-2 + record_export: + on_inactive_timeout: 50020 + on_interval: 300321 + exporters: + - name: ayush_exporter + collector: + host: 127.0.2.1 + local_interface: Loopback0 + template_interval: 40020 + shutdown: false +hostname: flow-tracking-tests-spine2 +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.255.0.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.21/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -264,31 +197,98 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -flow_tracking: - hardware: - record: - format_ipfix_standard_timestamps_counters: true - trackers: - - name: FLOW-TRACKER-2 - record_export: - on_inactive_timeout: 50020 - on_interval: 300321 - exporters: - - name: ayush_exporter - collector: - host: 127.0.2.1 - local_interface: Loopback0 - template_interval: 40020 - - name: FLOW-TRACKER-1 - record_export: - on_inactive_timeout: 50000 - on_interval: 300331 - exporters: - - name: ayush_exporter - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 40000 - shutdown: false -metadata: - platform: vEOS-LAB +router_bgp: + as: '65200' + router_id: 10.255.0.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: flow-tracking-tests-leaf1 + description: flow-tracking-tests-leaf1_Ethernet2 + - ip_address: 10.254.2.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: flow-tracking-tests-leaf2 + description: flow-tracking-tests-leaf2_Ethernet2 + - ip_address: 10.254.2.19 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf3 + description: flow-tracking-tests-leaf3_Ethernet2 + - ip_address: 10.254.2.23 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf4 + description: flow-tracking-tests-leaf4_Ethernet2 + - ip_address: 10.254.1.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: flow-tracking-tests-leaf1 + description: flow-tracking-tests-leaf1_Loopback0 + - ip_address: 10.254.1.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: flow-tracking-tests-leaf2 + description: flow-tracking-tests-leaf2_Loopback0 + - ip_address: 10.254.1.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf3 + description: flow-tracking-tests-leaf3_Loopback0 + - ip_address: 10.254.1.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: flow-tracking-tests-leaf4 + description: flow-tracking-tests-leaf4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-1.yml index 564e54adae3..6a509f9e5ba 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-1.yml @@ -1,96 +1,29 @@ -hostname: generate-cv-tags-1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 10.10.255.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - peer: Someotherdevice - ip_address: 10.20.30.40/24 + description: Test interface shutdown: false + ip_address: 10.20.30.40/24 + peer: Someotherdevice + peer_type: l3_interface switchport: enabled: false - description: Test interface +hostname: generate-cv-tags-1 +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.10.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT metadata: cv_tags: device_tags: @@ -119,3 +52,70 @@ metadata: value: Someotherdevice - name: UPPERCASE_INTERFACE_TAG value: something else with spaces +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 10.10.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-2.yml index 0fb18d11d27..d818711f0ca 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/generate-cv-tags-2.yml @@ -1,91 +1,91 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: generate-cv-tags-2 +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.10.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + cv_tags: + device_tags: + - name: topology_hint_fabric + value: EOS_DESIGNS_UNIT_TESTS + - name: topology_hint_type + value: edge +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 10.10.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true service_routing_protocols_model: multi-agent -ip_routing: true +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.10.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - cv_tags: - device_tags: - - name: topology_hint_fabric - value: EOS_DESIGNS_UNIT_TESTS - - name: topology_hint_type - value: edge diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/hardware_counters.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/hardware_counters.yml index 381ad175b6a..1b488bab7f6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/hardware_counters.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/hardware_counters.yml @@ -1,6 +1,8 @@ -hostname: hardware_counters -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hardware_counters: features: - name: vlan-interface @@ -31,23 +33,21 @@ hardware_counters: - name: route address_type: ipv6 prefix: 2001:db8:cafe::/64 +hostname: hardware_counters +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ignore-custom-keys-in-data-models.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ignore-custom-keys-in-data-models.yml index 525059a96a6..ecf5837c152 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ignore-custom-keys-in-data-models.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ignore-custom-keys-in-data-models.yml @@ -1,31 +1,31 @@ -hostname: ignore-custom-keys-in-data-models -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true ethernet_interfaces: - name: Ethernet1 switchport: enabled: true _custom_key3: custom_dict3: custom_value3 +hostname: ignore-custom-keys-in-data-models +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false _custom_key2: - custom_value2 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-ips.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-ips.yml index 04f967af035..bdd0a6dca9a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-ips.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-ips.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-dualstack-ips -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,88 +8,83 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet25 - peer_type: l3leaf description: INBAND-MGMT-PARENT-DUALSTACK1_Ethernet25 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-dualstack2 + peer: inband-mgmt-parent-dualstack1 peer_interface: Ethernet25 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-DUALSTACK2_Ethernet25 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-dualstack2 + peer_interface: Ethernet25 + peer_type: l3leaf +hostname: inband-mgmt-dualstack-ips +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ipv6_static_routes: +- destination_address_prefix: ::/0 + gateway: 2a00:105::1 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: inband-mgmt-parents-dualstack_Po25 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '105' - shutdown: false -vlans: -- id: 105 - name: INBAND_MGMT - tenant: system -ip_igmp_snooping: - globally_enabled: true +service_routing_protocols_model: multi-agent +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.105.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan105 description: Inband Management shutdown: false - mtu: 1500 ip_address: 192.168.105.22/24 ipv6_enable: true ipv6_address: 2a00:105::123/64 + mtu: 1500 type: inband_mgmt -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.105.1 -ipv6_static_routes: -- destination_address_prefix: ::/0 - gateway: 2a00:105::1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 105 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-subnets.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-subnets.yml index 22976cebe36..47f619d5a7e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-subnets.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-dualstack-subnets.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-dualstack-subnets -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,88 +8,83 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet24 - peer_type: l3leaf description: INBAND-MGMT-PARENT-DUALSTACK1_Ethernet24 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-dualstack2 + peer: inband-mgmt-parent-dualstack1 peer_interface: Ethernet24 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-DUALSTACK2_Ethernet24 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-dualstack2 + peer_interface: Ethernet24 + peer_type: l3leaf +hostname: inband-mgmt-dualstack-subnets +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ipv6_static_routes: +- destination_address_prefix: ::/0 + gateway: 2a00:104::1 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: inband-mgmt-parents-dualstack_Po24 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '104' - shutdown: false -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 104 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.104.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan104 description: Inband Management shutdown: false - mtu: 1500 ip_address: 192.168.104.7/24 ipv6_enable: true ipv6_address: 2a00:104::7/64 + mtu: 1500 type: inband_mgmt -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.104.1 -ipv6_static_routes: -- destination_address_prefix: ::/0 - gateway: 2a00:104::1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 104 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ip.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ip.yml index c0a29e59016..c2fd426b1c4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ip.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ip.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-ip -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,82 +8,77 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent - peer_interface: Ethernet23 - peer_type: l3leaf description: INBAND-MGMT-PARENT_Ethernet23 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-vrf + peer: inband-mgmt-parent peer_interface: Ethernet23 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-VRF_Ethernet23 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-vrf + peer_interface: Ethernet23 + peer_type: l3leaf +hostname: inband-mgmt-ip +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: INBAND-MGMT-PARENT_Po23 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '103' - shutdown: false -vlans: -- id: 103 - name: MYVLANNAME - tenant: system -ip_igmp_snooping: - globally_enabled: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan103 description: My description shutdown: false - mtu: 1500 vrf: INBANDMGMT ip_address: 192.168.103.22/24 + mtu: 1500 type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 103 + name: MYVLANNAME + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only-vrf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only-vrf.yml index 6fdd5c80c4b..60e40240bc9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only-vrf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only-vrf.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-ipv6-only-vrf -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,86 +8,81 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet27 - peer_type: l3leaf description: INBAND-MGMT-PARENT-IPV6-1_Ethernet27 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-ipv6-2 + peer: inband-mgmt-parent-ipv6-1 peer_interface: Ethernet27 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-IPV6-2_Ethernet27 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-ipv6-2 + peer_interface: Ethernet27 + peer_type: l3leaf +hostname: inband-mgmt-ipv6-only-vrf +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ipv6_static_routes: +- vrf: INBANDMGMT + destination_address_prefix: ::/0 + gateway: 2a00:107::1 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: inband-mgmt-parents-ipv6_Po27 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '107' - shutdown: false -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 107 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan107 description: Inband Management shutdown: false - mtu: 1500 vrf: INBANDMGMT ipv6_enable: true ipv6_address: 2a00:107::a/64 + mtu: 1500 type: inband_mgmt -ipv6_static_routes: -- destination_address_prefix: ::/0 - gateway: 2a00:107::1 - vrf: INBANDMGMT +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 107 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only.yml index d100dfcf8c9..6b578cec7a9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-ipv6-only.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-ipv6-only -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,84 +8,79 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet26 - peer_type: l3leaf description: INBAND-MGMT-PARENT-IPV6-1_Ethernet26 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-ipv6-2 + peer: inband-mgmt-parent-ipv6-1 peer_interface: Ethernet26 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-IPV6-2_Ethernet26 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-ipv6-2 + peer_interface: Ethernet26 + peer_type: l3leaf +hostname: inband-mgmt-ipv6-only +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ipv6_static_routes: +- destination_address_prefix: ::/0 + gateway: 2a00:106::1 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: inband-mgmt-parents-ipv6_Po26 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '106' - shutdown: false -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 106 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan106 description: Inband Management shutdown: false - mtu: 1500 ipv6_enable: true ipv6_address: 2a00:106::9/64 + mtu: 1500 type: inband_mgmt -ipv6_static_routes: -- destination_address_prefix: ::/0 - gateway: 2a00:106::1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 106 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-a.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-a.yml index 10267dd75cb..05ebec98814 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-a.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-a.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-mlag-a -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,236 +8,173 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 101 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 100.64.0.200/31 -- name: Vlan101 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 192.168.101.22/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel11 - description: MLAG_inband-mgmt-mlag-b_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -- name: Port-Channel1 - description: INBAND-MGMT-PARENT_Po101 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '101' - shutdown: false - mlag: 1 ethernet_interfaces: - name: Ethernet11 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet11 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet11 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet11 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet12 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet12 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet12 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet12 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet13 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet13 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet13 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet13 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet14 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet14 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet14 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet14 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet15 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet15 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet15 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet15 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet16 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet16 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet16 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet16 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet17 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet17 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet17 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet17 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet18 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet18 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet18 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet18 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet19 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet19 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet19 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet19 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet20 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet20 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-b_Ethernet20 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet20 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet1 - peer: inband-mgmt-parent - peer_interface: Ethernet101 - peer_type: l3leaf description: INBAND-MGMT-PARENT_Ethernet101 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-vrf + peer: inband-mgmt-parent peer_interface: Ethernet101 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-VRF_Ethernet101 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-vrf + peer_interface: Ethernet101 + peer_type: l3leaf +hostname: inband-mgmt-mlag-a +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: inband-mgmt-mlag-test local_interface: Vlan4094 @@ -245,8 +182,66 @@ mlag_configuration: peer_link: Port-Channel11 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org +port_channel_interfaces: +- name: Port-Channel11 + description: MLAG_inband-mgmt-mlag-b_Port-Channel11 + shutdown: false + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: INBAND-MGMT-PARENT_Po101 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '101' +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - destination_address_prefix: 0.0.0.0/0 gateway: 192.168.101.21 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 100.64.0.200/31 + mtu: 9214 + no_autostate: true +- name: Vlan101 + description: Inband Management + shutdown: false + ip_address: 192.168.101.22/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 101 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-b.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-b.yml index b15679a4aeb..de85abcdce8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-b.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-mlag-b.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-mlag-b -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,236 +8,173 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 101 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 100.64.0.201/31 -- name: Vlan101 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 192.168.101.23/24 - type: inband_mgmt -port_channel_interfaces: -- name: Port-Channel11 - description: MLAG_inband-mgmt-mlag-a_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -- name: Port-Channel1 - description: INBAND-MGMT-PARENT_Po101 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '101' - shutdown: false - mlag: 1 ethernet_interfaces: - name: Ethernet11 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet11 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet11 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet11 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet12 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet12 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet12 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet12 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet13 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet13 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet13 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet13 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet14 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet14 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet14 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet14 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet15 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet15 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet15 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet15 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet16 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet16 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet16 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet16 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet17 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet17 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet17 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet17 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet18 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet18 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet18 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet18 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet19 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet19 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet19 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet19 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet20 - peer: inband-mgmt-mlag-a - peer_interface: Ethernet20 - peer_type: mlag_peer description: MLAG_inband-mgmt-mlag-a_Ethernet20 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet20 + peer_type: mlag_peer switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet1 - peer: inband-mgmt-parent - peer_interface: Ethernet102 - peer_type: l3leaf description: INBAND-MGMT-PARENT_Ethernet102 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-vrf + peer: inband-mgmt-parent peer_interface: Ethernet102 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-VRF_Ethernet102 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-vrf + peer_interface: Ethernet102 + peer_type: l3leaf +hostname: inband-mgmt-mlag-b +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: inband-mgmt-mlag-test local_interface: Vlan4094 @@ -245,8 +182,66 @@ mlag_configuration: peer_link: Port-Channel11 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org +port_channel_interfaces: +- name: Port-Channel11 + description: MLAG_inband-mgmt-mlag-a_Port-Channel11 + shutdown: false + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: INBAND-MGMT-PARENT_Po101 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '101' +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - destination_address_prefix: 0.0.0.0/0 gateway: 192.168.101.21 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 100.64.0.201/31 + mtu: 9214 + no_autostate: true +- name: Vlan101 + description: Inband Management + shutdown: false + ip_address: 192.168.101.23/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 101 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack1.yml index 20cc3047039..1dfc5056da8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack1.yml @@ -1,84 +1,6 @@ -hostname: inband-mgmt-parent-dualstack1 -is_deployed: true -router_bgp: - as: '65002' - router_id: 10.0.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65002' - next_hop_self: true - description: inband-mgmt-parent-dualstack2 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 100.64.1.5 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: inband-mgmt-parent-dualstack2 - description: inband-mgmt-parent-dualstack2_Vlan4093 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: INBANDMGMT - rd: 10.0.255.3:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.0.255.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 100.64.1.5 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: inband-mgmt-parent-dualstack2_Vlan3000 - updates: - wait_install: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -86,268 +8,157 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT - tenant: INBAND_MGMT_TESTS - ip_routing: true - ipv6_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 105 - name: Inband_management_vlan_ipv6 - tenant: INBAND_MGMT_TESTS -- id: 3000 - name: MLAG_L3_VRF_INBANDMGMT - trunk_groups: - - MLAG - tenant: INBAND_MGMT_TESTS -- id: 104 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 100.64.1.4/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 100.64.0.4/31 -- name: Vlan105 - tenant: INBAND_MGMT_TESTS - description: Inband_management_vlan_ipv6 - shutdown: true - ip_address: 192.168.105.2/24 - ipv6_address: 2a00:105::2/64 - ipv6_enable: true - ip_virtual_router_addresses: - - 192.168.105.1 - ipv6_virtual_router_addresses: - - 2a00:105::1 - vrf: INBANDMGMT -- name: Vlan3000 - tenant: INBAND_MGMT_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_INBANDMGMT - vrf: INBANDMGMT - mtu: 9214 - ip_address: 100.64.1.4/31 -- name: Vlan104 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 192.168.104.2/24 - ip_virtual_router_addresses: - - 192.168.104.1 - ipv6_address: 2a00:104::2/64 - ipv6_enable: true - ipv6_attached_host_route_export: - enabled: true - distance: 19 - ipv6_virtual_router_addresses: - - 2a00:104::1 -port_channel_interfaces: -- name: Port-Channel11 - description: MLAG_inband-mgmt-parent-dualstack2_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel24 - description: INBAND-MGMT-DUALSTACK-SUBNETS_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '104' - shutdown: false - mlag: 24 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -- name: Port-Channel25 - description: INBAND-MGMT-DUALSTACK-IPS_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '105' - shutdown: false - mlag: 25 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 ethernet_interfaces: - name: Ethernet11 - peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet11 - peer_type: mlag_peer description: MLAG_inband-mgmt-parent-dualstack2_Ethernet11 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet12 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet12 + peer_interface: Ethernet11 peer_type: mlag_peer +- name: Ethernet12 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet12 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet13 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet13 + peer_interface: Ethernet12 peer_type: mlag_peer +- name: Ethernet13 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet13 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet14 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet14 + peer_interface: Ethernet13 peer_type: mlag_peer +- name: Ethernet14 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet14 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet15 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet15 + peer_interface: Ethernet14 peer_type: mlag_peer +- name: Ethernet15 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet15 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet16 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet16 + peer_interface: Ethernet15 peer_type: mlag_peer +- name: Ethernet16 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet16 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet17 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet17 + peer_interface: Ethernet16 peer_type: mlag_peer +- name: Ethernet17 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet17 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet18 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet18 + peer_interface: Ethernet17 peer_type: mlag_peer +- name: Ethernet18 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet18 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet19 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet19 + peer_interface: Ethernet18 peer_type: mlag_peer +- name: Ethernet19 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet19 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet20 peer: inband-mgmt-parent-dualstack2 - peer_interface: Ethernet20 + peer_interface: Ethernet19 peer_type: mlag_peer +- name: Ethernet20 description: MLAG_inband-mgmt-parent-dualstack2_Ethernet20 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-parent-dualstack2 + peer_interface: Ethernet20 + peer_type: mlag_peer - name: Ethernet24 - peer: inband-mgmt-dualstack-subnets - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-DUALSTACK-SUBNETS_Ethernet1 shutdown: false channel_group: id: 24 mode: active + peer: inband-mgmt-dualstack-subnets + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 104 - name: Ethernet25 - peer: inband-mgmt-dualstack-ips - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-DUALSTACK-IPS_Ethernet1 shutdown: false channel_group: id: 25 mode: active + peer: inband-mgmt-dualstack-ips + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 105 +hostname: inband-mgmt-parent-dualstack1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +ipv6_prefix_lists: +- name: IPv6-PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 2a00:104::/64 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.255.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.0.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: inband-mgmt-parents-dualstack local_interface: Vlan4094 @@ -355,14 +166,66 @@ mlag_configuration: peer_link: Port-Channel11 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org +port_channel_interfaces: +- name: Port-Channel11 + description: MLAG_inband-mgmt-parent-dualstack2_Port-Channel11 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel24 + description: INBAND-MGMT-DUALSTACK-SUBNETS_Po1 + shutdown: false + mlag: 24 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '104' +- name: Port-Channel25 + description: INBAND-MGMT-DUALSTACK-IPS_Po1 + shutdown: false + mlag: 25 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '105' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.255.0/24 eq 32 + - sequence: 20 + action: permit 10.0.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 100.64.1.4/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 192.168.104.0/24 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -385,50 +248,182 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.255.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.0.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.255.0/24 eq 32 - - sequence: 20 - action: permit 10.0.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 100.64.1.4/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 192.168.104.0/24 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65002' + router_id: 10.0.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65002' + description: inband-mgmt-parent-dualstack2 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.64.1.5 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: inband-mgmt-parent-dualstack2 + description: inband-mgmt-parent-dualstack2_Vlan4093 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: INBANDMGMT + rd: 10.0.255.3:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.0.255.3 + updates: + wait_install: true + neighbors: + - ip_address: 100.64.1.5 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: inband-mgmt-parent-dualstack2_Vlan3000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 100.64.1.4/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 100.64.0.4/31 + mtu: 9214 + no_autostate: true +- name: Vlan105 + description: Inband_management_vlan_ipv6 + shutdown: true + vrf: INBANDMGMT + ip_address: 192.168.105.2/24 + ip_virtual_router_addresses: + - 192.168.105.1 + ipv6_enable: true + ipv6_address: 2a00:105::2/64 + ipv6_virtual_router_addresses: + - 2a00:105::1 + tenant: INBAND_MGMT_TESTS +- name: Vlan3000 + description: MLAG_L3_VRF_INBANDMGMT + shutdown: false + vrf: INBANDMGMT + ip_address: 100.64.1.4/31 + mtu: 9214 + tenant: INBAND_MGMT_TESTS + type: underlay_peering +- name: Vlan104 + description: Inband Management + shutdown: false + ip_address: 192.168.104.2/24 + ip_virtual_router_addresses: + - 192.168.104.1 + ipv6_enable: true + ipv6_address: 2a00:104::2/64 + ipv6_virtual_router_addresses: + - 2a00:104::1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 + ipv6_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 105 + name: Inband_management_vlan_ipv6 + tenant: INBAND_MGMT_TESTS +- id: 3000 + name: MLAG_L3_VRF_INBANDMGMT + trunk_groups: + - MLAG + tenant: INBAND_MGMT_TESTS +- id: 104 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT + ip_routing: true + ipv6_routing: true + tenant: INBAND_MGMT_TESTS vxlan_interface: vxlan1: description: inband-mgmt-parent-dualstack1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vrfs: - name: INBANDMGMT vni: 1 -ipv6_prefix_lists: -- name: IPv6-PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 2a00:104::/64 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack2.yml index 533ebd04fd4..19be8ee446f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-dualstack2.yml @@ -1,84 +1,6 @@ -hostname: inband-mgmt-parent-dualstack2 -is_deployed: true -router_bgp: - as: '65002' - router_id: 10.0.255.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65002' - next_hop_self: true - description: inband-mgmt-parent-dualstack1 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 100.64.1.4 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: inband-mgmt-parent-dualstack1 - description: inband-mgmt-parent-dualstack1_Vlan4093 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: INBANDMGMT - rd: 10.0.255.4:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.0.255.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 100.64.1.4 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: inband-mgmt-parent-dualstack1_Vlan3000 - updates: - wait_install: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -86,268 +8,157 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT - tenant: INBAND_MGMT_TESTS - ip_routing: true - ipv6_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 105 - name: Inband_management_vlan_ipv6 - tenant: INBAND_MGMT_TESTS -- id: 3000 - name: MLAG_L3_VRF_INBANDMGMT - trunk_groups: - - MLAG - tenant: INBAND_MGMT_TESTS -- id: 104 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 100.64.1.5/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 100.64.0.5/31 -- name: Vlan105 - tenant: INBAND_MGMT_TESTS - description: Inband_management_vlan_ipv6 - shutdown: true - ip_address: 192.168.105.3/24 - ipv6_address: 2a00:105::3/64 - ipv6_enable: true - ip_virtual_router_addresses: - - 192.168.105.1 - ipv6_virtual_router_addresses: - - 2a00:105::1 - vrf: INBANDMGMT -- name: Vlan3000 - tenant: INBAND_MGMT_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_INBANDMGMT - vrf: INBANDMGMT - mtu: 9214 - ip_address: 100.64.1.5/31 -- name: Vlan104 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 192.168.104.3/24 - ip_virtual_router_addresses: - - 192.168.104.1 - ipv6_address: 2a00:104::3/64 - ipv6_enable: true - ipv6_attached_host_route_export: - enabled: true - distance: 19 - ipv6_virtual_router_addresses: - - 2a00:104::1 -port_channel_interfaces: -- name: Port-Channel11 - description: MLAG_inband-mgmt-parent-dualstack1_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel24 - description: INBAND-MGMT-DUALSTACK-SUBNETS_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '104' - shutdown: false - mlag: 24 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -- name: Port-Channel25 - description: INBAND-MGMT-DUALSTACK-IPS_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '105' - shutdown: false - mlag: 25 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 ethernet_interfaces: - name: Ethernet11 - peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet11 - peer_type: mlag_peer description: MLAG_inband-mgmt-parent-dualstack1_Ethernet11 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet12 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet12 + peer_interface: Ethernet11 peer_type: mlag_peer +- name: Ethernet12 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet12 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet13 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet13 + peer_interface: Ethernet12 peer_type: mlag_peer +- name: Ethernet13 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet13 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet14 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet14 + peer_interface: Ethernet13 peer_type: mlag_peer +- name: Ethernet14 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet14 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet15 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet15 + peer_interface: Ethernet14 peer_type: mlag_peer +- name: Ethernet15 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet15 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet16 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet16 + peer_interface: Ethernet15 peer_type: mlag_peer +- name: Ethernet16 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet16 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet17 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet17 + peer_interface: Ethernet16 peer_type: mlag_peer +- name: Ethernet17 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet17 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet18 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet18 + peer_interface: Ethernet17 peer_type: mlag_peer +- name: Ethernet18 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet18 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet19 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet19 + peer_interface: Ethernet18 peer_type: mlag_peer +- name: Ethernet19 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet19 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet20 peer: inband-mgmt-parent-dualstack1 - peer_interface: Ethernet20 + peer_interface: Ethernet19 peer_type: mlag_peer +- name: Ethernet20 description: MLAG_inband-mgmt-parent-dualstack1_Ethernet20 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-parent-dualstack1 + peer_interface: Ethernet20 + peer_type: mlag_peer - name: Ethernet24 - peer: inband-mgmt-dualstack-subnets - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-DUALSTACK-SUBNETS_Ethernet2 shutdown: false channel_group: id: 24 mode: active + peer: inband-mgmt-dualstack-subnets + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 104 - name: Ethernet25 - peer: inband-mgmt-dualstack-ips - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-DUALSTACK-IPS_Ethernet2 shutdown: false channel_group: id: 25 mode: active + peer: inband-mgmt-dualstack-ips + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 105 +hostname: inband-mgmt-parent-dualstack2 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +ipv6_prefix_lists: +- name: IPv6-PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 2a00:104::/64 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.255.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.0.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: inband-mgmt-parents-dualstack local_interface: Vlan4094 @@ -355,14 +166,66 @@ mlag_configuration: peer_link: Port-Channel11 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org +port_channel_interfaces: +- name: Port-Channel11 + description: MLAG_inband-mgmt-parent-dualstack1_Port-Channel11 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel24 + description: INBAND-MGMT-DUALSTACK-SUBNETS_Po1 + shutdown: false + mlag: 24 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '104' +- name: Port-Channel25 + description: INBAND-MGMT-DUALSTACK-IPS_Po1 + shutdown: false + mlag: 25 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '105' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.255.0/24 eq 32 + - sequence: 20 + action: permit 10.0.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 100.64.1.4/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 192.168.104.0/24 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -385,50 +248,182 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.255.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.0.254.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.255.0/24 eq 32 - - sequence: 20 - action: permit 10.0.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 100.64.1.4/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 192.168.104.0/24 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65002' + router_id: 10.0.255.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65002' + description: inband-mgmt-parent-dualstack1 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.64.1.4 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: inband-mgmt-parent-dualstack1 + description: inband-mgmt-parent-dualstack1_Vlan4093 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: INBANDMGMT + rd: 10.0.255.4:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.0.255.4 + updates: + wait_install: true + neighbors: + - ip_address: 100.64.1.4 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: inband-mgmt-parent-dualstack1_Vlan3000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 100.64.1.5/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 100.64.0.5/31 + mtu: 9214 + no_autostate: true +- name: Vlan105 + description: Inband_management_vlan_ipv6 + shutdown: true + vrf: INBANDMGMT + ip_address: 192.168.105.3/24 + ip_virtual_router_addresses: + - 192.168.105.1 + ipv6_enable: true + ipv6_address: 2a00:105::3/64 + ipv6_virtual_router_addresses: + - 2a00:105::1 + tenant: INBAND_MGMT_TESTS +- name: Vlan3000 + description: MLAG_L3_VRF_INBANDMGMT + shutdown: false + vrf: INBANDMGMT + ip_address: 100.64.1.5/31 + mtu: 9214 + tenant: INBAND_MGMT_TESTS + type: underlay_peering +- name: Vlan104 + description: Inband Management + shutdown: false + ip_address: 192.168.104.3/24 + ip_virtual_router_addresses: + - 192.168.104.1 + ipv6_enable: true + ipv6_address: 2a00:104::3/64 + ipv6_virtual_router_addresses: + - 2a00:104::1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 + ipv6_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 105 + name: Inband_management_vlan_ipv6 + tenant: INBAND_MGMT_TESTS +- id: 3000 + name: MLAG_L3_VRF_INBANDMGMT + trunk_groups: + - MLAG + tenant: INBAND_MGMT_TESTS +- id: 104 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT + ip_routing: true + ipv6_routing: true + tenant: INBAND_MGMT_TESTS vxlan_interface: vxlan1: description: inband-mgmt-parent-dualstack2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vrfs: - name: INBANDMGMT vni: 1 -ipv6_prefix_lists: -- name: IPv6-PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 2a00:104::/64 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-1.yml index 40e474dd6d5..fff6db743d0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-1.yml @@ -1,61 +1,6 @@ -hostname: inband-mgmt-parent-ipv6-1 -is_deployed: true -router_bgp: - as: '65004' - router_id: 10.0.255.5 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65004' - next_hop_self: true - description: inband-mgmt-parent-ipv6-2 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 100.64.1.9 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: inband-mgmt-parent-ipv6-2 - description: inband-mgmt-parent-ipv6-2_Vlan4093 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -63,244 +8,159 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 106 - tenant: system - name: INBAND_MGMT -- id: 107 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 100.64.1.8/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 100.64.0.8/31 -- name: Vlan106 - description: Inband Management - shutdown: false - mtu: 1500 - ipv6_address: 2a00:106::2/64 - ipv6_enable: true - ipv6_attached_host_route_export: - enabled: true - distance: 19 - ipv6_virtual_router_addresses: - - 2a00:106::1 -- name: Vlan107 - description: Inband Management - shutdown: false - mtu: 1500 - ipv6_address: 2a00:107::2/64 - ipv6_enable: true - ipv6_attached_host_route_export: - enabled: true - distance: 19 - ipv6_virtual_router_addresses: - - 2a00:107::1 -port_channel_interfaces: -- name: Port-Channel11 - description: MLAG_inband-mgmt-parent-ipv6-2_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel26 - description: INBAND-MGMT-IPV6-ONLY_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '106' - shutdown: false - mlag: 26 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -- name: Port-Channel27 - description: INBAND-MGMT-IPV6-ONLY-VRF_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '107' - shutdown: false - mlag: 27 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 ethernet_interfaces: - name: Ethernet11 - peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet11 - peer_type: mlag_peer description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet11 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet12 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet12 + peer_interface: Ethernet11 peer_type: mlag_peer +- name: Ethernet12 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet12 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet13 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet13 + peer_interface: Ethernet12 peer_type: mlag_peer +- name: Ethernet13 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet13 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet14 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet14 + peer_interface: Ethernet13 peer_type: mlag_peer +- name: Ethernet14 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet14 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet15 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet15 + peer_interface: Ethernet14 peer_type: mlag_peer +- name: Ethernet15 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet15 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet16 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet16 + peer_interface: Ethernet15 peer_type: mlag_peer +- name: Ethernet16 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet16 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet17 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet17 + peer_interface: Ethernet16 peer_type: mlag_peer +- name: Ethernet17 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet17 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet18 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet18 + peer_interface: Ethernet17 peer_type: mlag_peer +- name: Ethernet18 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet18 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet19 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet19 + peer_interface: Ethernet18 peer_type: mlag_peer +- name: Ethernet19 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet19 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet20 peer: inband-mgmt-parent-ipv6-2 - peer_interface: Ethernet20 + peer_interface: Ethernet19 peer_type: mlag_peer +- name: Ethernet20 description: MLAG_inband-mgmt-parent-ipv6-2_Ethernet20 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-parent-ipv6-2 + peer_interface: Ethernet20 + peer_type: mlag_peer - name: Ethernet26 - peer: inband-mgmt-ipv6-only - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-IPV6-ONLY_Ethernet1 shutdown: false channel_group: id: 26 mode: active + peer: inband-mgmt-ipv6-only + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 106 - name: Ethernet27 - peer: inband-mgmt-ipv6-only-vrf - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-IPV6-ONLY-VRF_Ethernet1 shutdown: false channel_group: id: 27 mode: active + peer: inband-mgmt-ipv6-only-vrf + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 107 +hostname: inband-mgmt-parent-ipv6-1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +ipv6_prefix_lists: +- name: IPv6-PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 2a00:106::/64 + - sequence: 20 + action: permit 2a00:107::/64 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.255.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.0.254.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: inband-mgmt-parents-ipv6 local_interface: Vlan4094 @@ -308,14 +168,58 @@ mlag_configuration: peer_link: Port-Channel11 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org +port_channel_interfaces: +- name: Port-Channel11 + description: MLAG_inband-mgmt-parent-ipv6-2_Port-Channel11 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel26 + description: INBAND-MGMT-IPV6-ONLY_Po1 + shutdown: false + mlag: 26 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '106' +- name: Port-Channel27 + description: INBAND-MGMT-IPV6-ONLY-VRF_Po1 + shutdown: false + mlag: 27 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '107' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.255.0/24 eq 32 + - sequence: 20 + action: permit 10.0.254.0/24 eq 32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -326,41 +230,132 @@ route_maps: type: permit match: - ipv6 address prefix-list IPv6-PL-L2LEAF-INBAND-MGMT -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.255.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.0.254.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.255.0/24 eq 32 - - sequence: 20 - action: permit 10.0.254.0/24 eq 32 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65004' + router_id: 10.0.255.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65004' + description: inband-mgmt-parent-ipv6-2 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.64.1.9 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: inband-mgmt-parent-ipv6-2 + description: inband-mgmt-parent-ipv6-2_Vlan4093 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 100.64.1.8/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 100.64.0.8/31 + mtu: 9214 + no_autostate: true +- name: Vlan106 + description: Inband Management + shutdown: false + ipv6_enable: true + ipv6_address: 2a00:106::2/64 + ipv6_virtual_router_addresses: + - 2a00:106::1 + mtu: 1500 + ipv6_attached_host_route_export: + enabled: true + distance: 19 +- name: Vlan107 + description: Inband Management + shutdown: false + ipv6_enable: true + ipv6_address: 2a00:107::2/64 + ipv6_virtual_router_addresses: + - 2a00:107::1 + mtu: 1500 + ipv6_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 106 + name: INBAND_MGMT + tenant: system +- id: 107 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: inband-mgmt-parent-ipv6-1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -ipv6_prefix_lists: -- name: IPv6-PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 2a00:106::/64 - - sequence: 20 - action: permit 2a00:107::/64 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-2.yml index 05c30152357..3008a3a55a7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-ipv6-2.yml @@ -1,59 +1,6 @@ -hostname: inband-mgmt-parent-ipv6-2 -is_deployed: true -router_bgp: - as: '65004' - router_id: 10.0.255.6 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65004' - next_hop_self: true - description: inband-mgmt-parent-ipv6-1 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 100.64.1.8 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: inband-mgmt-parent-ipv6-1 - description: inband-mgmt-parent-ipv6-1_Vlan4093 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -61,247 +8,152 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null -spanning_tree: - no_spanning_tree_vlan: 4093-4094 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 106 - tenant: system - name: INBAND_MGMT -- id: 107 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 100.64.1.9/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 100.64.0.9/31 -- name: Vlan106 - description: Inband Management - shutdown: false - mtu: 1500 - vrf: INBANDMGMT - ipv6_address: 2a00:106::3/64 - ipv6_enable: true - ipv6_attached_host_route_export: - enabled: true - distance: 19 - ipv6_virtual_router_addresses: - - 2a00:106::1 -- name: Vlan107 - description: Inband Management - shutdown: false - mtu: 1500 - vrf: INBANDMGMT - ipv6_address: 2a00:107::3/64 - ipv6_enable: true - ipv6_attached_host_route_export: - enabled: true - distance: 19 - ipv6_virtual_router_addresses: - - 2a00:107::1 -port_channel_interfaces: -- name: Port-Channel11 - description: MLAG_inband-mgmt-parent-ipv6-1_Port-Channel11 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel26 - description: INBAND-MGMT-IPV6-ONLY_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '106' - shutdown: false - mlag: 26 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -- name: Port-Channel27 - description: INBAND-MGMT-IPV6-ONLY-VRF_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '107' - shutdown: false - mlag: 27 - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 ethernet_interfaces: - name: Ethernet11 - peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet11 - peer_type: mlag_peer description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet11 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet12 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet12 + peer_interface: Ethernet11 peer_type: mlag_peer +- name: Ethernet12 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet12 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet13 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet13 + peer_interface: Ethernet12 peer_type: mlag_peer +- name: Ethernet13 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet13 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet14 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet14 + peer_interface: Ethernet13 peer_type: mlag_peer +- name: Ethernet14 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet14 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet15 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet15 + peer_interface: Ethernet14 peer_type: mlag_peer +- name: Ethernet15 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet15 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet16 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet16 + peer_interface: Ethernet15 peer_type: mlag_peer +- name: Ethernet16 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet16 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet17 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet17 + peer_interface: Ethernet16 peer_type: mlag_peer +- name: Ethernet17 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet17 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet18 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet18 + peer_interface: Ethernet17 peer_type: mlag_peer +- name: Ethernet18 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet18 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet19 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet19 + peer_interface: Ethernet18 peer_type: mlag_peer +- name: Ethernet19 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet19 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet20 peer: inband-mgmt-parent-ipv6-1 - peer_interface: Ethernet20 + peer_interface: Ethernet19 peer_type: mlag_peer +- name: Ethernet20 description: MLAG_inband-mgmt-parent-ipv6-1_Ethernet20 shutdown: false channel_group: id: 11 mode: active + peer: inband-mgmt-parent-ipv6-1 + peer_interface: Ethernet20 + peer_type: mlag_peer - name: Ethernet26 - peer: inband-mgmt-ipv6-only - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-IPV6-ONLY_Ethernet2 shutdown: false channel_group: id: 26 mode: active + peer: inband-mgmt-ipv6-only + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 106 - name: Ethernet27 - peer: inband-mgmt-ipv6-only-vrf - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-IPV6-ONLY-VRF_Ethernet2 shutdown: false channel_group: id: 27 mode: active + peer: inband-mgmt-ipv6-only-vrf + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 107 +hostname: inband-mgmt-parent-ipv6-2 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.0.254.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: inband-mgmt-parents-ipv6 local_interface: Vlan4094 @@ -309,48 +161,191 @@ mlag_configuration: peer_link: Port-Channel11 reload_delay_mlag: '300' reload_delay_non_mlag: '330' +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org +port_channel_interfaces: +- name: Port-Channel11 + description: MLAG_inband-mgmt-parent-ipv6-1_Port-Channel11 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel26 + description: INBAND-MGMT-IPV6-ONLY_Po1 + shutdown: false + mlag: 26 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '106' +- name: Port-Channel27 + description: INBAND-MGMT-IPV6-ONLY-VRF_Po1 + shutdown: false + mlag: 27 + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '107' +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.255.0/24 eq 32 + - sequence: 20 + action: permit 10.0.254.0/24 eq 32 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.0.254.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.0.255.0/24 eq 32 - - sequence: 20 - action: permit 10.0.254.0/24 eq 32 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65004' + router_id: 10.0.255.6 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65004' + description: inband-mgmt-parent-ipv6-1 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 100.64.1.8 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: inband-mgmt-parent-ipv6-1 + description: inband-mgmt-parent-ipv6-1_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 100.64.1.9/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 100.64.0.9/31 + mtu: 9214 + no_autostate: true +- name: Vlan106 + description: Inband Management + shutdown: false + vrf: INBANDMGMT + ipv6_enable: true + ipv6_address: 2a00:106::3/64 + ipv6_virtual_router_addresses: + - 2a00:106::1 + mtu: 1500 + ipv6_attached_host_route_export: + enabled: true + distance: 19 +- name: Vlan107 + description: Inband Management + shutdown: false + vrf: INBANDMGMT + ipv6_enable: true + ipv6_address: 2a00:107::3/64 + ipv6_virtual_router_addresses: + - 2a00:107::1 + mtu: 1500 + ipv6_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 106 + name: INBAND_MGMT + tenant: system +- id: 107 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT vxlan_interface: vxlan1: description: inband-mgmt-parent-ipv6-2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-vrf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-vrf.yml index de80d9e1b4b..a286a404936 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-vrf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent-vrf.yml @@ -1,73 +1,6 @@ -hostname: inband-mgmt-parent-vrf -is_deployed: true -router_bgp: - as: '65001' - router_id: 10.0.255.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.16.255.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '64999' - peer: inband-mgmt-spine1-ztp - description: inband-mgmt-spine1-ztp_Ethernet2 - - ip_address: 10.0.254.1 - peer_group: EVPN-OVERLAY-PEERS - peer: inband-mgmt-spine1-ztp - description: inband-mgmt-spine1-ztp_Loopback0 - remote_as: '64999' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: INBANDMGMT - rd: 10.0.255.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.0.255.2 - redistribute: - connected: - enabled: true - attached_host: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -75,165 +8,151 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT - tenant: INBAND_MGMT_TESTS - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-spine1-ztp - peer_interface: Ethernet2 - peer_type: spine description: P2P_inband-mgmt-spine1-ztp_Ethernet2 shutdown: false mtu: 9214 + ip_address: 172.16.255.3/31 + peer: inband-mgmt-spine1-ztp + peer_interface: Ethernet2 + peer_type: spine switchport: enabled: false - ip_address: 172.16.255.3/31 - name: Ethernet21 - peer: inband-mgmt-subnet - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-SUBNET_Ethernet2 shutdown: false channel_group: id: 21 mode: active + peer: inband-mgmt-subnet + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet22 - peer: inband-mgmt-subnet-vrf - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-SUBNET-VRF_Ethernet2 shutdown: false channel_group: id: 22 mode: active + peer: inband-mgmt-subnet-vrf + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 102 - name: Ethernet23 - peer: inband-mgmt-ip - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-IP_Ethernet2 shutdown: false channel_group: id: 23 mode: active -- name: Ethernet101 - peer: inband-mgmt-mlag-a + peer: inband-mgmt-ip peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet101 description: INBAND-MGMT-MLAG-A_Ethernet2 shutdown: false channel_group: id: 101 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet102 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet2 - peer_type: l2leaf description: INBAND-MGMT-MLAG-B_Ethernet2 shutdown: false channel_group: id: 101 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet2 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 101 +hostname: inband-mgmt-parent-vrf +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.255.2/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.0.254.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel21 description: INBAND-MGMT-SUBNET_Po1 + shutdown: false + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual switchport: enabled: true mode: trunk trunk: allowed_vlan: '101' - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 - name: Port-Channel22 description: INBAND-MGMT-SUBNET-VRF_Po1 + shutdown: false + lacp_fallback_timeout: 90 + lacp_fallback_mode: individual switchport: enabled: true mode: trunk trunk: allowed_vlan: '102' - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 90 - name: Port-Channel23 description: INBAND-MGMT-IP_Po1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '103' - shutdown: false - name: Port-Channel101 description: inband-mgmt-mlag-test_Po1 + shutdown: false + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual switchport: enabled: true mode: trunk trunk: allowed_vlan: '101' - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.255.2/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.0.254.2/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -253,54 +172,130 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -vlans: -- id: 103 - name: Inband management vlan - tenant: INBAND_MGMT_TESTS -- id: 101 - tenant: system - name: INBAND_MGMT -- id: 102 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65001' + router_id: 10.0.255.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.16.255.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '64999' + peer: inband-mgmt-spine1-ztp + description: inband-mgmt-spine1-ztp_Ethernet2 + - ip_address: 10.0.254.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '64999' + peer: inband-mgmt-spine1-ztp + description: inband-mgmt-spine1-ztp_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: INBANDMGMT + rd: 10.0.255.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.0.255.2 + redistribute: + attached_host: + enabled: true + connected: + enabled: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan103 - tenant: INBAND_MGMT_TESTS description: Inband management vlan shutdown: true - ip_address: 192.168.103.1/24 vrf: INBANDMGMT + ip_address: 192.168.103.1/24 + tenant: INBAND_MGMT_TESTS - name: Vlan101 description: Inband Management shutdown: false - mtu: 1500 vrf: INBANDMGMT - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 192.168.101.2/24 ip_virtual_router_addresses: - 192.168.101.1 -- name: Vlan102 - description: Inband Management - shutdown: false mtu: 1500 - vrf: INBANDMGMT ip_attached_host_route_export: enabled: true distance: 19 +- name: Vlan102 + description: Inband Management + shutdown: false + vrf: INBANDMGMT ip_address: 192.168.102.2/24 ip_virtual_router_addresses: - 192.168.102.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 103 + name: Inband management vlan + tenant: INBAND_MGMT_TESTS +- id: 101 + name: INBAND_MGMT + tenant: system +- id: 102 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT + ip_routing: true + tenant: INBAND_MGMT_TESTS vxlan_interface: vxlan1: description: inband-mgmt-parent-vrf_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vrfs: - name: INBANDMGMT vni: 1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent.yml index 0a2e20ae14a..9ebd88a90ee 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-parent.yml @@ -1,73 +1,6 @@ -hostname: inband-mgmt-parent -is_deployed: true -router_bgp: - as: '65000' - router_id: 10.0.255.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.16.255.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '64999' - peer: inband-mgmt-spine1-ztp - description: inband-mgmt-spine1-ztp_Ethernet1 - - ip_address: 10.0.254.1 - peer_group: EVPN-OVERLAY-PEERS - peer: inband-mgmt-spine1-ztp - description: inband-mgmt-spine1-ztp_Loopback0 - remote_as: '64999' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: INBANDMGMT - rd: 10.0.255.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.0.255.1 - redistribute: - connected: - enabled: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -75,165 +8,151 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT - tenant: INBAND_MGMT_TESTS - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-spine1-ztp - peer_interface: Ethernet1 - peer_type: spine description: P2P_inband-mgmt-spine1-ztp_Ethernet1 shutdown: false mtu: 9214 + ip_address: 172.16.255.1/31 + peer: inband-mgmt-spine1-ztp + peer_interface: Ethernet1 + peer_type: spine switchport: enabled: false - ip_address: 172.16.255.1/31 - name: Ethernet21 - peer: inband-mgmt-subnet - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-SUBNET_Ethernet1 shutdown: false channel_group: id: 21 mode: active + peer: inband-mgmt-subnet + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet22 - peer: inband-mgmt-subnet-vrf - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-SUBNET-VRF_Ethernet1 shutdown: false channel_group: id: 22 mode: active + peer: inband-mgmt-subnet-vrf + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 102 - name: Ethernet23 - peer: inband-mgmt-ip - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-IP_Ethernet1 shutdown: false channel_group: id: 23 mode: active -- name: Ethernet101 - peer: inband-mgmt-mlag-a + peer: inband-mgmt-ip peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet101 description: INBAND-MGMT-MLAG-A_Ethernet1 shutdown: false channel_group: id: 101 mode: active + peer: inband-mgmt-mlag-a + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 101 - name: Ethernet102 - peer: inband-mgmt-mlag-b - peer_interface: Ethernet1 - peer_type: l2leaf description: INBAND-MGMT-MLAG-B_Ethernet1 shutdown: false channel_group: id: 101 mode: active + peer: inband-mgmt-mlag-b + peer_interface: Ethernet1 + peer_type: l2leaf switchport: enabled: true mode: access access_vlan: 101 +hostname: inband-mgmt-parent +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.0.255.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.0.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel21 description: INBAND-MGMT-SUBNET_Po1 + shutdown: false + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual switchport: enabled: true mode: trunk trunk: allowed_vlan: '101' - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 - name: Port-Channel22 description: INBAND-MGMT-SUBNET-VRF_Po1 + shutdown: false + lacp_fallback_timeout: 90 + lacp_fallback_mode: individual switchport: enabled: true mode: trunk trunk: allowed_vlan: '102' - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 90 - name: Port-Channel23 description: INBAND-MGMT-IP_Po1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '103' - shutdown: false - name: Port-Channel101 description: inband-mgmt-mlag-test_Po1 + shutdown: false + lacp_fallback_timeout: 30 + lacp_fallback_mode: individual switchport: enabled: true mode: trunk trunk: allowed_vlan: '101' - shutdown: false - lacp_fallback_mode: individual - lacp_fallback_timeout: 30 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.0.255.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.0.254.1/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -263,52 +182,128 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -vlans: -- id: 103 - name: Inband management vlan - tenant: INBAND_MGMT_TESTS -- id: 101 - tenant: system - name: INBAND_MGMT -- id: 102 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:dc:01 +router_bgp: + as: '65000' + router_id: 10.0.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.16.255.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '64999' + peer: inband-mgmt-spine1-ztp + description: inband-mgmt-spine1-ztp_Ethernet1 + - ip_address: 10.0.254.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '64999' + peer: inband-mgmt-spine1-ztp + description: inband-mgmt-spine1-ztp_Loopback0 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: INBANDMGMT + rd: 10.0.255.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.0.255.1 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan103 - tenant: INBAND_MGMT_TESTS description: Inband management vlan shutdown: true - ip_address: 192.168.103.1/24 vrf: INBANDMGMT + ip_address: 192.168.103.1/24 + tenant: INBAND_MGMT_TESTS - name: Vlan101 description: Inband Management shutdown: false + ip_address: 192.168.101.2/24 + ip_virtual_router_addresses: + - 192.168.101.1 mtu: 1500 ip_attached_host_route_export: enabled: true distance: 19 - ip_address: 192.168.101.2/24 - ip_virtual_router_addresses: - - 192.168.101.1 - name: Vlan102 description: Inband Management shutdown: false + ip_address: 192.168.102.2/24 + ip_virtual_router_addresses: + - 192.168.102.1 mtu: 1500 ip_attached_host_route_export: enabled: true distance: 19 - ip_address: 192.168.102.2/24 - ip_virtual_router_addresses: - - 192.168.102.1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 103 + name: Inband management vlan + tenant: INBAND_MGMT_TESTS +- id: 101 + name: INBAND_MGMT + tenant: system +- id: 102 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT + ip_routing: true + tenant: INBAND_MGMT_TESTS vxlan_interface: vxlan1: description: inband-mgmt-parent_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vrfs: - name: INBANDMGMT vni: 1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-spine1-ztp.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-spine1-ztp.yml index f556901cea3..df10599e9ca 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-spine1-ztp.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-spine1-ztp.yml @@ -1,66 +1,6 @@ -hostname: inband-mgmt-spine1-ztp -is_deployed: true -router_bgp: - as: '64999' - router_id: 10.0.254.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.16.255.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - peer: inband-mgmt-parent - description: inband-mgmt-parent_Ethernet1 - - ip_address: 172.16.255.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65001' - peer: inband-mgmt-parent-vrf - description: inband-mgmt-parent-vrf_Ethernet1 - - ip_address: 10.0.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: inband-mgmt-parent - description: inband-mgmt-parent_Loopback0 - remote_as: '65000' - - ip_address: 10.0.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: inband-mgmt-parent-vrf - description: inband-mgmt-parent-vrf_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -68,72 +8,82 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +dhcp_servers: +- vrf: default + dns_servers_ipv4: + - 1.1.1.1 + - 8.8.8.8 + tftp_server: + file_ipv4: https://www.arista.io/ztp/bootstrap + ipv4_vendor_options: + - vendor_id: NTP + sub_options: + - code: 42 + array_ipv4_address: + - 2.2.2.55 + subnets: + - subnet: 172.16.255.0/31 + name: inband ztp for inband-mgmt-parent-Ethernet1 + default_gateway: 172.16.255.0 + ranges: + - start: 172.16.255.1 + end: 172.16.255.1 + - subnet: 172.16.255.2/31 + name: inband ztp for inband-mgmt-parent-vrf-Ethernet1 + default_gateway: 172.16.255.2 + ranges: + - start: 172.16.255.3 + end: 172.16.255.3 enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_inband-mgmt-parent_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.16.255.0/31 dhcp_server_ipv4: true -- name: Ethernet2 - peer: inband-mgmt-parent-vrf + peer: inband-mgmt-parent peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_inband-mgmt-parent-vrf_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 172.16.255.2/31 dhcp_server_ipv4: true + peer: inband-mgmt-parent-vrf + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +hostname: inband-mgmt-spine1-ztp +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.0.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -156,34 +106,79 @@ route_maps: type: permit match: - ip address prefix-list PL-P2P-LINKS -dhcp_servers: -- vrf: default - subnets: - - subnet: 172.16.255.0/31 - ranges: - - start: 172.16.255.1 - end: 172.16.255.1 - name: inband ztp for inband-mgmt-parent-Ethernet1 - default_gateway: 172.16.255.0 - - subnet: 172.16.255.2/31 - ranges: - - start: 172.16.255.3 - end: 172.16.255.3 - name: inband ztp for inband-mgmt-parent-vrf-Ethernet1 - default_gateway: 172.16.255.2 - tftp_server: - file_ipv4: https://www.arista.io/ztp/bootstrap - dns_servers_ipv4: - - 1.1.1.1 - - 8.8.8.8 - ipv4_vendor_options: - - vendor_id: NTP - sub_options: - - code: 42 - array_ipv4_address: - - 2.2.2.55 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '64999' + router_id: 10.0.254.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.16.255.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + peer: inband-mgmt-parent + description: inband-mgmt-parent_Ethernet1 + - ip_address: 172.16.255.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65001' + peer: inband-mgmt-parent-vrf + description: inband-mgmt-parent-vrf_Ethernet1 + - ip_address: 10.0.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65000' + peer: inband-mgmt-parent + description: inband-mgmt-parent_Loopback0 + - ip_address: 10.0.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: inband-mgmt-parent-vrf + description: inband-mgmt-parent-vrf_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet-vrf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet-vrf.yml index d33632e8fba..73a6e05df9e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet-vrf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet-vrf.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-subnet-vrf -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,86 +8,81 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -- name: INBANDMGMT -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent - peer_interface: Ethernet22 - peer_type: l3leaf description: INBAND-MGMT-PARENT_Ethernet22 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-vrf + peer: inband-mgmt-parent peer_interface: Ethernet22 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-VRF_Ethernet22 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-vrf + peer_interface: Ethernet22 + peer_type: l3leaf +hostname: inband-mgmt-subnet-vrf +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: INBAND-MGMT-PARENT_Po22 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '102' - shutdown: false -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 102 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +static_routes: +- vrf: INBANDMGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.102.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan102 description: Inband Management shutdown: false - mtu: 1500 vrf: INBANDMGMT ip_address: 192.168.102.5/24 + mtu: 1500 type: inband_mgmt -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.102.1 - vrf: INBANDMGMT +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 102 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBANDMGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet.yml index d7441e34b5c..ccbca3f4a5b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/inband-mgmt-subnet.yml @@ -1,6 +1,6 @@ -hostname: inband-mgmt-subnet -is_deployed: true -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - apiserver.arista.io:443 @@ -8,83 +8,78 @@ daemon_terminattr: method: token-secure token_file: /tmp/cv-onboarding-token cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 1.1.1.1 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: null - vrf: null - servers: - - name: 2.2.2.55 - vrf: null - preferred: true - - name: pool.ntp.org - vrf: null ethernet_interfaces: - name: Ethernet1 - peer: inband-mgmt-parent - peer_interface: Ethernet21 - peer_type: l3leaf description: INBAND-MGMT-PARENT_Ethernet21 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: inband-mgmt-parent-vrf + peer: inband-mgmt-parent peer_interface: Ethernet21 peer_type: l3leaf +- name: Ethernet2 description: INBAND-MGMT-PARENT-VRF_Ethernet21 shutdown: false channel_group: id: 1 mode: active + peer: inband-mgmt-parent-vrf + peer_interface: Ethernet21 + peer_type: l3leaf +hostname: inband-mgmt-subnet +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 1.1.1.1 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ntp: + servers: + - name: 2.2.2.55 + preferred: true + - name: pool.ntp.org port_channel_interfaces: - name: Port-Channel1 description: INBAND-MGMT-PARENT_Po21 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '101' - shutdown: false -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 101 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.101.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan101 description: Inband Management shutdown: false - mtu: 1500 ip_address: 192.168.101.4/24 + mtu: 1500 type: inband_mgmt -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.101.1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 101 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ipv4-acls.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ipv4-acls.yml index 611066ee156..cd250f6fc97 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ipv4-acls.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ipv4-acls.yml @@ -1,205 +1,205 @@ -hostname: ipv4-acls -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.0.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - ip_address: 172.16.0.2/30 shutdown: false - switchport: - enabled: false + ip_address: 172.16.0.2/30 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet1 -- name: Ethernet2 peer_type: l3_interface - ip_address: dhcp - shutdown: false switchport: enabled: false +- name: Ethernet2 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet2 access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet2 - dhcp_client_accept_default_route: true -- name: Ethernet3 peer_type: l3_interface - ip_address: dhcp - shutdown: false switchport: enabled: false +- name: Ethernet3 + shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true access_group_in: TEST-IPV4-ACL-WITH-NO-FIELDS-IN access_group_out: TEST-IPV4-ACL-WITH-NO-FIELDS-OUT - dhcp_client_accept_default_route: true -- name: Ethernet4 peer_type: l3_interface - ip_address: 172.19.19.0/31 - shutdown: false switchport: enabled: false +- name: Ethernet4 + shutdown: false + ip_address: 172.19.19.0/31 access_group_in: TEST-IPV4-ACL-WITH-NO-FIELDS-IN access_group_out: TEST-IPV4-ACL-WITH-NO-FIELDS-OUT -- name: Ethernet5/1 peer_type: l3_interface - ip_address: 172.20.20.0/31 - shutdown: false switchport: enabled: false +- name: Ethernet5/1 + shutdown: false + ip_address: 172.20.20.0/31 access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet5_1 -- name: Ethernet6/6.6 peer_type: l3_interface - ip_address: 172.21.21.0/31 + switchport: + enabled: false +- name: Ethernet6/6.6 shutdown: false - access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet6_6.6 encapsulation_dot1q: vlan: 6 + ip_address: 172.21.21.0/31 + access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet6_6.6 + peer_type: l3_interface - name: Ethernet6/6 + shutdown: false + peer_type: l3_interface switchport: enabled: false - peer_type: l3_interface - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +hostname: ipv4-acls ip_access_lists: - name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1 entries: - - source: any - destination: 172.16.0.2 - sequence: 15 + - sequence: 15 action: deny protocol: ip - - source: 172.16.0.1/30 + source: any destination: 172.16.0.2 - action: permit + - action: permit protocol: ip + source: 172.16.0.1/30 + destination: 172.16.0.2 - name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet2 entries: - - source: any - destination: 172.17.17.17 - sequence: 15 + - sequence: 15 action: deny protocol: ip - - source: 172.17.17.1 + source: any destination: 172.17.17.17 - action: permit + - action: permit protocol: ip + source: 172.17.17.1 + destination: 172.17.17.17 - name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet5_1 entries: - - source: any - destination: 172.20.20.0 - sequence: 15 + - sequence: 15 action: deny protocol: ip - - source: 172.20.20.1/30 + source: any destination: 172.20.20.0 - action: permit + - action: permit protocol: ip + source: 172.20.20.1/30 + destination: 172.20.20.0 - name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet1 entries: - remark: Some remark will not require source and destination fields. - - source: 172.16.0.2 - destination: any - action: permit + - action: permit protocol: ip + source: 172.16.0.2 + destination: any - name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet2 entries: - remark: Some remark will not require source and destination fields. - - source: 172.17.17.17 - destination: any - action: permit + - action: permit protocol: ip + source: 172.17.17.17 + destination: any - name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Ethernet6_6.6 entries: - remark: Some remark will not require source and destination fields. - - source: 172.21.21.0 - destination: any - action: permit + - action: permit protocol: ip + source: 172.21.21.0 + destination: any - name: TEST-IPV4-ACL-WITH-NO-FIELDS-IN entries: - - source: 172.18.18.18 - destination: any - action: permit + - action: permit protocol: ip + source: 172.18.18.18 + destination: any - name: TEST-IPV4-ACL-WITH-NO-FIELDS-OUT entries: - - source: 172.18.18.18 - destination: any - action: permit + - action: permit protocol: ip + source: 172.18.18.18 + destination: any +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.0.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-node-id.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-node-id.yml index 92f664f30b9..9d33c9bf1ef 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-node-id.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-node-id.yml @@ -1,24 +1,53 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: isis-system-id-format-using-node-id +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:c1:00:00:00:11 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.28.4.99/32 + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 199 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 172.28.4.99 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65000' update_source: Loopback0 bfd: true send_community: all maximum_routes: 0 - remote_as: '65000' address_family_evpn: neighbor_default: encapsulation: mpls @@ -30,56 +59,27 @@ router_bgp: peer_groups: - name: MPLS-OVERLAY-PEERS activate: false -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.28.4.99/32 - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 199 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.0000.0001.0099.00 router_id: 172.28.4.99 is_type: level-2 + log_adjacency_changes: true + advertise: + passive_only: false address_family_ipv4: enabled: true maximum_paths: 4 - advertise: - passive_only: false segment_routing_mpls: - router_id: 172.28.4.99 enabled: true -mpls: - ip: true -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:c1:00:00:00:11 + router_id: 172.28.4.99 +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-underlay-loopback.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-underlay-loopback.yml index 91bdc00e58e..4c51104a17e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-underlay-loopback.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/isis-system-id-format-using-underlay-loopback.yml @@ -1,24 +1,53 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: isis-system-id-format-using-underlay-loopback +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:c1:00:00:00:11 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 172.28.4.99/32 + isis_enable: CORE + isis_passive: true + node_segment: + ipv4_index: 199 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mpls: + ip: true +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65000' router_id: 172.28.4.99 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MPLS-OVERLAY-PEERS type: mpls + remote_as: '65000' update_source: Loopback0 bfd: true send_community: all maximum_routes: 0 - remote_as: '65000' address_family_evpn: neighbor_default: encapsulation: mpls @@ -30,56 +59,27 @@ router_bgp: peer_groups: - name: MPLS-OVERLAY-PEERS activate: false -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 172.28.4.99/32 - isis_enable: CORE - isis_passive: true - node_segment: - ipv4_index: 199 router_isis: instance: CORE - log_adjacency_changes: true net: 49.0001.1720.2800.4099.00 router_id: 172.28.4.99 is_type: level-2 + log_adjacency_changes: true + advertise: + passive_only: false address_family_ipv4: enabled: true maximum_paths: 4 - advertise: - passive_only: false segment_routing_mpls: - router_id: 172.28.4.99 enabled: true -mpls: - ip: true -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:c1:00:00:00:11 + router_id: 172.28.4.99 +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_bgp.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_bgp.yml index cd4fb857328..af6161ad45d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_bgp.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_bgp.yml @@ -1,127 +1,19 @@ -hostname: l3_edge_bgp -is_deployed: true -router_bgp: - as: '65000' - router_id: 1.2.3.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.0.3 - remote_as: '65002' - peer: peer2 - description: peer2 - peer_group: IPv4-UNDERLAY-PEERS - - ip_address: 192.168.0.5 - remote_as: '65003' - peer: peer3 - description: peer3 - peer_group: IPv4-UNDERLAY-PEERS - - ip_address: 192.168.0.7 - remote_as: '65004' - peer: peer4 - description: peer4 - peer_group: IPv4-UNDERLAY-PEERS - - ip_address: 192.168.0.9 - remote_as: '65005' - peer: peer5 - description: peer5 - peer_group: IPv4-UNDERLAY-PEERS - - ip_address: 192.168.0.11 - remote_as: '65006' - peer: peer6 - description: peer6 - peer_group: IPv4-UNDERLAY-PEERS -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:14:00:01 - priority1: 20 - priority2: 1 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 1.2.3.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 1.2.3.4/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY ethernet_interfaces: - name: ethernet1 - peer: peer1 - peer_interface: ethernet1 - peer_type: other - switchport: - enabled: false + description: P2P_peer1_ethernet1 shutdown: false + speed: forced 10000full mtu: 2000 - service_profile: TEST-QOS-PROFILE - eos_cli: '! TEST RAW_EOS_CLI - - ' ip_address: 192.168.0.0/31 + mac_security: + profile: TEST-MACSEC-PROFILE ptp: + enable: true announce: interval: 0 timeout: 3 @@ -129,99 +21,207 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - mac_security: - profile: TEST-MACSEC-PROFILE - description: P2P_peer1_ethernet1 - speed: forced 10000full + service_profile: TEST-QOS-PROFILE service_policy: qos: input: TEST_POLICY -- name: ethernet2 - peer: peer2 - peer_interface: ethernet2 + peer: peer1 + peer_interface: ethernet1 peer_type: other switchport: enabled: false + eos_cli: '! TEST RAW_EOS_CLI + + ' +- name: ethernet2 + description: P2P_peer2_ethernet2 shutdown: false mtu: 9214 ip_address: 192.168.0.2/31 ipv6_enable: true - description: P2P_peer2_ethernet2 + peer: peer2 + peer_interface: ethernet2 + peer_type: other + switchport: + enabled: false - name: ethernet3 + description: P2P_peer3_ethernet3 + shutdown: false + mtu: 9214 + ip_address: 192.168.0.4/31 peer: peer3 peer_interface: ethernet3 peer_type: other switchport: enabled: false +- name: ethernet4 + description: Custom description on l3_edge_bgp eth4 shutdown: false mtu: 9214 - ip_address: 192.168.0.4/31 - description: P2P_peer3_ethernet3 -- name: ethernet4 + ip_address: 192.168.0.6/31 peer: peer4 peer_interface: ethernet4 peer_type: other switchport: enabled: false - shutdown: false - mtu: 9214 - ip_address: 192.168.0.6/31 - description: Custom description on l3_edge_bgp eth4 - name: Ethernet5 + description: P2P_peer5_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active peer: peer5 peer_interface: Ethernet5 peer_type: other +- name: Ethernet6 + description: P2P_peer5_Ethernet6 shutdown: false channel_group: id: 5 mode: active - description: P2P_peer5_Ethernet5 -- name: Ethernet6 peer: peer5 peer_interface: Ethernet6 peer_type: other +- name: Ethernet7 + description: P2P_peer6_Ethernet7 shutdown: false channel_group: - id: 5 + id: 7 mode: active - description: P2P_peer5_Ethernet6 -- name: Ethernet7 peer: peer6 peer_interface: Ethernet7 peer_type: other +- name: Ethernet8 + description: P2P_peer6_Ethernet8 shutdown: false channel_group: id: 7 mode: active - description: P2P_peer6_Ethernet7 -- name: Ethernet8 peer: peer6 peer_interface: Ethernet8 peer_type: other +hostname: l3_edge_bgp +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - channel_group: - id: 7 - mode: active - description: P2P_peer6_Ethernet8 + ip_address: 1.2.3.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel5 + description: P2P_peer5_Port-Channel5 + shutdown: false + mtu: 9214 + ip_address: 192.168.0.8/31 peer: peer5 peer_interface: Port-Channel5 peer_type: other switchport: enabled: false +- name: Port-Channel7 + description: P2P_peer6_Port-Channel7 shutdown: false mtu: 9214 - ip_address: 192.168.0.8/31 - description: P2P_peer5_Port-Channel5 -- name: Port-Channel7 + ip_address: 192.168.0.10/31 peer: peer6 peer_interface: Port-Channel7 peer_type: other switchport: enabled: false - shutdown: false - mtu: 9214 - ip_address: 192.168.0.10/31 - description: P2P_peer6_Port-Channel7 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 1.2.3.4/24 eq 32 +ptp: + mode: boundary + clock_identity: 00:1C:73:14:00:01 + priority1: 20 + priority2: 1 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bgp: + as: '65000' + router_id: 1.2.3.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + neighbors: + - ip_address: 192.168.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65002' + peer: peer2 + description: peer2 + - ip_address: 192.168.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65003' + peer: peer3 + description: peer3 + - ip_address: 192.168.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65004' + peer: peer4 + description: peer4 + - ip_address: 192.168.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65005' + peer: peer5 + description: peer5 + - ip_address: 192.168.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65006' + peer: peer6 + description: peer6 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_isis.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_isis.yml index a659f6cfe9f..d0d47360050 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_isis.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_isis.yml @@ -1,73 +1,19 @@ -hostname: l3_edge_isis -is_deployed: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:14:00:01 - priority1: 20 - priority2: 1 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 1.2.3.1/32 - isis_enable: EVPN_UNDERLAY - isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.0010.0200.3001.00 - router_id: 1.2.3.1 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 ethernet_interfaces: - name: ethernet1 - peer: peer1 - peer_interface: ethernet1 - peer_type: other - switchport: - enabled: false + description: P2P_peer1_ethernet1 shutdown: false + speed: forced 10000full mtu: 2000 - service_profile: TEST-QOS-PROFILE ip_address: 192.168.0.0/31 + mac_security: + profile: TEST-MACSEC-PROFILE ptp: + enable: true announce: interval: 0 timeout: 3 @@ -75,17 +21,14 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - mac_security: - profile: TEST-MACSEC-PROFILE - description: P2P_peer1_ethernet1 - speed: forced 10000full -- name: ethernet2 - peer: peer2 - peer_interface: ethernet2 + service_profile: TEST-QOS-PROFILE + peer: peer1 + peer_interface: ethernet1 peer_type: other switchport: enabled: false +- name: ethernet2 + description: P2P_peer2_ethernet2 shutdown: false mtu: 9214 ip_address: 192.168.0.2/31 @@ -93,20 +36,20 @@ ethernet_interfaces: isis_bfd: true isis_metric: 60 isis_network_point_to_point: true - isis_hello_padding: false isis_circuit_type: level-2 + isis_hello_padding: false isis_authentication: both: - mode: md5 - key: $1c$sTNAlR6rKSw= key_type: '7' - description: P2P_peer2_ethernet2 -- name: ethernet3 - peer: peer3 - peer_interface: ethernet3 + key: $1c$sTNAlR6rKSw= + mode: md5 + peer: peer2 + peer_interface: ethernet2 peer_type: other switchport: enabled: false +- name: ethernet3 + description: P2P_peer3_ethernet3 shutdown: false mtu: 9214 ip_address: 192.168.0.4/31 @@ -114,20 +57,20 @@ ethernet_interfaces: isis_bfd: true isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: text - key: $1c$sTNAlR6rKSw= key_type: '7' - description: P2P_peer3_ethernet3 -- name: ethernet4 - peer: peer4 - peer_interface: ethernet4 + key: $1c$sTNAlR6rKSw= + mode: text + peer: peer3 + peer_interface: ethernet3 peer_type: other switchport: enabled: false +- name: ethernet4 + description: P2P_peer4_ethernet4 shutdown: false mtu: 9214 ip_address: 192.168.0.6/31 @@ -135,11 +78,68 @@ ethernet_interfaces: isis_bfd: true isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 + isis_hello_padding: true isis_authentication: both: - mode: text - key: $1c$sTNAlR6rKSw= key_type: '7' - description: P2P_peer4_ethernet4 + key: $1c$sTNAlR6rKSw= + mode: text + peer: peer4 + peer_interface: ethernet4 + peer_type: other + switchport: + enabled: false +hostname: l3_edge_isis +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 1.2.3.1/32 + isis_enable: EVPN_UNDERLAY + isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ptp: + mode: boundary + clock_identity: 00:1C:73:14:00:01 + priority1: 20 + priority2: 1 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.0010.0200.3001.00 + router_id: 1.2.3.1 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_multicast.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_multicast.yml index ee76f68ba48..050b74831c0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_multicast.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_multicast.yml @@ -1,71 +1,71 @@ -hostname: l3_edge_multicast -is_deployed: true -service_routing_protocols_model: multi-agent -ip_routing: true -router_multicast: - ipv4: - routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 1.2.3.1/32 - ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 100 - passive_interface_default: true - router_id: 1.2.3.1 - max_lsa: 12000 - no_passive_interfaces: - - ethernet1 - - ethernet2 - bfd_enable: false ethernet_interfaces: - name: ethernet1 + description: P2P_peer1_ethernet1 + shutdown: false + mtu: 9214 + ip_address: 192.168.0.4/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 peer: peer1 peer_interface: ethernet1 peer_type: other switchport: enabled: false +- name: ethernet2 + description: P2P_peer2_ethernet2 shutdown: false mtu: 9214 - ip_address: 192.168.0.4/31 + ip_address: 192.168.0.2/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 - description: P2P_peer1_ethernet1 -- name: ethernet2 + pim: + ipv4: + sparse_mode: true peer: peer2 peer_interface: ethernet2 peer_type: other switchport: enabled: false +hostname: l3_edge_multicast +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 9214 - ip_address: 192.168.0.2/31 - pim: - ipv4: - sparse_mode: true - ospf_network_point_to_point: true + ip_address: 1.2.3.1/32 ospf_area: 0.0.0.0 - description: P2P_peer2_ethernet2 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +router_multicast: + ipv4: + routing: true +router_ospf: + process_ids: + - id: 100 + passive_interface_default: true + router_id: 1.2.3.1 + bfd_enable: false + no_passive_interfaces: + - ethernet1 + - ethernet2 + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_ospf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_ospf.yml index d7d84e4d162..83c52c55e83 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_ospf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/l3_edge_ospf.yml @@ -1,74 +1,19 @@ -hostname: l3_edge_ospf -is_deployed: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:14:00:01 - priority1: 20 - priority2: 1 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 1.2.3.1/32 - ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 100 - passive_interface_default: true - router_id: 1.2.3.1 - max_lsa: 12000 - no_passive_interfaces: - - ethernet2 - - ethernet3 - - ethernet4 - bfd_enable: false ethernet_interfaces: - name: ethernet1 - peer: peer1 - peer_interface: ethernet1 - peer_type: other - switchport: - enabled: false + description: P2P_peer1_ethernet1 shutdown: false + speed: forced 10000full mtu: 2000 - service_profile: TEST-QOS-PROFILE ip_address: 192.168.0.0/31 + mac_security: + profile: TEST-MACSEC-PROFILE ptp: + enable: true announce: interval: 0 timeout: 3 @@ -76,44 +21,99 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - mac_security: - profile: TEST-MACSEC-PROFILE - description: P2P_peer1_ethernet1 - speed: forced 10000full + service_profile: TEST-QOS-PROFILE + peer: peer1 + peer_interface: ethernet1 + peer_type: other + switchport: + enabled: false - name: ethernet2 + description: P2P_peer2_ethernet2 + shutdown: false + mtu: 9214 + ip_address: 192.168.0.2/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 peer: peer2 peer_interface: ethernet2 peer_type: other switchport: enabled: false +- name: ethernet3 + description: P2P_peer3_ethernet3 shutdown: false mtu: 9214 - ip_address: 192.168.0.2/31 + ip_address: 192.168.0.4/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 - description: P2P_peer2_ethernet2 -- name: ethernet3 peer: peer3 peer_interface: ethernet3 peer_type: other switchport: enabled: false +- name: ethernet4 + description: P2P_peer4_ethernet4 shutdown: false mtu: 9214 - ip_address: 192.168.0.4/31 + ip_address: 192.168.0.6/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 - description: P2P_peer3_ethernet3 -- name: ethernet4 peer: peer4 peer_interface: ethernet4 peer_type: other switchport: enabled: false +hostname: l3_edge_ospf +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 9214 - ip_address: 192.168.0.6/31 - ospf_network_point_to_point: true + ip_address: 1.2.3.1/32 ospf_area: 0.0.0.0 - description: P2P_peer4_ethernet4 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +ptp: + mode: boundary + clock_identity: 00:1C:73:14:00:01 + priority1: 20 + priority2: 1 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +router_ospf: + process_ids: + - id: 100 + passive_interface_default: true + router_id: 1.2.3.1 + bfd_enable: false + no_passive_interfaces: + - ethernet2 + - ethernet3 + - ethernet4 + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml index 09f4d52229e..13f1802dde1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml @@ -1,10 +1,6 @@ -hostname: mgmt_interface_default -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,19 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +hostname: mgmt_interface_default +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,6 +30,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +is_deployed: true local_users: - name: admin disabled: true @@ -49,35 +45,43 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 1.1.1.2 - gateway: 1.1.1.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 1.1.1.1 ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS mgmt_interface_default +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -184,10 +188,6 @@ vlans: - id: 453 name: Tenant_D_WAN_Zone_1 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_description.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_description.yml index a9194e01b12..e16e6c3955b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_description.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_description.yml @@ -1,35 +1,35 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: mgmt_interface_description +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: Custom Management Interface Description + shutdown: false + vrf: MGMT + ip_address: 1.1.1.2/24 + type: oob + gateway: 1.1.1.254 +service_routing_protocols_model: multi-agent static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.254 -service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: Custom Management Interface Description - shutdown: false - vrf: MGMT - ip_address: 1.1.1.2/24 - gateway: 1.1.1.254 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_dualstack.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_dualstack.yml index baf6c4269a9..934c67db763 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_dualstack.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_dualstack.yml @@ -1,12 +1,11 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: mgmt_interface_dualstack -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 10.0.10.0/24 - gateway: 192.168.200.5 -- vrf: MGMT - destination_address_prefix: 172.16.254.0/23 - gateway: 192.168.200.5 +ip_igmp_snooping: + globally_enabled: true ipv6_static_routes: - vrf: MGMT destination_address_prefix: 0200:1::/64 @@ -14,36 +13,37 @@ ipv6_static_routes: - vrf: MGMT destination_address_prefix: 0200:2::/64 gateway: 0200::1 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105 + ipv6_enable: true + ipv6_address: 0200::105/64 + type: oob + gateway: 192.168.200.5 + ipv6_gateway: 0200::1 service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 10.0.10.0/24 + gateway: 192.168.200.5 +- vrf: MGMT + destination_address_prefix: 172.16.254.0/23 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false ipv6_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105 - gateway: 192.168.200.5 - type: oob - ipv6_enable: true - ipv6_address: 0200::105/64 - ipv6_gateway: 0200::1 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml index d2e21d3fafb..3463e77ccda 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml @@ -1,10 +1,6 @@ -hostname: mgmt_interface_fabric -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,19 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +hostname: mgmt_interface_fabric +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,6 +30,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +is_deployed: true local_users: - name: admin disabled: true @@ -49,35 +45,43 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: MY_INTERFACE_FABRIC description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 1.1.1.2 - gateway: 1.1.1.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 1.1.1.1 ntp: local_interface: name: MY_INTERFACE_FABRIC vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS mgmt_interface_fabric +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -184,10 +188,6 @@ vlans: - id: 453 name: Tenant_D_WAN_Zone_1 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml index a4a09e32707..2e82aa3cf94 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml @@ -1,10 +1,6 @@ -hostname: mgmt_interface_host -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,19 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +hostname: mgmt_interface_host +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,6 +30,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +is_deployed: true local_users: - name: admin disabled: true @@ -49,41 +45,51 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: MY_INTERFACE_HOST description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 1.1.1.2 - gateway: 1.1.1.1 type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 1.1.1.1 +metadata: + platform: 7500R2 ntp: local_interface: name: MY_INTERFACE_HOST vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +platform: + sand: + lag: + hardware_only: true +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS mgmt_interface_host +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -190,12 +196,6 @@ vlans: - id: 453 name: Tenant_D_WAN_Zone_1 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -metadata: - platform: 7500R2 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_ipv6.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_ipv6.yml index eb955a02dd0..f56a54f39ae 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_ipv6.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_ipv6.yml @@ -1,37 +1,37 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: mgmt_interface_ipv6 -is_deployed: true +ip_igmp_snooping: + globally_enabled: true ipv6_static_routes: - vrf: MGMT destination_address_prefix: ::/0 gateway: 0200::2 +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ipv6_enable: true + ipv6_address: 0200::105/64 + type: oob + ipv6_gateway: 0200::2 service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false ipv6_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - type: oob - ipv6_enable: true - ipv6_address: 0200::105/64 - ipv6_gateway: 0200::2 -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml index 3f11638d990..92e99d708a4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml @@ -1,10 +1,6 @@ -hostname: mgmt_interface_platform -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,20 +8,19 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +hostname: mgmt_interface_platform +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 122 + enabled: false + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT @@ -35,6 +30,7 @@ ip_name_servers: vrf: MGMT - ip_address: 2001:db8::2 vrf: MGMT +is_deployed: true local_users: - name: admin disabled: true @@ -49,41 +45,51 @@ local_users: cvpadmin@hostmachine.local secondary_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAA82spi2mkxp4FgaLi4CjWkpnL1A/MD7WhrSNgqXToF7QCb9Lidagy9IHafQxfu7LwkFdyQIMu8XNwDZIycuf29wHbDdz1N+YNVK8zwyNAbMOeKMqblsEm2YIorgjzQX1m9+/rJeFBKz77PSgeMp/Rc3txFVuSmFmeTy3aMkz= cvpadmin@hostmachine.local -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + default_services: false + enable_vrfs: + - name: MGMT management_interfaces: - name: Management0 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 1.1.1.2 - gateway: 1.1.1.1 type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - default_services: false + gateway: 1.1.1.1 +metadata: + platform: 7500R2 ntp: local_interface: name: Management0 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT - name: 2001:db8::3 vrf: MGMT +platform: + sand: + lag: + hardware_only: true +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: EOS_DESIGNS_UNIT_TESTS mgmt_interface_platform +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -190,12 +196,6 @@ vlans: - id: 453 name: Tenant_D_WAN_Zone_1 tenant: Tenant_D -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 122 - enabled: false - - id: 120 - enabled: false -metadata: - platform: 7500R2 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests-2.yml index 7459a80d68f..4afebfbec41 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests-2.yml @@ -1,728 +1,641 @@ -hostname: network-ports-tests-2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 100 - name: VLAN100_ON_L2LEAF_1_AND_2 - tenant: TEST -- id: 300 - name: VLAN300_PHONE_ON_L2LEAF1_AND_2 - tenant: TEST -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.1/31 -port_channel_interfaces: -- name: Port-Channel101 - description: MLAG_network-ports-tests.1_Port-Channel101 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: AP1 with port_channel - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 101 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - mlag: 1 -- name: Port-Channel2 - description: AP1 with port_channel - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 101 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - mlag: 2 -- name: Port-Channel42 - description: Checking port-channels - shutdown: false - switchport: - enabled: true - mlag: 42 -- name: Port-Channel44 - shutdown: false - switchport: - enabled: true - mlag: 44 -- name: Port-Channel43 - shutdown: false - switchport: - enabled: true - mlag: 43 ethernet_interfaces: - name: Ethernet10/1 - peer: network-ports-tests.1 - peer_interface: Ethernet10/1 - peer_type: mlag_peer description: MLAG_network-ports-tests.1_Ethernet10/1 shutdown: false channel_group: id: 101 mode: active + peer: network-ports-tests.1 + peer_interface: Ethernet10/1 + peer_type: mlag_peer - name: Ethernet1 - peer: AP1 with port_channel - peer_type: network_port - port_profile: ap_with_port_channel description: AP1 with port_channel_Po1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 peer: AP1 with port_channel peer_type: network_port port_profile: ap_with_port_channel +- name: Ethernet2 description: AP1 with port_channel_Po2 shutdown: false channel_group: id: 2 mode: active + peer: AP1 with port_channel + peer_type: network_port + port_profile: ap_with_port_channel - name: Ethernet3 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet4 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/1 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/2 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/3 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/4 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/5 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/6 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/7 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/8 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/9 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/10 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/11 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/12 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/13 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/14 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/15 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/16 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/17 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/18 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/19 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/20 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/21 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/22 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/23 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/24 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/25 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/26 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/27 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/28 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/29 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/30 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/31 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge +- name: Ethernet2/32 + description: PCs + shutdown: false spanning_tree_bpdufilter: enabled -- name: Ethernet2/32 + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/33 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/34 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/35 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/36 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/37 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/38 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/39 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/40 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/41 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/42 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/43 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/44 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/45 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/46 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/47 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/48 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet11 - peer_type: network_port - port_profile: phone_with_pc description: Phones with attached PCs shutdown: false + peer_type: network_port + port_profile: phone_with_pc switchport: enabled: true mode: trunk phone @@ -732,10 +645,10 @@ ethernet_interfaces: vlan: 300 trunk: untagged - name: Ethernet12 - peer_type: network_port - port_profile: phone_with_pc description: Phones with attached PCs shutdown: false + peer_type: network_port + port_profile: phone_with_pc switchport: enabled: true mode: trunk phone @@ -745,75 +658,83 @@ ethernet_interfaces: vlan: 300 trunk: untagged - name: Ethernet7 - peer: Checking port-channels - peer_type: network_port description: Checking port-channels shutdown: false channel_group: id: 42 mode: active -- name: Ethernet8 peer: Checking port-channels peer_type: network_port +- name: Ethernet8 description: Checking port-channels shutdown: false channel_group: id: 42 mode: active -- name: Ethernet9 peer: Checking port-channels peer_type: network_port +- name: Ethernet9 description: Checking port-channels shutdown: false channel_group: id: 42 mode: active -- name: Ethernet10 peer: Checking port-channels peer_type: network_port +- name: Ethernet10 description: Checking port-channels shutdown: false channel_group: id: 42 mode: active -- name: Ethernet14 + peer: Checking port-channels peer_type: network_port +- name: Ethernet14 description: Checking monitor sessions on single interface shutdown: false + peer_type: network_port switchport: enabled: true - name: Ethernet15 - peer_type: network_port description: Checking monitor sessions on port-channels shutdown: false channel_group: id: 44 mode: active -- name: Ethernet16 peer_type: network_port +- name: Ethernet16 description: Checking monitor sessions on port-channels shutdown: false channel_group: id: 44 mode: active -- name: Ethernet17 peer_type: network_port +- name: Ethernet17 description: Monitor sessions destination shutdown: false + peer_type: network_port switchport: enabled: true - name: Ethernet51 - peer_type: network_port shutdown: false channel_group: id: 43 mode: active -- name: Ethernet52 peer_type: network_port +- name: Ethernet52 shutdown: false channel_group: id: 43 mode: active + peer_type: network_port +hostname: network-ports-tests-2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: mlag local_interface: Vlan4094 @@ -821,8 +742,6 @@ mlag_configuration: peer_link: Port-Channel101 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true monitor_sessions: - name: DMF sources: @@ -833,3 +752,84 @@ monitor_sessions: destinations: - Ethernet17 encapsulation_gre_metadata_tx: true +port_channel_interfaces: +- name: Port-Channel101 + description: MLAG_network-ports-tests.1_Port-Channel101 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: AP1 with port_channel + shutdown: false + mlag: 1 + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge + switchport: + enabled: true + mode: access + access_vlan: 101 +- name: Port-Channel2 + description: AP1 with port_channel + shutdown: false + mlag: 2 + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge + switchport: + enabled: true + mode: access + access_vlan: 101 +- name: Port-Channel42 + description: Checking port-channels + shutdown: false + mlag: 42 + switchport: + enabled: true +- name: Port-Channel44 + shutdown: false + mlag: 44 + switchport: + enabled: true +- name: Port-Channel43 + shutdown: false + mlag: 43 + switchport: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.1/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 100 + name: VLAN100_ON_L2LEAF_1_AND_2 + tenant: TEST +- id: 300 + name: VLAN300_PHONE_ON_L2LEAF1_AND_2 + tenant: TEST +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests.1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests.1.yml index 4629462b53f..4bb640bbc8f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests.1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/network-ports-tests.1.yml @@ -1,756 +1,710 @@ -hostname: network-ports-tests.1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 100 - name: VLAN100_ON_L2LEAF_1_AND_2 - tenant: TEST -- id: 200 - name: VLAN200_ON_L2LEAF_1_ONLY - tenant: TEST -- id: 300 - name: VLAN300_PHONE_ON_L2LEAF1_AND_2 - tenant: TEST -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.252.0/31 -port_channel_interfaces: -- name: Port-Channel101 - description: MLAG_network-ports-tests-2_Port-Channel101 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet10/1 - peer: network-ports-tests-2 - peer_interface: Ethernet10/1 - peer_type: mlag_peer description: MLAG_network-ports-tests-2_Ethernet10/1 shutdown: false channel_group: id: 101 mode: active + peer: network-ports-tests-2 + peer_interface: Ethernet10/1 + peer_type: mlag_peer - name: Ethernet1 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet3 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet4 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/1 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/2 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/3 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/4 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/5 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/6 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/7 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/8 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/9 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/10 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/11 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/12 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/13 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/14 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/15 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/16 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/17 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/18 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/19 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/20 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/21 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/22 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/23 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/24 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/25 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/26 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/27 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/28 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/29 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/30 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/31 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/32 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/33 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/34 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/35 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/36 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/37 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/38 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/39 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/40 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/41 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/42 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/43 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/44 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/45 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/46 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/47 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet2/48 + description: PCs + shutdown: false + spanning_tree_bpdufilter: enabled + spanning_tree_portfast: edge peer: PCs peer_type: network_port port_profile: pc - description: PCs - shutdown: false switchport: enabled: true mode: access access_vlan: 100 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: enabled - name: Ethernet5 - peer: blah - peer_type: network_port description: 'N: blah' shutdown: false + peer: blah + peer_type: network_port switchport: enabled: true - name: Ethernet6 - peer: blah - peer_type: network_port description: 'N: blah' shutdown: false + peer: blah + peer_type: network_port switchport: enabled: true - name: Ethernet11 - peer_type: network_port description: Base config which may be overwritten shutdown: false + peer_type: network_port switchport: enabled: true - name: Ethernet12 - peer_type: network_port description: Config overwriting base config shutdown: false + peer_type: network_port switchport: enabled: true - name: Ethernet13 - peer_type: network_port description: Base config which may be overwritten shutdown: false + peer_type: network_port switchport: enabled: true - name: Ethernet14 + description: SERVER_CONNECTED_ENDPOINT_OVERWRITING_NETWORK_PORT_Eth42 + shutdown: false peer: CONNECTED_ENDPOINT_OVERWRITING_NETWORK_PORT peer_interface: Eth42 peer_type: server - description: SERVER_CONNECTED_ENDPOINT_OVERWRITING_NETWORK_PORT_Eth42 - shutdown: false switchport: enabled: true - name: Ethernet51 - peer_type: network_port shutdown: true + peer_type: network_port switchport: enabled: true - name: Ethernet52 - peer_type: network_port shutdown: true + peer_type: network_port switchport: enabled: true - name: Ethernet53 - peer_type: network_port shutdown: true + peer_type: network_port switchport: enabled: true - name: Ethernet54 - peer_type: network_port shutdown: true + peer_type: network_port switchport: enabled: true +hostname: network-ports-tests.1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT mlag_configuration: domain_id: mlag local_interface: Vlan4094 @@ -758,5 +712,51 @@ mlag_configuration: peer_link: Port-Channel101 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true +port_channel_interfaces: +- name: Port-Channel101 + description: MLAG_network-ports-tests-2_Port-Channel101 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.0/31 + mtu: 9214 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 100 + name: VLAN100_ON_L2LEAF_1_AND_2 + tenant: TEST +- id: 200 + name: VLAN200_ON_L2LEAF_1_ONLY + tenant: TEST +- id: 300 + name: VLAN300_PHONE_ON_L2LEAF1_AND_2 + tenant: TEST +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_gateway.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_gateway.yml index 108036eb68c..afca6b9f4da 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_gateway.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_gateway.yml @@ -1,20 +1,16 @@ -hostname: no_mgmt_gateway -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: no_mgmt_gateway +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT @@ -22,9 +18,13 @@ management_interfaces: vrf: MGMT ip_address: 192.168.200.106 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_interface.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_interface.yml index 794764df09a..4f71f81ae11 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_interface.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/no_mgmt_interface.yml @@ -1,23 +1,23 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: no_mgmt_interface +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces-bgp.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces-bgp.yml index 1c89f4d3756..3ae4da4cf48 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces-bgp.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces-bgp.yml @@ -1,79 +1,79 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet43 + description: INTERNET + shutdown: true + ip_address: 192.168.42.42/24 + peer_type: l3_interface + switchport: + enabled: false hostname: node-type-l3-interfaces-bgp +ip_igmp_snooping: + globally_enabled: true +ip_routing: true is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: ALLOW-DEFAULT + sequence_numbers: + - sequence: 10 + action: permit 0.0.0.0/0 +route_maps: +- name: RM-BGP-192.168.42.1-IN + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list ALLOW-DEFAULT + set: + - community no-advertise additive +- name: RM-BGP-192.168.42.1-OUT + sequence_numbers: + - sequence: 10 + type: deny router_bgp: as: '65000' router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true updates: wait_install: true + bgp: + default: + ipv4_unicast: false neighbors: - ip_address: 192.168.42.1 remote_as: '65042' description: INTERNET route_map_in: RM-BGP-192.168.42.1-IN route_map_out: RM-BGP-192.168.42.1-OUT + redistribute: + connected: + enabled: true address_family_ipv4: neighbors: - ip_address: 192.168.42.1 activate: true service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -prefix_lists: -- name: ALLOW-DEFAULT - sequence_numbers: - - sequence: 10 - action: permit 0.0.0.0/0 -route_maps: -- name: RM-BGP-192.168.42.1-IN - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list ALLOW-DEFAULT - set: - - community no-advertise additive -- name: RM-BGP-192.168.42.1-OUT - sequence_numbers: - - sequence: 10 - type: deny -ethernet_interfaces: -- name: Ethernet43 - peer_type: l3_interface - ip_address: 192.168.42.42/24 - shutdown: true - switchport: - enabled: false - description: INTERNET -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -ip_igmp_snooping: - globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces.yml index 1ff3522a12c..e0480b61434 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-interfaces.yml @@ -1,106 +1,70 @@ -hostname: node-type-l3-interfaces -is_deployed: true -router_bgp: - as: '65000' - router_id: 1.2.3.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer_type: l3_interface - peer: peer1 - peer_interface: eth1 - ip_address: 192.168.1.2/31 - shutdown: false - switchport: - enabled: false description: peer1_eth1 + shutdown: false speed: forced 10000full + ip_address: 192.168.1.2/31 service_profile: TEST-QOS-PROFILE - eos_cli: '! TEST RAW_EOS_CLI - - ' - sflow: - enable: true service_policy: qos: input: TEST_POLICY -- name: Ethernet2/2 + peer: peer1 + peer_interface: eth1 peer_type: l3_interface - peer: peer2 - ip_address: dhcp - shutdown: false + sflow: + enable: true switchport: enabled: false + eos_cli: '! TEST RAW_EOS_CLI + + ' +- name: Ethernet2/2 description: peer2 - sflow: - enable: true + shutdown: false + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet42 + peer: peer2 peer_type: l3_interface - peer: peer3 - ip_address: dhcp - shutdown: true + sflow: + enable: true switchport: enabled: false +- name: Ethernet42 description: This is a custom description - sflow: - enable: true + shutdown: true + ip_address: dhcp dhcp_client_accept_default_route: true -- name: Ethernet43 + peer: peer3 peer_type: l3_interface - ip_address: 192.168.42.42/24 - shutdown: true + sflow: + enable: true switchport: enabled: false +- name: Ethernet43 + shutdown: true + ip_address: 192.168.42.42/24 + peer_type: l3_interface sflow: enable: true + switchport: + enabled: false +hostname: node-type-l3-interfaces +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 1.2.3.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -113,13 +77,49 @@ route_maps: type: permit match: - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.1.3 +router_bgp: + as: '65000' + router_id: 1.2.3.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent sflow: - run: true vrfs: - name: sflow_vrf destinations: - destination: 10.10.10.12 port: 1234 + run: true +spanning_tree: + mode: none +static_routes: +- destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.1.3 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-1.yml index 6d07291defe..076c8391aac 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-1.yml @@ -1,20 +1,16 @@ -hostname: ntp-settings-1 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: ntp-settings-1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT @@ -22,23 +18,11 @@ management_interfaces: vrf: MGMT ip_address: 192.168.0.2/24 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ntp: - authenticate: true - authenticate_servers_only: true - authentication_keys: - - id: 1 - hash_algorithm: sha1 - key: someobfuscatedkey - key_type: '7' - trusted_keys: '1' servers: - name: 10.10.10.1 - vrf: default preferred: true + vrf: default - name: 10.10.10.2 burst: true iburst: true @@ -47,5 +31,21 @@ ntp: minpoll: 3 version: 4 vrf: default -ip_igmp_snooping: - globally_enabled: true + authenticate: true + authenticate_servers_only: true + authentication_keys: + - id: 1 + hash_algorithm: sha1 + key: someobfuscatedkey + key_type: '7' + trusted_keys: '1' +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-2.yml index aced2788d50..c05e3a1cd0c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ntp-settings-2.yml @@ -1,46 +1,46 @@ -hostname: ntp-settings-2 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: INBAND_MGMT +hostname: ntp-settings-2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true ntp: local_interface: name: Vlan4092 vrf: INBAND_MGMT servers: - name: 10.10.10.1 - vrf: INBAND_MGMT preferred: true + vrf: INBAND_MGMT - name: 10.10.10.2 vrf: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4092 description: Inband Management shutdown: false - mtu: 1500 vrf: INBAND_MGMT ip_address: 192.168.1.2/24 + mtu: 1500 type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: INBAND_MGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/only-connected-endpoints.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/only-connected-endpoints.yml index 9cbdee25b34..7e45bad93b8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/only-connected-endpoints.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/only-connected-endpoints.yml @@ -1,21 +1,13 @@ -hostname: only-connected-endpoints -is_deployed: null -service_routing_protocols_model: null -vlan_internal_order: null aaa_root: null config_end: null enable_password: null -transceiver_qsfp_default_mode_4x10: null -spanning_tree: null -vrfs: null -management_api_http: null ethernet_interfaces: - name: Ethernet20 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -23,11 +15,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet21 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -35,11 +27,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet22 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -47,11 +39,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet23 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -59,11 +51,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet24 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -71,11 +63,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet25 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -83,11 +75,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet26 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -95,11 +87,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet27 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -107,11 +99,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet28 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -119,11 +111,11 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet29 + description: Network Port + shutdown: false peer: Network Port peer_type: network_port port_profile: MY_PROFILE - description: Network Port - shutdown: false switchport: enabled: true mode: trunk @@ -131,12 +123,12 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet12 + description: SERVER_TEST_SERVER_01_Nic1 + shutdown: false peer: TEST_SERVER_01 peer_interface: Nic1 peer_type: server port_profile: MY_PROFILE - description: SERVER_TEST_SERVER_01_Nic1 - shutdown: false switchport: enabled: true mode: trunk @@ -144,25 +136,28 @@ ethernet_interfaces: allowed_vlan: 1-100 native_vlan: 1000 - name: Ethernet1 - peer: TEST_SERVER_01 - peer_interface: Nic1 - peer_type: server - port_profile: MY_PROFILE description: SERVER_TEST_SERVER_01_Nic1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 peer: TEST_SERVER_01 - peer_interface: Nic2 + peer_interface: Nic1 peer_type: server port_profile: MY_PROFILE +- name: Ethernet2 description: SERVER_TEST_SERVER_01_Nic2 shutdown: false channel_group: id: 1 mode: active + peer: TEST_SERVER_01 + peer_interface: Nic2 + peer_type: server + port_profile: MY_PROFILE +hostname: only-connected-endpoints +is_deployed: null +management_api_http: null port_channel_interfaces: - name: Port-Channel1 description: SERVER_TEST_SERVER_01 @@ -173,3 +168,8 @@ port_channel_interfaces: trunk: allowed_vlan: 1-100 native_vlan: 1000 +service_routing_protocols_model: null +spanning_tree: null +transceiver_qsfp_default_mode_4x10: null +vlan_internal_order: null +vrfs: null diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-d.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-d.yml index 0b31eca9749..2b4671bbfff 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-d.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-d.yml @@ -1,48 +1,48 @@ -hostname: override_uplink_type-d -is_deployed: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: override_uplink_type-u - peer_interface: Ethernet1 - peer_type: spine description: L2_override_uplink_type-u_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: override_uplink_type-u + peer_interface: Ethernet1 + peer_type: spine +hostname: override_uplink_type-d +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_override_uplink_type-u_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: none - shutdown: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.2/32 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-u.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-u.yml index 76e5d359763..d1367da745f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-u.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/override_uplink_type-u.yml @@ -1,90 +1,40 @@ -hostname: override_uplink_type-u -is_deployed: true -router_bgp: - as: '65002' - router_id: 192.168.42.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: override_uplink_type-d - peer_interface: Ethernet1 - peer_type: spine description: L2_override_uplink_type-d_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: override_uplink_type-d + peer_interface: Ethernet1 + peer_type: spine +hostname: override_uplink_type-u +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.42.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_override_uplink_type-d_Port-Channel1 + shutdown: false + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: none - shutdown: false - spanning_tree_portfast: edge -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.42.1/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -102,3 +52,53 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65002' + router_id: 192.168.42.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/platform_settings.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/platform_settings.yml index 9b37388aee3..7325635f8bd 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/platform_settings.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/platform_settings.yml @@ -1,34 +1,34 @@ -hostname: platform_settings -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +ethernet_interfaces: +- name: Ethernet12 + description: Interface Created from platform_settings.structured_config + switchport: + enabled: true +hostname: platform_settings +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_security: entropy_sources: hardware: true haveged: true cpu_jitter: true hardware_exclusive: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true -ethernet_interfaces: -- name: Ethernet12 - description: Interface Created from platform_settings.structured_config - switchport: - enabled: true +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf1-ptp-disabled.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf1-ptp-disabled.yml index 967a772f46f..5e0584a5347 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf1-ptp-disabled.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf1-ptp-disabled.yml @@ -1,66 +1,66 @@ -hostname: ptp-tests-l2leaf1-ptp-disabled -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: ptp-tests-leaf1 - peer_interface: Ethernet11 - peer_type: l3leaf description: L2_ptp-tests-leaf1_Ethernet11 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: ptp-tests-leaf2 + peer: ptp-tests-leaf1 peer_interface: Ethernet11 peer_type: l3leaf +- name: Ethernet2 description: L2_ptp-tests-leaf2_Ethernet11 shutdown: false channel_group: id: 1 mode: active + peer: ptp-tests-leaf2 + peer_interface: Ethernet11 + peer_type: l3leaf +hostname: ptp-tests-l2leaf1-ptp-disabled +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_ptp-test-leaf_Port-Channel11 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '11' - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VLAN11 tenant: PTP -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled-uplink-disabled.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled-uplink-disabled.yml index 4e638f5bf31..7157fc9dd98 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled-uplink-disabled.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled-uplink-disabled.yml @@ -1,84 +1,84 @@ -hostname: ptp-tests-l2leaf2-ptp-enabled-uplink-disabled -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:7f:00:03 - priority1: 127 - priority2: 3 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 ethernet_interfaces: - name: Ethernet1 - peer: ptp-tests-leaf1 - peer_interface: Ethernet14 - peer_type: l3leaf description: L2_ptp-tests-leaf1_Ethernet14 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: ptp-tests-leaf2 + peer: ptp-tests-leaf1 peer_interface: Ethernet14 peer_type: l3leaf +- name: Ethernet2 description: L2_ptp-tests-leaf2_Ethernet14 shutdown: false channel_group: id: 1 mode: active + peer: ptp-tests-leaf2 + peer_interface: Ethernet14 + peer_type: l3leaf +hostname: ptp-tests-l2leaf2-ptp-enabled-uplink-disabled +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_ptp-test-leaf_Port-Channel14 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '11' - shutdown: false +ptp: + mode: boundary + clock_identity: 00:1C:73:7f:00:03 + priority1: 127 + priority2: 3 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VLAN11 tenant: PTP -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled.yml index 048aefa067c..beda94271c9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-l2leaf2-ptp-enabled.yml @@ -1,80 +1,43 @@ -hostname: ptp-tests-l2leaf2-ptp-enabled -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - clock_identity: 00:1C:73:7f:00:02 - priority1: 127 - priority2: 2 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 ethernet_interfaces: - name: Ethernet1 - peer: ptp-tests-leaf1 - peer_interface: Ethernet12 - peer_type: l3leaf description: L2_ptp-tests-leaf1_Ethernet12 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: ptp-tests-leaf2 + peer: ptp-tests-leaf1 peer_interface: Ethernet12 peer_type: l3leaf +- name: Ethernet2 description: L2_ptp-tests-leaf2_Ethernet12 shutdown: false channel_group: id: 1 mode: active + peer: ptp-tests-leaf2 + peer_interface: Ethernet12 + peer_type: l3leaf +hostname: ptp-tests-l2leaf2-ptp-enabled +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_ptp-test-leaf_Port-Channel12 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' shutdown: false ptp: + enable: true announce: interval: 0 timeout: 3 @@ -82,12 +45,49 @@ port_channel_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '11' +ptp: + mode: boundary + clock_identity: 00:1C:73:7f:00:02 + priority1: 127 + priority2: 2 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VLAN11 tenant: PTP -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf1.yml index 76a1308679e..be7ba1a1b78 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf1.yml @@ -1,308 +1,34 @@ -hostname: ptp-tests-leaf1 -is_deployed: true -router_bgp: - as: '65101' - router_id: 10.254.1.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: ptp-tests-leaf2 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: ptp-tests-leaf2 - description: ptp-tests-leaf2_Vlan4093 - - ip_address: 10.254.2.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: ptp-tests-spine1 - description: ptp-tests-spine1_Ethernet1 - - ip_address: 10.254.2.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: ptp-tests-spine1 - description: ptp-tests-spine1_Ethernet2 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: ptp-tests-spine1 - description: ptp-tests-spine1_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.1 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.254.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: ptp-tests-leaf2_Vlan3000 - vlans: - - id: 11 - tenant: PTP - rd: 10.254.1.1:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: PTP - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.101/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - mode_one_step: true - clock_identity: '11:11:11:11:11:11' - priority1: 30 - priority2: 1 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VLAN11 - tenant: PTP -- id: 3000 - name: MLAG_L3_VRF_VRF1 - trunk_groups: - - MLAG - tenant: PTP -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.254.1.96/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.254.1.64/31 -- name: Vlan11 - tenant: PTP - description: VLAN11 - shutdown: false - ip_address: 172.16.11.1/24 - vrf: VRF1 -- name: Vlan3000 - tenant: PTP - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF1 - vrf: VRF1 - mtu: 9214 - ip_address: 10.254.1.96/31 -port_channel_interfaces: -- name: Port-Channel9 - description: MLAG_ptp-tests-leaf2_Port-Channel9 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true -- name: Port-Channel11 - description: L2_ptp-tests-l2leaf1-ptp-disabled_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' - shutdown: false - mlag: 11 -- name: Port-Channel12 - description: L2_ptp-tests-l2leaf2-ptp-enabled_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' - shutdown: false - mlag: 12 - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true -- name: Port-Channel14 - description: L2_ptp-tests-l2leaf2-ptp-enabled-uplink-disabled_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' - shutdown: false - mlag: 14 -- name: Port-Channel6 - description: SERVER_Endpoint-with-mpass - shutdown: false - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true - role: master - mpass: true - switchport: - enabled: true - mode: access - access_vlan: 11 - mlag: 6 ethernet_interfaces: - name: Ethernet9 - peer: ptp-tests-leaf2 - peer_interface: Ethernet9 - peer_type: mlag_peer description: MLAG_ptp-tests-leaf2_Ethernet9 shutdown: false channel_group: id: 9 mode: active -- name: Ethernet10 peer: ptp-tests-leaf2 - peer_interface: Ethernet10 + peer_interface: Ethernet9 peer_type: mlag_peer +- name: Ethernet10 description: MLAG_ptp-tests-leaf2_Ethernet10 shutdown: false channel_group: id: 9 mode: active + peer: ptp-tests-leaf2 + peer_interface: Ethernet10 + peer_type: mlag_peer - name: Ethernet1 - peer: ptp-tests-spine1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_ptp-tests-spine1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.1/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -310,18 +36,18 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.1/31 -- name: Ethernet2 peer: ptp-tests-spine1 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_ptp-tests-spine1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.3/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -329,47 +55,43 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.3/31 + peer: ptp-tests-spine1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false - name: Ethernet11 - peer: ptp-tests-l2leaf1-ptp-disabled - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_ptp-tests-l2leaf1-ptp-disabled_Ethernet1 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet12 - peer: ptp-tests-l2leaf2-ptp-enabled + peer: ptp-tests-l2leaf1-ptp-disabled peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet12 description: L2_ptp-tests-l2leaf2-ptp-enabled_Ethernet1 shutdown: false channel_group: id: 12 mode: active -- name: Ethernet14 - peer: ptp-tests-l2leaf2-ptp-enabled-uplink-disabled + peer: ptp-tests-l2leaf2-ptp-enabled peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet14 description: L2_ptp-tests-l2leaf2-ptp-enabled-uplink-disabled_Ethernet1 shutdown: false channel_group: id: 14 mode: active + peer: ptp-tests-l2leaf2-ptp-enabled-uplink-disabled + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet13 - peer: dynamic-endpoint - peer_interface: eth1 - peer_type: server - port_profile: PTP-profile-dynamic description: SERVER_dynamic-endpoint_eth1 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 11 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -377,72 +99,211 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true -- name: Ethernet5 - peer: video-endpoint - peer_interface: PCI1 + peer: dynamic-endpoint + peer_interface: eth1 peer_type: server - description: SERVER_video-endpoint_PCI1 - shutdown: false + port_profile: PTP-profile-dynamic switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +- name: Ethernet5 + description: SERVER_video-endpoint_PCI1 + shutdown: false ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 - enable: true role: master -- name: Ethernet6 - peer: Endpoint-with-mpass + transport: ipv4 + spanning_tree_portfast: edge + peer: video-endpoint peer_interface: PCI1 peer_type: server + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Ethernet6 description: SERVER_Endpoint-with-mpass_PCI1 shutdown: false channel_group: id: 6 mode: active + peer: Endpoint-with-mpass + peer_interface: PCI1 + peer_type: server - name: Ethernet3 + description: SERVER_Endpoint-with-specific-PTP-profile_eth3 + shutdown: false + ptp: + enable: true + announce: + interval: -2 + timeout: 3 + delay_req: -4 + sync_message: + interval: -4 + role: master + transport: ipv4 peer: Endpoint-with-specific-PTP-profile peer_interface: eth3 peer_type: server - description: SERVER_Endpoint-with-specific-PTP-profile_eth3 + switchport: + enabled: true + mode: access + access_vlan: 11 +hostname: ptp-tests-leaf1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.101/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: ptp-test-leaf + local_interface: Vlan4094 + peer_address: 10.254.1.65 + peer_link: Port-Channel9 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel9 + description: MLAG_ptp-tests-leaf2_Port-Channel9 + shutdown: false + ptp: + enable: true + announce: + interval: 0 + timeout: 3 + delay_req: -3 + sync_message: + interval: -3 + transport: ipv4 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel11 + description: L2_ptp-tests-l2leaf1-ptp-disabled_Port-Channel1 + shutdown: false + mlag: 11 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '11' +- name: Port-Channel12 + description: L2_ptp-tests-l2leaf2-ptp-enabled_Port-Channel1 + shutdown: false + mlag: 12 + ptp: + enable: true + announce: + interval: 0 + timeout: 3 + delay_req: -3 + sync_message: + interval: -3 + transport: ipv4 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '11' +- name: Port-Channel14 + description: L2_ptp-tests-l2leaf2-ptp-enabled-uplink-disabled_Port-Channel1 shutdown: false + mlag: 14 switchport: enabled: true - mode: access - access_vlan: 11 + mode: trunk + trunk: + allowed_vlan: '11' +- name: Port-Channel6 + description: SERVER_Endpoint-with-mpass + shutdown: false + mlag: 6 ptp: + enable: true announce: - interval: -2 + interval: 0 timeout: 3 - delay_req: -4 + delay_req: -3 sync_message: - interval: -4 - transport: ipv4 - enable: true + interval: -3 role: master -mlag_configuration: - domain_id: ptp-test-leaf - local_interface: Vlan4094 - peer_address: 10.254.1.65 - peer_link: Port-Channel9 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + transport: ipv4 + mpass: true + switchport: + enabled: true + mode: access + access_vlan: 11 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.96/31 +ptp: + mode: boundary + mode_one_step: true + clock_identity: '11:11:11:11:11:11' + priority1: 30 + priority2: 1 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -457,39 +318,180 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.96/31 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +router_bgp: + as: '65101' + router_id: 10.254.1.1 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: ptp-tests-leaf2 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: ptp-tests-leaf2 + description: ptp-tests-leaf2_Vlan4093 + - ip_address: 10.254.2.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: ptp-tests-spine1 + description: ptp-tests-spine1_Ethernet1 + - ip_address: 10.254.2.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: ptp-tests-spine1 + description: ptp-tests-spine1_Ethernet2 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: ptp-tests-spine1 + description: ptp-tests-spine1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: PTP + rd: 10.254.1.1:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.1 + neighbors: + - ip_address: 10.254.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: ptp-tests-leaf2_Vlan3000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.254.1.96/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.254.1.64/31 + mtu: 9214 + no_autostate: true +- name: Vlan11 + description: VLAN11 + shutdown: false + vrf: VRF1 + ip_address: 172.16.11.1/24 + tenant: PTP +- name: Vlan3000 + description: MLAG_L3_VRF_VRF1 + shutdown: false + vrf: VRF1 + ip_address: 10.254.1.96/31 + mtu: 9214 + tenant: PTP + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VLAN11 + tenant: PTP +- id: 3000 + name: MLAG_L3_VRF_VRF1 + trunk_groups: + - MLAG + tenant: PTP +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: PTP vxlan_interface: vxlan1: description: ptp-tests-leaf1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -497,5 +499,3 @@ vxlan_interface: vrfs: - name: VRF1 vni: 1 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf2.yml index 7847f4bca1c..8d2682aeebe 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-leaf2.yml @@ -1,319 +1,34 @@ -hostname: ptp-tests-leaf2 -is_deployed: true -router_bgp: - as: '65102' - router_id: 10.254.1.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65102' - next_hop_self: true - description: ptp-tests-leaf1 - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: ptp-tests-leaf1 - description: ptp-tests-leaf1_Vlan4093 - - ip_address: 10.254.2.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: ptp-tests-spine1 - description: ptp-tests-spine1_Ethernet3 - - ip_address: 10.254.2.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: ptp-tests-spine1 - description: ptp-tests-spine1_Ethernet4 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: ptp-tests-spine1 - description: ptp-tests-spine1_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.2 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.254.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: ptp-tests-leaf1_Vlan3000 - vlans: - - id: 11 - tenant: PTP - rd: 10.254.1.2:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: PTP - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.102/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - forward_unicast: true - source: - ip: 10.254.1.2 - priority1: 40 - priority2: 1 - ttl: 16 - domain: 127 - message_type: - general: - dscp: 46 - event: - dscp: 48 - monitor: - enabled: true - threshold: - offset_from_master: 1234 - mean_path_delay: 4567 - missing_message: - intervals: - announce: 10 - follow_up: 9 - sync: 8 - sequence_ids: - enabled: true - announce: 11 - delay_resp: 12 - follow_up: 13 - sync: 14 -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VLAN11 - tenant: PTP -- id: 3000 - name: MLAG_L3_VRF_VRF1 - trunk_groups: - - MLAG - tenant: PTP -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.254.1.97/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.254.1.65/31 -- name: Vlan11 - tenant: PTP - description: VLAN11 - shutdown: false - ip_address: 172.17.11.1/24 - vrf: VRF1 -- name: Vlan3000 - tenant: PTP - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF1 - vrf: VRF1 - mtu: 9214 - ip_address: 10.254.1.97/31 -port_channel_interfaces: -- name: Port-Channel9 - description: MLAG_ptp-tests-leaf1_Port-Channel9 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true -- name: Port-Channel11 - description: L2_ptp-tests-l2leaf1-ptp-disabled_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' - shutdown: false - mlag: 11 -- name: Port-Channel12 - description: L2_ptp-tests-l2leaf2-ptp-enabled_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' - shutdown: false - mlag: 12 - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true -- name: Port-Channel14 - description: L2_ptp-tests-l2leaf2-ptp-enabled-uplink-disabled_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '11' - shutdown: false - mlag: 14 -- name: Port-Channel6 - description: SERVER_Endpoint-with-mpass - shutdown: false - ptp: - announce: - interval: 0 - timeout: 3 - delay_req: -3 - sync_message: - interval: -3 - transport: ipv4 - enable: true - role: master - mpass: true - switchport: - enabled: true - mode: access - access_vlan: 11 - mlag: 6 ethernet_interfaces: - name: Ethernet9 - peer: ptp-tests-leaf1 - peer_interface: Ethernet9 - peer_type: mlag_peer description: MLAG_ptp-tests-leaf1_Ethernet9 shutdown: false channel_group: id: 9 mode: active -- name: Ethernet10 peer: ptp-tests-leaf1 - peer_interface: Ethernet10 + peer_interface: Ethernet9 peer_type: mlag_peer +- name: Ethernet10 description: MLAG_ptp-tests-leaf1_Ethernet10 shutdown: false channel_group: id: 9 mode: active + peer: ptp-tests-leaf1 + peer_interface: Ethernet10 + peer_type: mlag_peer - name: Ethernet1 - peer: ptp-tests-spine1 - peer_interface: Ethernet3 - peer_type: spine description: P2P_ptp-tests-spine1_Ethernet3 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.5/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -321,18 +36,18 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.5/31 -- name: Ethernet2 peer: ptp-tests-spine1 - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_ptp-tests-spine1_Ethernet4 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.7/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -340,80 +55,226 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.7/31 + peer: ptp-tests-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false - name: Ethernet11 - peer: ptp-tests-l2leaf1-ptp-disabled - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_ptp-tests-l2leaf1-ptp-disabled_Ethernet2 shutdown: false channel_group: id: 11 mode: active -- name: Ethernet12 - peer: ptp-tests-l2leaf2-ptp-enabled + peer: ptp-tests-l2leaf1-ptp-disabled peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet12 description: L2_ptp-tests-l2leaf2-ptp-enabled_Ethernet2 shutdown: false channel_group: id: 12 mode: active -- name: Ethernet14 - peer: ptp-tests-l2leaf2-ptp-enabled-uplink-disabled + peer: ptp-tests-l2leaf2-ptp-enabled peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet14 description: L2_ptp-tests-l2leaf2-ptp-enabled-uplink-disabled_Ethernet2 shutdown: false channel_group: id: 14 mode: active + peer: ptp-tests-l2leaf2-ptp-enabled-uplink-disabled + peer_interface: Ethernet2 + peer_type: l2leaf - name: Ethernet5 + description: SERVER_video-endpoint_PCI2 + shutdown: false + ptp: + enable: true + announce: + interval: 0 + timeout: 3 + delay_req: -3 + sync_message: + interval: -3 + role: master + transport: ipv4 + spanning_tree_portfast: edge peer: video-endpoint peer_interface: PCI2 peer_type: server - description: SERVER_video-endpoint_PCI2 - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +- name: Ethernet6 + description: SERVER_Endpoint-with-mpass_PCI2 + shutdown: false + channel_group: + id: 6 + mode: active + peer: Endpoint-with-mpass + peer_interface: PCI2 + peer_type: server +hostname: ptp-tests-leaf2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.2/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.102/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: ptp-test-leaf + local_interface: Vlan4094 + peer_address: 10.254.1.64 + peer_link: Port-Channel9 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel9 + description: MLAG_ptp-tests-leaf1_Port-Channel9 + shutdown: false ptp: + enable: true + announce: + interval: 0 + timeout: 3 + delay_req: -3 + sync_message: + interval: -3 + transport: ipv4 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel11 + description: L2_ptp-tests-l2leaf1-ptp-disabled_Port-Channel1 + shutdown: false + mlag: 11 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '11' +- name: Port-Channel12 + description: L2_ptp-tests-l2leaf2-ptp-enabled_Port-Channel1 + shutdown: false + mlag: 12 + ptp: + enable: true + announce: + interval: 0 + timeout: 3 + delay_req: -3 + sync_message: + interval: -3 + transport: ipv4 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '11' +- name: Port-Channel14 + description: L2_ptp-tests-l2leaf2-ptp-enabled-uplink-disabled_Port-Channel1 + shutdown: false + mlag: 14 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '11' +- name: Port-Channel6 + description: SERVER_Endpoint-with-mpass + shutdown: false + mlag: 6 + ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 - enable: true role: master -- name: Ethernet6 - peer: Endpoint-with-mpass - peer_interface: PCI2 - peer_type: server - description: SERVER_Endpoint-with-mpass_PCI2 - shutdown: false - channel_group: - id: 6 - mode: active -mlag_configuration: - domain_id: ptp-test-leaf - local_interface: Vlan4094 - peer_address: 10.254.1.64 - peer_link: Port-Channel9 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + transport: ipv4 + mpass: true + switchport: + enabled: true + mode: access + access_vlan: 11 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.96/31 +ptp: + mode: boundary + forward_unicast: true + source: + ip: 10.254.1.2 + priority1: 40 + priority2: 1 + ttl: 16 + domain: 127 + message_type: + general: + dscp: 46 + event: + dscp: 48 + monitor: + enabled: true + threshold: + offset_from_master: 1234 + mean_path_delay: 4567 + missing_message: + intervals: + announce: 10 + follow_up: 9 + sync: 8 + sequence_ids: + enabled: true + announce: 11 + delay_resp: 12 + follow_up: 13 + sync: 14 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP sequence_numbers: - sequence: 10 @@ -428,39 +289,180 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.2/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.96/31 router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true +router_bgp: + as: '65102' + router_id: 10.254.1.2 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65102' + description: ptp-tests-leaf1 + next_hop_self: true + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: ptp-tests-leaf1 + description: ptp-tests-leaf1_Vlan4093 + - ip_address: 10.254.2.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: ptp-tests-spine1 + description: ptp-tests-spine1_Ethernet3 + - ip_address: 10.254.2.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: ptp-tests-spine1 + description: ptp-tests-spine1_Ethernet4 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: ptp-tests-spine1 + description: ptp-tests-spine1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: PTP + rd: 10.254.1.2:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.2 + neighbors: + - ip_address: 10.254.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: ptp-tests-leaf1_Vlan3000 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.254.1.97/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.254.1.65/31 + mtu: 9214 + no_autostate: true +- name: Vlan11 + description: VLAN11 + shutdown: false + vrf: VRF1 + ip_address: 172.17.11.1/24 + tenant: PTP +- name: Vlan3000 + description: MLAG_L3_VRF_VRF1 + shutdown: false + vrf: VRF1 + ip_address: 10.254.1.97/31 + mtu: 9214 + tenant: PTP + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VLAN11 + tenant: PTP +- id: 3000 + name: MLAG_L3_VRF_VRF1 + trunk_groups: + - MLAG + tenant: PTP +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: PTP vxlan_interface: vxlan1: description: ptp-tests-leaf2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -468,5 +470,3 @@ vxlan_interface: vrfs: - name: VRF1 vni: 1 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine1.yml index 651c29025ba..e7268985b79 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine1.yml @@ -1,138 +1,16 @@ -hostname: ptp-tests-spine1 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: ptp-tests-leaf1 - description: ptp-tests-leaf1_Ethernet1 - - ip_address: 10.254.2.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: ptp-tests-leaf1 - description: ptp-tests-leaf1_Ethernet2 - - ip_address: 10.254.2.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: ptp-tests-leaf2 - description: ptp-tests-leaf2_Ethernet1 - - ip_address: 10.254.2.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: ptp-tests-leaf2 - description: ptp-tests-leaf2_Ethernet2 - - ip_address: 10.254.1.1 - peer_group: EVPN-OVERLAY-PEERS - peer: ptp-tests-leaf1 - description: ptp-tests-leaf1_Loopback0 - remote_as: '65101' - - ip_address: 10.254.1.2 - peer_group: EVPN-OVERLAY-PEERS - peer: ptp-tests-leaf2 - description: ptp-tests-leaf2_Loopback0 - remote_as: '65102' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.11/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - mode_one_step: true - clock_identity: 00:00:00:00:00:00 - priority1: 20 - priority2: 1 - domain: 127 - monitor: - enabled: true - threshold: - offset_from_master: 250 - mean_path_delay: 1500 - missing_message: - sequence_ids: - enabled: true - announce: 3 - delay_resp: 3 - follow_up: 3 - sync: 3 ethernet_interfaces: - name: Ethernet1 - peer: ptp-tests-leaf1 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_ptp-tests-leaf1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.0/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -140,18 +18,18 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.0/31 -- name: Ethernet2 peer: ptp-tests-leaf1 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_ptp-tests-leaf1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.2/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -159,18 +37,18 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.2/31 -- name: Ethernet3 - peer: ptp-tests-leaf2 - peer_interface: Ethernet1 + peer: ptp-tests-leaf1 + peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_ptp-tests-leaf2_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.4/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -178,18 +56,18 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.4/31 -- name: Ethernet4 peer: ptp-tests-leaf2 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_ptp-tests-leaf2_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.6/31 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -197,17 +75,17 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - ip_address: 10.254.2.6/31 -- name: Ethernet6 - peer: ptp-tests-spine2 - peer_interface: Ethernet6 - peer_type: spine + peer: ptp-tests-leaf2 + peer_interface: Ethernet2 + peer_type: l3leaf switchport: enabled: false +- name: Ethernet6 + description: P2P_ptp-tests-spine2_Ethernet6 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 2 timeout: 10 @@ -215,36 +93,36 @@ ethernet_interfaces: sync_message: interval: 2 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine2_Ethernet6 -- name: Ethernet7 peer: ptp-tests-spine2 - peer_interface: Ethernet7 + peer_interface: Ethernet6 peer_type: spine switchport: enabled: false +- name: Ethernet7 + description: P2P_ptp-tests-spine2_Ethernet7 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 0 timeout: 3 delay_req: -3 sync_message: interval: -3 - transport: ipv4 role: master - enable: true - description: P2P_ptp-tests-spine2_Ethernet7 -- name: Ethernet8 + transport: ipv4 peer: ptp-tests-spine2 - peer_interface: Ethernet8 + peer_interface: Ethernet7 peer_type: spine switchport: enabled: false +- name: Ethernet8 + description: P2P_ptp-tests-spine2_Ethernet8 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -252,17 +130,17 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine2_Ethernet8 -- name: Ethernet9 peer: ptp-tests-spine2 - peer_interface: Ethernet9 + peer_interface: Ethernet8 peer_type: spine switchport: enabled: false +- name: Ethernet9 + description: P2P_ptp-tests-spine2_Ethernet9 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -270,18 +148,57 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine2_Ethernet9 + peer: ptp-tests-spine2 + peer_interface: Ethernet9 + peer_type: spine + switchport: + enabled: false +hostname: ptp-tests-spine1 +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.255.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.11/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: - sequence: 10 action: permit 10.255.0.0/27 eq 32 +ptp: + mode: boundary + mode_one_step: true + clock_identity: 00:00:00:00:00:00 + priority1: 20 + priority2: 1 + domain: 127 + monitor: + enabled: true + threshold: + offset_from_master: 250 + mean_path_delay: 1500 + missing_message: + sequence_ids: + enabled: true + announce: 3 + delay_resp: 3 + follow_up: 3 + sync: 3 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -294,5 +211,88 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -metadata: - platform: vEOS-LAB +router_bgp: + as: '65200' + router_id: 10.255.0.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: ptp-tests-leaf1 + description: ptp-tests-leaf1_Ethernet1 + - ip_address: 10.254.2.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: ptp-tests-leaf1 + description: ptp-tests-leaf1_Ethernet2 + - ip_address: 10.254.2.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: ptp-tests-leaf2 + description: ptp-tests-leaf2_Ethernet1 + - ip_address: 10.254.2.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: ptp-tests-leaf2 + description: ptp-tests-leaf2_Ethernet2 + - ip_address: 10.254.1.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: ptp-tests-leaf1 + description: ptp-tests-leaf1_Loopback0 + - ip_address: 10.254.1.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: ptp-tests-leaf2 + description: ptp-tests-leaf2_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine2.yml index c555572bccb..753c812ef78 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine2.yml @@ -1,141 +1,15 @@ -hostname: ptp-tests-spine2 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.21/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ptp: - mode: boundary - mode_one_step: true - forward_unicast: true - clock_identity: 01:02:03:14:00:0a - source: - ip: 10.255.0.1 - priority1: 20 - priority2: 10 - ttl: 128 - domain: 127 - message_type: - general: - dscp: 46 - event: - dscp: 48 - monitor: - enabled: true - threshold: - offset_from_master: 1234 - mean_path_delay: 4567 - missing_message: - intervals: - announce: 10 - follow_up: 9 - sync: 8 - sequence_ids: - enabled: true - announce: 11 - delay_resp: 12 - follow_up: 13 - sync: 14 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet6 - peer: ptp-tests-spine1 - peer_interface: Ethernet6 - peer_type: spine - switchport: - enabled: false + description: P2P_ptp-tests-spine1_Ethernet6 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 2 timeout: 10 @@ -143,17 +17,17 @@ ethernet_interfaces: sync_message: interval: 2 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine1_Ethernet6 -- name: Ethernet7 peer: ptp-tests-spine1 - peer_interface: Ethernet7 + peer_interface: Ethernet6 peer_type: spine switchport: enabled: false +- name: Ethernet7 + description: P2P_ptp-tests-spine1_Ethernet7 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -161,17 +35,17 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine1_Ethernet7 -- name: Ethernet8 peer: ptp-tests-spine1 - peer_interface: Ethernet8 + peer_interface: Ethernet7 peer_type: spine switchport: enabled: false +- name: Ethernet8 + description: P2P_ptp-tests-spine1_Ethernet8 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -179,17 +53,17 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine1_Ethernet8 -- name: Ethernet9 peer: ptp-tests-spine1 - peer_interface: Ethernet9 + peer_interface: Ethernet8 peer_type: spine switchport: enabled: false +- name: Ethernet9 + description: P2P_ptp-tests-spine1_Ethernet9 shutdown: false mtu: 9214 ptp: + enable: true announce: interval: 0 timeout: 3 @@ -197,7 +71,133 @@ ethernet_interfaces: sync_message: interval: -3 transport: ipv4 - enable: true - description: P2P_ptp-tests-spine1_Ethernet9 + peer: ptp-tests-spine1 + peer_interface: Ethernet9 + peer_type: spine + switchport: + enabled: false +hostname: ptp-tests-spine2 +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.21/24 + type: oob + gateway: 192.168.0.1 metadata: platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +ptp: + mode: boundary + mode_one_step: true + forward_unicast: true + clock_identity: 01:02:03:14:00:0a + source: + ip: 10.255.0.1 + priority1: 20 + priority2: 10 + ttl: 128 + domain: 127 + message_type: + general: + dscp: 46 + event: + dscp: 48 + monitor: + enabled: true + threshold: + offset_from_master: 1234 + mean_path_delay: 4567 + missing_message: + intervals: + announce: 10 + follow_up: 9 + sync: 8 + sequence_ids: + enabled: true + announce: 11 + delay_resp: 12 + follow_up: 13 + sync: 14 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65200' + router_id: 10.255.0.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine3.yml index 170f9358155..e2713610fd7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/ptp-tests-spine3.yml @@ -1,77 +1,35 @@ -hostname: ptp-tests-spine3 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false +hostname: ptp-tests-spine3 +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.0.31/24 - gateway: 192.168.0.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.0.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 ptp: mode: boundary mode_one_step: true @@ -90,16 +48,6 @@ ptp: delay_resp: 3 follow_up: 3 sync: 3 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -112,5 +60,57 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -metadata: - platform: vEOS-LAB +router_bgp: + as: '65200' + router_id: 10.255.0.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/relaxed-structured-config-validation.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/relaxed-structured-config-validation.yml index 2e1da556d87..4aa6c9ec52e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/relaxed-structured-config-validation.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/relaxed-structured-config-validation.yml @@ -1,28 +1,28 @@ +aaa_accounting: + exec: + console: + type: start-stop + group: node_group +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: relaxed-structured-config-validation +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true -aaa_accounting: - exec: - console: - group: node_group - type: start-stop diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml index 6ba78f81f48..5e6c06c88ae 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf1.yml @@ -1,96 +1,96 @@ -hostname: sflow-tests-l2-leaf1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.254.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.201/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: sflow-tests-leaf3 - peer_interface: Ethernet16 - peer_type: l3leaf description: L2_sflow-tests-leaf3_Ethernet16 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: sflow-tests-leaf4 + peer: sflow-tests-leaf3 peer_interface: Ethernet16 peer_type: l3leaf +- name: Ethernet2 description: L2_sflow-tests-leaf4_Ethernet16 shutdown: false channel_group: id: 1 mode: active + peer: sflow-tests-leaf4 + peer_interface: Ethernet16 + peer_type: l3leaf +hostname: sflow-tests-l2-leaf1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.201/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_sflow-tests-leaf-mlag_Port-Channel16 + shutdown: false + sflow: + enable: true switchport: enabled: true mode: trunk trunk: allowed_vlan: 11,4092 - shutdown: false - sflow: - enable: true -vlans: -- id: 11 - name: VLAN11 - tenant: SFLOW -- id: 4092 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.254.254.4/24 - type: inband_mgmt +service_routing_protocols_model: multi-agent sflow: - run: true - polling_interval: 1 sample: 10 - destinations: - - destination: 10.10.10.10 - - destination: 10.10.10.11 - source_interface: Vlan4092 + polling_interval: 1 vrfs: - name: MGMT destinations: - destination: 10.10.10.12 source_interface: Management1 -metadata: - platform: vEOS-lab + destinations: + - destination: 10.10.10.10 + - destination: 10.10.10.11 + source_interface: Vlan4092 + run: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.254.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 10.254.254.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: SFLOW +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml index 1008235b840..696eac6d434 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-l2-leaf2.yml @@ -1,96 +1,96 @@ -hostname: sflow-tests-l2-leaf2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.254.254.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.202/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: sflow-tests-leaf3 - peer_interface: Ethernet17 - peer_type: l3leaf description: L2_sflow-tests-leaf3_Ethernet17 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: sflow-tests-leaf4 + peer: sflow-tests-leaf3 peer_interface: Ethernet17 peer_type: l3leaf +- name: Ethernet2 description: L2_sflow-tests-leaf4_Ethernet17 shutdown: false channel_group: id: 1 mode: active + peer: sflow-tests-leaf4 + peer_interface: Ethernet17 + peer_type: l3leaf +hostname: sflow-tests-l2-leaf2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.202/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_sflow-tests-leaf-mlag_Port-Channel17 + shutdown: false + sflow: + enable: true switchport: enabled: true mode: trunk trunk: allowed_vlan: 11,4092 - shutdown: false - sflow: - enable: true -vlans: -- id: 11 - name: VLAN11 - tenant: SFLOW -- id: 4092 - tenant: system - name: INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4092 - description: Inband Management - shutdown: false - mtu: 1500 - ip_address: 10.254.254.5/24 - type: inband_mgmt +service_routing_protocols_model: multi-agent sflow: - run: true - polling_interval: 1 sample: 10 - destinations: - - destination: 10.10.10.10 - - destination: 10.10.10.11 - source_interface: Vlan4092 + polling_interval: 1 vrfs: - name: MGMT destinations: - destination: 10.10.10.12 source_interface: Management1 -metadata: - platform: vEOS-lab + destinations: + - destination: 10.10.10.10 + - destination: 10.10.10.11 + source_interface: Vlan4092 + run: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +- destination_address_prefix: 0.0.0.0/0 + gateway: 10.254.254.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4092 + description: Inband Management + shutdown: false + ip_address: 10.254.254.5/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: SFLOW +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml index 153cf80dba9..04e184dd26e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf1.yml @@ -1,182 +1,75 @@ -hostname: sflow-tests-leaf1 -is_deployed: true -router_bgp: - as: '65101' - router_id: 10.254.1.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: sflow-tests-spine1 - description: sflow-tests-spine1_Ethernet1 - - ip_address: 10.254.2.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65200' - peer: sflow-tests-spine1 - description: sflow-tests-spine1_Ethernet2 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: sflow-tests-spine1 - description: sflow-tests-spine1_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 10.254.1.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 10.254.1.1 - redistribute: - connected: - enabled: true - vlans: - - id: 11 - tenant: SFLOW - rd: 10.254.1.1:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: SFLOW - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.101/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: sflow-tests-spine1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_sflow-tests-spine1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false - sflow: - enable: true ip_address: 10.254.2.1/31 -- name: Ethernet2 peer: sflow-tests-spine1 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: spine + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet2 description: P2P_sflow-tests-spine1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.3/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet2 + peer_type: spine sflow: enable: true - ip_address: 10.254.2.3/31 + switchport: + enabled: false - name: Ethernet10 + description: SERVER_single-interface-true_eth1 + shutdown: false peer: single-interface-true peer_interface: eth1 peer_type: server - description: SERVER_single-interface-true_eth1 - shutdown: false + sflow: + enable: true switchport: enabled: true mode: access access_vlan: 11 - sflow: - enable: true - name: Ethernet12 + description: SERVER_single-interface-false_eth11 + shutdown: false peer: single-interface-false peer_interface: eth11 peer_type: server - description: SERVER_single-interface-false_eth11 - shutdown: false + sflow: + enable: false switchport: enabled: true mode: access access_vlan: 11 - sflow: - enable: false - name: Ethernet14 + description: SERVER_single-interface-no-definition_eth12 + shutdown: false peer: single-interface-no-definition peer_interface: eth12 peer_type: server - description: SERVER_single-interface-no-definition_eth12 - shutdown: false + sflow: + enable: true switchport: enabled: true mode: access access_vlan: 11 - sflow: - enable: true +hostname: sflow-tests-leaf1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -186,6 +79,20 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 10.254.11.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.101/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -205,44 +112,137 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -vlans: -- id: 11 - name: VLAN11 - tenant: SFLOW -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 +router_bgp: + as: '65101' + router_id: 10.254.1.1 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: sflow-tests-spine1 + description: sflow-tests-spine1_Ethernet1 + - ip_address: 10.254.2.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65200' + peer: sflow-tests-spine1 + description: sflow-tests-spine1_Ethernet2 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' + peer: sflow-tests-spine1 + description: sflow-tests-spine1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: SFLOW + rd: 10.254.1.1:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 10.254.1.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 10.254.1.1 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: MGMT + destinations: + - destination: 10.10.10.10 + - destination: 10.10.10.11 + source_interface: Management1 + - name: sflowvrf + destinations: + - destination: 10.10.10.12 + port: 1234 + source_interface: Loopback321 + run: true +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan11 - tenant: SFLOW description: VLAN11 shutdown: false - ip_address: 172.16.11.1/24 vrf: VRF1 + ip_address: 172.16.11.1/24 + tenant: SFLOW +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 11 + name: VLAN11 + tenant: SFLOW +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: SFLOW vxlan_interface: vxlan1: description: sflow-tests-leaf1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 11 vni: 10011 vrfs: - name: VRF1 vni: 1 -sflow: - run: true - vrfs: - - name: MGMT - destinations: - - destination: 10.10.10.10 - - destination: 10.10.10.11 - source_interface: Management1 - - name: sflowvrf - destinations: - - destination: 10.10.10.12 - port: 1234 - source_interface: Loopback321 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml index b1484566334..c68a3cb16ce 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf2.yml @@ -1,36 +1,102 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_sflow-tests-spine1_Ethernet3 + shutdown: false + mtu: 9214 + ip_address: 10.254.2.5/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet3 + peer_type: spine + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet2 + description: P2P_sflow-tests-spine1_Ethernet4 + shutdown: false + mtu: 9214 + ip_address: 10.254.2.7/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet4 + peer_type: spine + sflow: + enable: true + switchport: + enabled: false hostname: sflow-tests-leaf2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.2/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.102/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.254.1.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.254.2.4 peer_group: IPv4-UNDERLAY-PEERS @@ -44,13 +110,32 @@ router_bgp: description: sflow-tests-spine1_Ethernet4 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: sflow-tests-spine1 description: sflow-tests-spine1_Loopback0 - remote_as: '65200' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: SFLOW + rd: 10.254.1.2:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: VRF1 rd: 10.254.1.2:1 @@ -67,146 +152,61 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 11 - tenant: SFLOW - rd: 10.254.1.2:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned +service_routing_protocols_model: multi-agent +sflow: + vrfs: + - name: MGMT + destinations: + - destination: 10.10.10.10 + - destination: 10.10.10.11 + source_interface: Management1 + - name: sflowvrf + destinations: + - destination: 10.10.10.12 + port: 1234 + source_interface: Loopback321 + run: true +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan11 + description: VLAN11 + shutdown: false + vrf: VRF1 + ip_address: 172.17.11.1/24 + tenant: SFLOW vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 +vlans: +- id: 11 + name: VLAN11 + tenant: SFLOW vrfs: - name: MGMT ip_routing: false - name: VRF1 - tenant: SFLOW ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.102/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: sflow-tests-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_sflow-tests-spine1_Ethernet3 - shutdown: false - mtu: 9214 - switchport: - enabled: false - sflow: - enable: true - ip_address: 10.254.2.5/31 -- name: Ethernet2 - peer: sflow-tests-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_sflow-tests-spine1_Ethernet4 - shutdown: false - mtu: 9214 - switchport: - enabled: false - sflow: - enable: true - ip_address: 10.254.2.7/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.2/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 11 - name: VLAN11 tenant: SFLOW -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 -vlan_interfaces: -- name: Vlan11 - tenant: SFLOW - description: VLAN11 - shutdown: false - ip_address: 172.17.11.1/24 - vrf: VRF1 vxlan_interface: vxlan1: description: sflow-tests-leaf2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 11 vni: 10011 vrfs: - name: VRF1 vni: 1 -sflow: - run: true - vrfs: - - name: MGMT - destinations: - - destination: 10.10.10.10 - - destination: 10.10.10.11 - source_interface: Management1 - - name: sflowvrf - destinations: - - destination: 10.10.10.12 - port: 1234 - source_interface: Loopback321 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml index 855c177c978..2fd054ddde2 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf3.yml @@ -1,48 +1,257 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet11 + description: SERVER_port-channel-interface-true_PCI1 + shutdown: false + channel_group: + id: 11 + mode: 'on' + peer: port-channel-interface-true + peer_interface: PCI1 + peer_type: server +- name: Ethernet12 + description: MLAG_sflow-tests-leaf4_Ethernet12 + shutdown: false + channel_group: + id: 11 + mode: active + peer: sflow-tests-leaf4 + peer_interface: Ethernet12 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_sflow-tests-spine1_Ethernet5 + shutdown: false + mtu: 9214 + ip_address: 10.254.2.17/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet5 + peer_type: spine + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet2 + description: P2P_sflow-tests-spine1_Ethernet6 + shutdown: false + mtu: 9214 + ip_address: 10.254.2.19/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet6 + peer_type: spine + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet16 + description: L2_sflow-tests-l2-leaf1_Ethernet1 + shutdown: false + channel_group: + id: 16 + mode: active + peer: sflow-tests-l2-leaf1 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet17 + description: L2_sflow-tests-l2-leaf2_Ethernet1 + shutdown: false + channel_group: + id: 17 + mode: active + peer: sflow-tests-l2-leaf2 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet13 + description: SERVER_port-channel-interface-false_PCI11 + shutdown: false + channel_group: + id: 13 + mode: 'on' + peer: port-channel-interface-false + peer_interface: PCI11 + peer_type: server +- name: Ethernet15 + description: SERVER_port-channel-interface-no-definition_PCI13 + shutdown: false + channel_group: + id: 15 + mode: 'on' + peer: port-channel-interface-no-definition + peer_interface: PCI13 + peer_type: server hostname: sflow-tests-leaf3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.103/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: sflow-tests-leaf-mlag + local_interface: Vlan4094 + peer_address: 10.254.1.73 + peer_link: Port-Channel11 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel11 + description: SERVER_port-channel-interface-true + shutdown: false + mlag: 11 + spanning_tree_portfast: edge + sflow: + enable: true + switchport: + enabled: true + mode: access + access_vlan: 11 + trunk: + groups: + - MLAG +- name: Port-Channel16 + description: L2_sflow-tests-l2-leaf1_Port-Channel1 + shutdown: false + mlag: 16 + sflow: + enable: true + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel17 + description: L2_sflow-tests-l2-leaf2_Port-Channel1 + shutdown: false + mlag: 17 + sflow: + enable: true + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel13 + description: SERVER_port-channel-interface-false + shutdown: false + mlag: 13 + spanning_tree_portfast: edge + sflow: + enable: false + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Port-Channel15 + description: SERVER_port-channel-interface-no-definition + shutdown: false + mlag: 15 + spanning_tree_portfast: edge + sflow: + enable: true + switchport: + enabled: true + mode: access + access_vlan: 11 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.104/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 10.254.254.0/24 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65105' router_id: 10.254.1.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65105' - next_hop_self: true description: sflow-tests-leaf4 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.254.1.105 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -60,13 +269,36 @@ router_bgp: description: sflow-tests-spine1_Ethernet6 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: sflow-tests-spine1 description: sflow-tests-spine1_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: SFLOW + rd: 10.254.1.5:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: VRF1 rd: 10.254.1.5:1 @@ -80,330 +312,113 @@ router_bgp: route_targets: - '1:1' router_id: 10.254.1.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbors: - ip_address: 10.254.1.105 peer_group: MLAG-IPv4-UNDERLAY-PEER description: sflow-tests-leaf4_Vlan3000 - vlans: - - id: 11 - tenant: SFLOW - rd: 10.254.1.5:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true +sflow: + vrfs: + - name: MGMT + destinations: + - destination: 10.10.10.10 + - destination: 10.10.10.11 + source_interface: Management1 + - name: sflowvrf + destinations: + - destination: 10.10.10.12 + port: 1234 + source_interface: Loopback321 + run: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: SFLOW - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.103/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VLAN11 - tenant: SFLOW -- id: 3000 - name: MLAG_L3_VRF_VRF1 - trunk_groups: - - MLAG - tenant: SFLOW -- id: 4092 - tenant: system - name: INBAND_MGMT +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 9214 ip_address: 10.254.1.104/31 + mtu: 9214 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 9214 ip_address: 10.254.1.72/31 + mtu: 9214 + no_autostate: true - name: Vlan11 - tenant: SFLOW description: VLAN11 shutdown: false vrf: VRF1 -- name: Vlan3000 tenant: SFLOW - type: underlay_peering - shutdown: false +- name: Vlan3000 description: MLAG_L3_VRF_VRF1 + shutdown: false vrf: VRF1 - mtu: 9214 ip_address: 10.254.1.104/31 + mtu: 9214 + tenant: SFLOW + type: underlay_peering - name: Vlan4092 description: Inband Management shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 10.254.254.2/24 ip_virtual_router_addresses: - 10.254.254.1 -port_channel_interfaces: -- name: Port-Channel11 - description: SERVER_port-channel-interface-true - switchport: - enabled: true - mode: access - trunk: - groups: - - MLAG - access_vlan: 11 - shutdown: false - sflow: - enable: true - spanning_tree_portfast: edge - mlag: 11 -- name: Port-Channel16 - description: L2_sflow-tests-l2-leaf1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - sflow: - enable: true - mlag: 16 -- name: Port-Channel17 - description: L2_sflow-tests-l2-leaf2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - sflow: - enable: true - mlag: 17 -- name: Port-Channel13 - description: SERVER_port-channel-interface-false - shutdown: false - sflow: - enable: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 13 -- name: Port-Channel15 - description: SERVER_port-channel-interface-no-definition - shutdown: false - sflow: - enable: true - switchport: + mtu: 1500 + ip_attached_host_route_export: enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 15 -ethernet_interfaces: -- name: Ethernet11 - peer: port-channel-interface-true - peer_interface: PCI1 - peer_type: server - description: SERVER_port-channel-interface-true_PCI1 - shutdown: false - channel_group: - id: 11 - mode: 'on' -- name: Ethernet12 - peer: sflow-tests-leaf4 - peer_interface: Ethernet12 - peer_type: mlag_peer - description: MLAG_sflow-tests-leaf4_Ethernet12 - shutdown: false - channel_group: - id: 11 - mode: active -- name: Ethernet1 - peer: sflow-tests-spine1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_sflow-tests-spine1_Ethernet5 - shutdown: false - mtu: 9214 - switchport: - enabled: false - sflow: - enable: true - ip_address: 10.254.2.17/31 -- name: Ethernet2 - peer: sflow-tests-spine1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_sflow-tests-spine1_Ethernet6 - shutdown: false - mtu: 9214 - switchport: - enabled: false - sflow: - enable: true - ip_address: 10.254.2.19/31 -- name: Ethernet16 - peer: sflow-tests-l2-leaf1 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_sflow-tests-l2-leaf1_Ethernet1 - shutdown: false - channel_group: - id: 16 - mode: active -- name: Ethernet17 - peer: sflow-tests-l2-leaf2 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_sflow-tests-l2-leaf2_Ethernet1 - shutdown: false - channel_group: - id: 17 - mode: active -- name: Ethernet13 - peer: port-channel-interface-false - peer_interface: PCI11 - peer_type: server - description: SERVER_port-channel-interface-false_PCI11 - shutdown: false - channel_group: - id: 13 - mode: 'on' -- name: Ethernet15 - peer: port-channel-interface-no-definition - peer_interface: PCI13 - peer_type: server - description: SERVER_port-channel-interface-no-definition_PCI13 - shutdown: false - channel_group: - id: 15 - mode: 'on' -mlag_configuration: - domain_id: sflow-tests-leaf-mlag - local_interface: Vlan4094 - peer_address: 10.254.1.73 - peer_link: Port-Channel11 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.104/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 10.254.254.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VLAN11 + tenant: SFLOW +- id: 3000 + name: MLAG_L3_VRF_VRF1 + trunk_groups: + - MLAG + tenant: SFLOW +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: SFLOW vxlan_interface: vxlan1: description: sflow-tests-leaf3_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -411,18 +426,3 @@ vxlan_interface: vrfs: - name: VRF1 vni: 1 -sflow: - run: true - vrfs: - - name: MGMT - destinations: - - destination: 10.10.10.10 - - destination: 10.10.10.11 - source_interface: Management1 - - name: sflowvrf - destinations: - - destination: 10.10.10.12 - port: 1234 - source_interface: Loopback321 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml index e17282a01d9..11a4fe61147 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-leaf4.yml @@ -1,48 +1,257 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet11 + description: SERVER_port-channel-interface-true_PCI2 + shutdown: false + channel_group: + id: 11 + mode: 'on' + peer: port-channel-interface-true + peer_interface: PCI2 + peer_type: server +- name: Ethernet12 + description: MLAG_sflow-tests-leaf3_Ethernet12 + shutdown: false + channel_group: + id: 11 + mode: active + peer: sflow-tests-leaf3 + peer_interface: Ethernet12 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_sflow-tests-spine1_Ethernet7 + shutdown: false + mtu: 9214 + ip_address: 10.254.2.21/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet7 + peer_type: spine + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet2 + description: P2P_sflow-tests-spine1_Ethernet8 + shutdown: false + mtu: 9214 + ip_address: 10.254.2.23/31 + peer: sflow-tests-spine1 + peer_interface: Ethernet8 + peer_type: spine + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet16 + description: L2_sflow-tests-l2-leaf1_Ethernet2 + shutdown: false + channel_group: + id: 16 + mode: active + peer: sflow-tests-l2-leaf1 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet17 + description: L2_sflow-tests-l2-leaf2_Ethernet2 + shutdown: false + channel_group: + id: 17 + mode: active + peer: sflow-tests-l2-leaf2 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet13 + description: SERVER_port-channel-interface-false_PCI12 + shutdown: false + channel_group: + id: 13 + mode: 'on' + peer: port-channel-interface-false + peer_interface: PCI12 + peer_type: server +- name: Ethernet15 + description: SERVER_port-channel-interface-no-definition_PCI14 + shutdown: false + channel_group: + id: 15 + mode: 'on' + peer: port-channel-interface-no-definition + peer_interface: PCI14 + peer_type: server hostname: sflow-tests-leaf4 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:11:22:33:44:55 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.254.1.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.254.11.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.104/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: sflow-tests-leaf-mlag + local_interface: Vlan4094 + peer_address: 10.254.1.72 + peer_link: Port-Channel11 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel11 + description: SERVER_port-channel-interface-true + shutdown: false + mlag: 11 + spanning_tree_portfast: edge + sflow: + enable: true + switchport: + enabled: true + mode: access + access_vlan: 11 + trunk: + groups: + - MLAG +- name: Port-Channel16 + description: L2_sflow-tests-l2-leaf1_Port-Channel1 + shutdown: false + mlag: 16 + sflow: + enable: true + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel17 + description: L2_sflow-tests-l2-leaf2_Port-Channel1 + shutdown: false + mlag: 17 + sflow: + enable: true + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11,4092 +- name: Port-Channel13 + description: SERVER_port-channel-interface-false + shutdown: false + mlag: 13 + spanning_tree_portfast: edge + sflow: + enable: false + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Port-Channel15 + description: SERVER_port-channel-interface-no-definition + shutdown: false + mlag: 15 + spanning_tree_portfast: edge + sflow: + enable: true + switchport: + enabled: true + mode: access + access_vlan: 11 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.0/27 eq 32 + - sequence: 20 + action: permit 10.254.11.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.254.1.104/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 10.254.254.0/24 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65105' router_id: 10.254.1.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65105' - next_hop_self: true description: sflow-tests-leaf3 - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.254.1.104 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -60,13 +269,36 @@ router_bgp: description: sflow-tests-spine1_Ethernet8 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: sflow-tests-spine1 description: sflow-tests-spine1_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: SFLOW + rd: 10.254.1.6:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: VRF1 rd: 10.254.1.6:1 @@ -80,330 +312,113 @@ router_bgp: route_targets: - '1:1' router_id: 10.254.1.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbors: - ip_address: 10.254.1.104 peer_group: MLAG-IPv4-UNDERLAY-PEER description: sflow-tests-leaf3_Vlan3000 - vlans: - - id: 11 - tenant: SFLOW - rd: 10.254.1.6:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true +sflow: + vrfs: + - name: MGMT + destinations: + - destination: 10.10.10.10 + - destination: 10.10.10.11 + source_interface: Management1 + - name: sflowvrf + destinations: + - destination: 10.10.10.12 + port: 1234 + source_interface: Loopback321 + run: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: SFLOW - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.104/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VLAN11 - tenant: SFLOW -- id: 3000 - name: MLAG_L3_VRF_VRF1 - trunk_groups: - - MLAG - tenant: SFLOW -- id: 4092 - tenant: system - name: INBAND_MGMT +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 9214 ip_address: 10.254.1.105/31 + mtu: 9214 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 9214 ip_address: 10.254.1.73/31 + mtu: 9214 + no_autostate: true - name: Vlan11 - tenant: SFLOW description: VLAN11 shutdown: false vrf: VRF1 -- name: Vlan3000 tenant: SFLOW - type: underlay_peering - shutdown: false +- name: Vlan3000 description: MLAG_L3_VRF_VRF1 + shutdown: false vrf: VRF1 - mtu: 9214 ip_address: 10.254.1.105/31 + mtu: 9214 + tenant: SFLOW + type: underlay_peering - name: Vlan4092 description: Inband Management shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 ip_address: 10.254.254.3/24 ip_virtual_router_addresses: - 10.254.254.1 -port_channel_interfaces: -- name: Port-Channel11 - description: SERVER_port-channel-interface-true - switchport: - enabled: true - mode: access - trunk: - groups: - - MLAG - access_vlan: 11 - shutdown: false - sflow: - enable: true - spanning_tree_portfast: edge - mlag: 11 -- name: Port-Channel16 - description: L2_sflow-tests-l2-leaf1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - sflow: - enable: true - mlag: 16 -- name: Port-Channel17 - description: L2_sflow-tests-l2-leaf2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11,4092 - shutdown: false - sflow: - enable: true - mlag: 17 -- name: Port-Channel13 - description: SERVER_port-channel-interface-false - shutdown: false - sflow: - enable: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 13 -- name: Port-Channel15 - description: SERVER_port-channel-interface-no-definition - shutdown: false - sflow: - enable: true - switchport: + mtu: 1500 + ip_attached_host_route_export: enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge - mlag: 15 -ethernet_interfaces: -- name: Ethernet11 - peer: port-channel-interface-true - peer_interface: PCI2 - peer_type: server - description: SERVER_port-channel-interface-true_PCI2 - shutdown: false - channel_group: - id: 11 - mode: 'on' -- name: Ethernet12 - peer: sflow-tests-leaf3 - peer_interface: Ethernet12 - peer_type: mlag_peer - description: MLAG_sflow-tests-leaf3_Ethernet12 - shutdown: false - channel_group: - id: 11 - mode: active -- name: Ethernet1 - peer: sflow-tests-spine1 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_sflow-tests-spine1_Ethernet7 - shutdown: false - mtu: 9214 - switchport: - enabled: false - sflow: - enable: true - ip_address: 10.254.2.21/31 -- name: Ethernet2 - peer: sflow-tests-spine1 - peer_interface: Ethernet8 - peer_type: spine - description: P2P_sflow-tests-spine1_Ethernet8 - shutdown: false - mtu: 9214 - switchport: - enabled: false - sflow: - enable: true - ip_address: 10.254.2.23/31 -- name: Ethernet16 - peer: sflow-tests-l2-leaf1 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_sflow-tests-l2-leaf1_Ethernet2 - shutdown: false - channel_group: - id: 16 - mode: active -- name: Ethernet17 - peer: sflow-tests-l2-leaf2 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_sflow-tests-l2-leaf2_Ethernet2 - shutdown: false - channel_group: - id: 17 - mode: active -- name: Ethernet13 - peer: port-channel-interface-false - peer_interface: PCI12 - peer_type: server - description: SERVER_port-channel-interface-false_PCI12 - shutdown: false - channel_group: - id: 13 - mode: 'on' -- name: Ethernet15 - peer: port-channel-interface-no-definition - peer_interface: PCI14 - peer_type: server - description: SERVER_port-channel-interface-no-definition_PCI14 - shutdown: false - channel_group: - id: 15 - mode: 'on' -mlag_configuration: - domain_id: sflow-tests-leaf-mlag - local_interface: Vlan4094 - peer_address: 10.254.1.72 - peer_link: Port-Channel11 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.254.1.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.254.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.0/27 eq 32 - - sequence: 20 - action: permit 10.254.11.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.254.1.104/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 10.254.254.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:11:22:33:44:55 + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VLAN11 + tenant: SFLOW +- id: 3000 + name: MLAG_L3_VRF_VRF1 + trunk_groups: + - MLAG + tenant: SFLOW +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + tenant: SFLOW vxlan_interface: vxlan1: description: sflow-tests-leaf4_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -411,18 +426,3 @@ vxlan_interface: vrfs: - name: VRF1 vni: 1 -sflow: - run: true - vrfs: - - name: MGMT - destinations: - - destination: 10.10.10.10 - - destination: 10.10.10.11 - source_interface: Management1 - - name: sflowvrf - destinations: - - destination: 10.10.10.12 - port: 1234 - source_interface: Loopback321 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml index cc1d5b2d591..74d96b3094c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine1.yml @@ -1,306 +1,193 @@ -hostname: sflow-tests-spine1 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.254.2.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: sflow-tests-leaf1 - description: sflow-tests-leaf1_Ethernet1 - - ip_address: 10.254.2.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: sflow-tests-leaf1 - description: sflow-tests-leaf1_Ethernet2 - - ip_address: 10.254.2.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: sflow-tests-leaf2 - description: sflow-tests-leaf2_Ethernet1 - - ip_address: 10.254.2.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65102' - peer: sflow-tests-leaf2 - description: sflow-tests-leaf2_Ethernet2 - - ip_address: 10.254.2.17 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: sflow-tests-leaf3 - description: sflow-tests-leaf3_Ethernet1 - - ip_address: 10.254.2.19 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: sflow-tests-leaf3 - description: sflow-tests-leaf3_Ethernet2 - - ip_address: 10.254.2.21 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: sflow-tests-leaf4 - description: sflow-tests-leaf4_Ethernet1 - - ip_address: 10.254.2.23 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65105' - peer: sflow-tests-leaf4 - description: sflow-tests-leaf4_Ethernet2 - - ip_address: 10.254.1.1 - peer_group: EVPN-OVERLAY-PEERS - peer: sflow-tests-leaf1 - description: sflow-tests-leaf1_Loopback0 - remote_as: '65101' - - ip_address: 10.254.1.2 - peer_group: EVPN-OVERLAY-PEERS - peer: sflow-tests-leaf2 - description: sflow-tests-leaf2_Loopback0 - remote_as: '65102' - - ip_address: 10.254.1.5 - peer_group: EVPN-OVERLAY-PEERS - peer: sflow-tests-leaf3 - description: sflow-tests-leaf3_Loopback0 - remote_as: '65105' - - ip_address: 10.254.1.6 - peer_group: EVPN-OVERLAY-PEERS - peer: sflow-tests-leaf4 - description: sflow-tests-leaf4_Loopback0 - remote_as: '65105' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.11/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: sflow-tests-leaf1 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_sflow-tests-leaf1_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false - sflow: - enable: true ip_address: 10.254.2.0/31 -- name: Ethernet2 peer: sflow-tests-leaf1 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: l3leaf + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet2 description: P2P_sflow-tests-leaf1_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.2/31 + peer: sflow-tests-leaf1 + peer_interface: Ethernet2 + peer_type: l3leaf sflow: enable: true - ip_address: 10.254.2.2/31 + switchport: + enabled: false - name: Ethernet3 - peer: sflow-tests-leaf2 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_sflow-tests-leaf2_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false - sflow: - enable: true ip_address: 10.254.2.4/31 -- name: Ethernet4 peer: sflow-tests-leaf2 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: l3leaf + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet4 description: P2P_sflow-tests-leaf2_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.6/31 + peer: sflow-tests-leaf2 + peer_interface: Ethernet2 + peer_type: l3leaf sflow: enable: true - ip_address: 10.254.2.6/31 + switchport: + enabled: false - name: Ethernet5 - peer: sflow-tests-leaf3 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_sflow-tests-leaf3_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false - sflow: - enable: true ip_address: 10.254.2.16/31 -- name: Ethernet6 peer: sflow-tests-leaf3 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: l3leaf + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet6 description: P2P_sflow-tests-leaf3_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.18/31 + peer: sflow-tests-leaf3 + peer_interface: Ethernet2 + peer_type: l3leaf sflow: enable: true - ip_address: 10.254.2.18/31 + switchport: + enabled: false - name: Ethernet7 - peer: sflow-tests-leaf4 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_sflow-tests-leaf4_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false - sflow: - enable: true ip_address: 10.254.2.20/31 -- name: Ethernet8 peer: sflow-tests-leaf4 - peer_interface: Ethernet2 + peer_interface: Ethernet1 peer_type: l3leaf + sflow: + enable: true + switchport: + enabled: false +- name: Ethernet8 description: P2P_sflow-tests-leaf4_Ethernet2 shutdown: false mtu: 9214 - switchport: - enabled: false + ip_address: 10.254.2.22/31 + peer: sflow-tests-leaf4 + peer_interface: Ethernet2 + peer_type: l3leaf sflow: enable: true - ip_address: 10.254.2.22/31 + switchport: + enabled: false - name: Ethernet9 + description: P2P_sflow-tests-spine2_Ethernet9 + shutdown: false + mtu: 9214 peer: sflow-tests-spine2 peer_interface: Ethernet9 peer_type: spine + sflow: + enable: true switchport: enabled: false +- name: Ethernet10 + description: P2P_sflow-tests-spine2_Ethernet10 shutdown: false mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine2_Ethernet9 -- name: Ethernet10 peer: sflow-tests-spine2 peer_interface: Ethernet10 peer_type: spine + sflow: + enable: false switchport: enabled: false +- name: Ethernet11 + description: P2P_sflow-tests-spine2_Ethernet11 shutdown: false mtu: 9214 - sflow: - enable: false - description: P2P_sflow-tests-spine2_Ethernet10 -- name: Ethernet11 peer: sflow-tests-spine2 peer_interface: Ethernet11 peer_type: spine + sflow: + enable: true switchport: enabled: false +- name: Ethernet12 + description: P2P_sflow-tests-spine2_Ethernet12 shutdown: false mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine2_Ethernet11 -- name: Ethernet12 peer: sflow-tests-spine2 peer_interface: Ethernet12 peer_type: spine + sflow: + enable: true switchport: enabled: false +- name: Ethernet13 + description: P2P_sflow-tests-spine2_Ethernet13 shutdown: false mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine2_Ethernet12 -- name: Ethernet13 peer: sflow-tests-spine2 peer_interface: Ethernet13 peer_type: spine + sflow: + enable: false switchport: enabled: false +- name: Ethernet14 + description: P2P_sflow-tests-spine2_Ethernet14 shutdown: false mtu: 9214 - sflow: - enable: false - description: P2P_sflow-tests-spine2_Ethernet13 -- name: Ethernet14 peer: sflow-tests-spine2 peer_interface: Ethernet14 peer_type: spine - switchport: - enabled: false - shutdown: false - mtu: 9214 sflow: enable: true - description: P2P_sflow-tests-spine2_Ethernet14 + switchport: + enabled: false +hostname: sflow-tests-spine1 +ip_routing: true +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.255.0.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.11/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-LAB prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -318,8 +205,107 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65200' + router_id: 10.255.0.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.254.2.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: sflow-tests-leaf1 + description: sflow-tests-leaf1_Ethernet1 + - ip_address: 10.254.2.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: sflow-tests-leaf1 + description: sflow-tests-leaf1_Ethernet2 + - ip_address: 10.254.2.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: sflow-tests-leaf2 + description: sflow-tests-leaf2_Ethernet1 + - ip_address: 10.254.2.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65102' + peer: sflow-tests-leaf2 + description: sflow-tests-leaf2_Ethernet2 + - ip_address: 10.254.2.17 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: sflow-tests-leaf3 + description: sflow-tests-leaf3_Ethernet1 + - ip_address: 10.254.2.19 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: sflow-tests-leaf3 + description: sflow-tests-leaf3_Ethernet2 + - ip_address: 10.254.2.21 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: sflow-tests-leaf4 + description: sflow-tests-leaf4_Ethernet1 + - ip_address: 10.254.2.23 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65105' + peer: sflow-tests-leaf4 + description: sflow-tests-leaf4_Ethernet2 + - ip_address: 10.254.1.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: sflow-tests-leaf1 + description: sflow-tests-leaf1_Loopback0 + - ip_address: 10.254.1.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: sflow-tests-leaf2 + description: sflow-tests-leaf2_Loopback0 + - ip_address: 10.254.1.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: sflow-tests-leaf3 + description: sflow-tests-leaf3_Loopback0 + - ip_address: 10.254.1.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: sflow-tests-leaf4 + description: sflow-tests-leaf4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent sflow: - run: true vrfs: - name: MGMT destinations: @@ -331,5 +317,19 @@ sflow: - destination: 10.10.10.12 port: 1234 source_interface: Loopback321 -metadata: - platform: vEOS-LAB + run: true +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml index 9b09ab5048c..fae40b7e5f6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/sflow-tests-spine2.yml @@ -1,168 +1,154 @@ -hostname: sflow-tests-spine2 -is_deployed: true -router_bgp: - as: '65200' - router_id: 10.255.0.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.0.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.0.21/24 - gateway: 192.168.0.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 ethernet_interfaces: - name: Ethernet9 + description: P2P_sflow-tests-spine1_Ethernet9 + shutdown: false + mtu: 9214 peer: sflow-tests-spine1 peer_interface: Ethernet9 peer_type: spine + sflow: + enable: true switchport: enabled: false +- name: Ethernet10 + description: P2P_sflow-tests-spine1_Ethernet10 shutdown: false mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine1_Ethernet9 -- name: Ethernet10 peer: sflow-tests-spine1 peer_interface: Ethernet10 peer_type: spine + sflow: + enable: false switchport: enabled: false +- name: Ethernet11 + description: P2P_sflow-tests-spine1_Ethernet11 shutdown: false mtu: 9214 - sflow: - enable: false - description: P2P_sflow-tests-spine1_Ethernet10 -- name: Ethernet11 peer: sflow-tests-spine1 peer_interface: Ethernet11 peer_type: spine + sflow: + enable: true switchport: enabled: false +- name: Ethernet12 + description: P2P_sflow-tests-spine1_Ethernet12 shutdown: false mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine1_Ethernet11 -- name: Ethernet12 peer: sflow-tests-spine1 peer_interface: Ethernet12 peer_type: spine + sflow: + enable: true switchport: enabled: false +- name: Ethernet13 + description: P2P_sflow-tests-spine1_Ethernet13 shutdown: false mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine1_Ethernet12 -- name: Ethernet13 peer: sflow-tests-spine1 peer_interface: Ethernet13 peer_type: spine + sflow: + enable: false switchport: enabled: false +- name: Ethernet14 + description: P2P_sflow-tests-spine1_Ethernet14 shutdown: false mtu: 9214 - sflow: - enable: false - description: P2P_sflow-tests-spine1_Ethernet13 -- name: Ethernet14 peer: sflow-tests-spine1 peer_interface: Ethernet14 peer_type: spine + sflow: + enable: true switchport: enabled: false +hostname: sflow-tests-spine2 +ip_routing: true +is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID shutdown: false - mtu: 9214 - sflow: - enable: true - description: P2P_sflow-tests-spine1_Ethernet14 + ip_address: 10.255.0.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.0.21/24 + type: oob + gateway: 192.168.0.1 +metadata: + platform: vEOS-LAB +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65200' + router_id: 10.255.0.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent sflow: - run: true vrfs: - name: MGMT destinations: @@ -174,5 +160,19 @@ sflow: - destination: 10.10.10.12 port: 1234 source_interface: Loopback321 -metadata: - platform: vEOS-LAB + run: true +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.0.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml index 063f65e5f0a..caa6d8c1e95 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-disabled-leaf.yml @@ -1,38 +1,156 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_cv-pathfinder-edge_Ethernet52 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-edge + peer_interface: Ethernet52 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet1.1000 + description: P2P_cv-pathfinder-edge_Ethernet52.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-edge + peer_interface: Ethernet52.1000 + peer_type: wan_router +- name: Ethernet1.142 + description: P2P_cv-pathfinder-edge_Ethernet52.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-edge + peer_interface: Ethernet52.142 + peer_type: wan_router +- name: Ethernet1.666 + description: P2P_cv-pathfinder-edge_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-edge + peer_interface: Ethernet52.666 + peer_type: wan_router +- name: Ethernet2 + description: P2P_cv-pathfinder-edge1_Ethernet52 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-edge1 + peer_interface: Ethernet52 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet2.1000 + description: P2P_cv-pathfinder-edge1_Ethernet52.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-edge1 + peer_interface: Ethernet52.1000 + peer_type: wan_router +- name: Ethernet2.142 + description: P2P_cv-pathfinder-edge1_Ethernet52.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-edge1 + peer_interface: Ethernet52.142 + peer_type: wan_router +- name: Ethernet2.666 + description: P2P_cv-pathfinder-edge1_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-edge1 + peer_interface: Ethernet52.666 + peer_type: wan_router hostname: site-ha-disabled-leaf +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.45.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.255.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65199' router_id: 192.168.45.4 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS @@ -44,18 +162,47 @@ router_bgp: remote_as: '65000' peer: cv-pathfinder-edge1 description: cv-pathfinder-edge1_Ethernet52 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.4:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.4:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned + - id: 666 + tenant: TenantC + rd: 192.168.45.4:1666 + route_targets: + both: + - 1666:1666 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: IT - router_id: 192.168.45.4 - neighbors: - - ip_address: 172.17.0.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge_Ethernet52.1000_vrf_IT - - ip_address: 172.17.0.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge1_Ethernet52.1000_vrf_IT rd: 192.168.45.4:1000 route_targets: import: @@ -66,20 +213,20 @@ router_bgp: - address_family: evpn route_targets: - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD router_id: 192.168.45.4 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge_Ethernet52.142_vrf_PROD + description: cv-pathfinder-edge_Ethernet52.1000_vrf_IT - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge1_Ethernet52.142_vrf_PROD + description: cv-pathfinder-edge1_Ethernet52.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD rd: 192.168.45.4:142 route_targets: import: @@ -90,20 +237,20 @@ router_bgp: - address_family: evpn route_targets: - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK router_id: 192.168.45.4 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-edge_Ethernet52.142_vrf_PROD - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge1_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-edge1_Ethernet52.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK rd: 192.168.45.4:666 route_targets: import: @@ -114,6 +261,16 @@ router_bgp: - address_family: evpn route_targets: - 666:666 + router_id: 192.168.45.4 + neighbors: + - ip_address: 172.17.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge1_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK redistribute: connected: enabled: true @@ -128,179 +285,27 @@ router_bgp: - address_family: evpn route_targets: - '1:1' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 100 - tenant: TenantA - rd: 192.168.45.4:1100 - route_targets: - both: - - 1100:1100 - redistribute_routes: - - learned - - id: 101 - tenant: TenantA - rd: 192.168.45.4:1101 - route_targets: - both: - - 1101:1101 - redistribute_routes: - - learned - - id: 666 - tenant: TenantC - rd: 192.168.45.4:1666 - route_targets: - both: - - 1666:1666 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: VLAN100 + shutdown: true + vrf: PROD + ip_address_virtual: 10.0.100.1/24 + tenant: TenantA +- name: Vlan666 + description: VLAN666 + shutdown: true + vrf: ATTRACTED-VRF-FROM-UPLINK + ip_address: 10.66.66.1 + ip_address_virtual: 10.66.66.66/24 + tenant: TenantC vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: cv-pathfinder-edge - peer_interface: Ethernet52 - peer_type: wan_router - description: P2P_cv-pathfinder-edge_Ethernet52 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.0/31 -- name: Ethernet1.1000 - peer: cv-pathfinder-edge - peer_interface: Ethernet52.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-edge_Ethernet52.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.0/31 -- name: Ethernet1.142 - peer: cv-pathfinder-edge - peer_interface: Ethernet52.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-edge_Ethernet52.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.0/31 -- name: Ethernet1.666 - peer: cv-pathfinder-edge - peer_interface: Ethernet52.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-edge_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.0/31 -- name: Ethernet2 - peer: cv-pathfinder-edge1 - peer_interface: Ethernet52 - peer_type: wan_router - description: P2P_cv-pathfinder-edge1_Ethernet52 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.2/31 -- name: Ethernet2.1000 - peer: cv-pathfinder-edge1 - peer_interface: Ethernet52.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-edge1_Ethernet52.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.2/31 -- name: Ethernet2.142 - peer: cv-pathfinder-edge1 - peer_interface: Ethernet52.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-edge1_Ethernet52.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.2/31 -- name: Ethernet2.666 - peer: cv-pathfinder-edge1 - peer_interface: Ethernet52.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-edge1_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.2/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.45.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.255.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.45.0/24 eq 32 - - sequence: 20 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: VLAN100 @@ -311,29 +316,24 @@ vlans: - id: 666 name: VLAN666 tenant: TenantC -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:01 -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true tenant: TenantA - description: VLAN100 - shutdown: true - ip_address_virtual: 10.0.100.1/24 - vrf: PROD -- name: Vlan666 +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true tenant: TenantC - description: VLAN666 - shutdown: true - ip_address: 10.66.66.1 - ip_address_virtual: 10.66.66.66/24 - vrf: ATTRACTED-VRF-FROM-UPLINK vxlan_interface: vxlan1: description: site-ha-disabled-leaf_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 1100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml index 38a83767ced..f96dfa6a0fb 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf1.yml @@ -1,38 +1,156 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_cv-pathfinder-transit1A_Ethernet52 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet1.1000 + description: P2P_cv-pathfinder-transit1A_Ethernet52.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52.1000 + peer_type: wan_router +- name: Ethernet1.142 + description: P2P_cv-pathfinder-transit1A_Ethernet52.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52.142 + peer_type: wan_router +- name: Ethernet1.666 + description: P2P_cv-pathfinder-transit1A_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.0/31 + peer: cv-pathfinder-transit1A + peer_interface: Ethernet52.666 + peer_type: wan_router +- name: Ethernet2 + description: P2P_cv-pathfinder-transit1B_Ethernet52 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet2.1000 + description: P2P_cv-pathfinder-transit1B_Ethernet52.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52.1000 + peer_type: wan_router +- name: Ethernet2.142 + description: P2P_cv-pathfinder-transit1B_Ethernet52.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52.142 + peer_type: wan_router +- name: Ethernet2.666 + description: P2P_cv-pathfinder-transit1B_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.2/31 + peer: cv-pathfinder-transit1B + peer_interface: Ethernet52.666 + peer_type: wan_router hostname: site-ha-enabled-leaf1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.45.1/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65199' router_id: 192.168.45.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS @@ -44,18 +162,47 @@ router_bgp: remote_as: '65000' peer: cv-pathfinder-transit1B description: cv-pathfinder-transit1B_Ethernet52 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.1:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.1:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned + - id: 666 + tenant: TenantC + rd: 192.168.45.1:1666 + route_targets: + both: + - 1666:1666 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: IT - router_id: 192.168.45.1 - neighbors: - - ip_address: 172.17.0.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-transit1A_Ethernet52.1000_vrf_IT - - ip_address: 172.17.0.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-transit1B_Ethernet52.1000_vrf_IT rd: 192.168.45.1:1000 route_targets: import: @@ -66,20 +213,20 @@ router_bgp: - address_family: evpn route_targets: - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD router_id: 192.168.45.1 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-transit1A_Ethernet52.142_vrf_PROD + description: cv-pathfinder-transit1A_Ethernet52.1000_vrf_IT - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-transit1B_Ethernet52.142_vrf_PROD + description: cv-pathfinder-transit1B_Ethernet52.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD rd: 192.168.45.1:142 route_targets: import: @@ -90,20 +237,20 @@ router_bgp: - address_family: evpn route_targets: - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK router_id: 192.168.45.1 neighbors: - ip_address: 172.17.0.1 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-transit1A_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-transit1A_Ethernet52.142_vrf_PROD - ip_address: 172.17.0.3 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-transit1B_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-transit1B_Ethernet52.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK rd: 192.168.45.1:666 route_targets: import: @@ -114,6 +261,16 @@ router_bgp: - address_family: evpn route_targets: - 666:666 + router_id: 192.168.45.1 + neighbors: + - ip_address: 172.17.0.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-transit1A_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-transit1B_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK redistribute: connected: enabled: true @@ -128,179 +285,26 @@ router_bgp: - address_family: evpn route_targets: - '1:1' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 100 - tenant: TenantA - rd: 192.168.45.1:1100 - route_targets: - both: - - 1100:1100 - redistribute_routes: - - learned - - id: 101 - tenant: TenantA - rd: 192.168.45.1:1101 - route_targets: - both: - - 1101:1101 - redistribute_routes: - - learned - - id: 666 - tenant: TenantC - rd: 192.168.45.1:1666 - route_targets: - both: - - 1666:1666 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: VLAN100 + shutdown: true + vrf: PROD + ip_address_virtual: 10.0.100.1/24 + tenant: TenantA +- name: Vlan666 + description: VLAN666 + shutdown: true + vrf: ATTRACTED-VRF-FROM-UPLINK + ip_address_virtual: 10.66.66.66/24 + tenant: TenantC vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: cv-pathfinder-transit1A - peer_interface: Ethernet52 - peer_type: wan_router - description: P2P_cv-pathfinder-transit1A_Ethernet52 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.0/31 -- name: Ethernet1.1000 - peer: cv-pathfinder-transit1A - peer_interface: Ethernet52.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-transit1A_Ethernet52.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.0/31 -- name: Ethernet1.142 - peer: cv-pathfinder-transit1A - peer_interface: Ethernet52.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-transit1A_Ethernet52.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.0/31 -- name: Ethernet1.666 - peer: cv-pathfinder-transit1A - peer_interface: Ethernet52.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-transit1A_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.0/31 -- name: Ethernet2 - peer: cv-pathfinder-transit1B - peer_interface: Ethernet52 - peer_type: wan_router - description: P2P_cv-pathfinder-transit1B_Ethernet52 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.2/31 -- name: Ethernet2.1000 - peer: cv-pathfinder-transit1B - peer_interface: Ethernet52.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-transit1B_Ethernet52.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.2/31 -- name: Ethernet2.142 - peer: cv-pathfinder-transit1B - peer_interface: Ethernet52.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-transit1B_Ethernet52.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.2/31 -- name: Ethernet2.666 - peer: cv-pathfinder-transit1B - peer_interface: Ethernet52.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-transit1B_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.2/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.45.1/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.45.0/24 eq 32 - - sequence: 20 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: VLAN100 @@ -311,28 +315,24 @@ vlans: - id: 666 name: VLAN666 tenant: TenantC -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:01 -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true tenant: TenantA - description: VLAN100 - shutdown: true - ip_address_virtual: 10.0.100.1/24 - vrf: PROD -- name: Vlan666 +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true tenant: TenantC - description: VLAN666 - shutdown: true - ip_address_virtual: 10.66.66.66/24 - vrf: ATTRACTED-VRF-FROM-UPLINK vxlan_interface: vxlan1: description: site-ha-enabled-leaf1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 1100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml index 7cd16b45675..c84f09ac900 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2A.yml @@ -1,38 +1,156 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_cv-pathfinder-edge2A_Ethernet52 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.4/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet1.1000 + description: P2P_cv-pathfinder-edge2A_Ethernet52.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.4/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.1000 + peer_type: wan_router +- name: Ethernet1.142 + description: P2P_cv-pathfinder-edge2A_Ethernet52.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.4/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.142 + peer_type: wan_router +- name: Ethernet1.666 + description: P2P_cv-pathfinder-edge2A_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.4/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet52.666 + peer_type: wan_router +- name: Ethernet2 + description: P2P_cv-pathfinder-edge2B_Ethernet52 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.8/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet2.1000 + description: P2P_cv-pathfinder-edge2B_Ethernet52.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.8/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.1000 + peer_type: wan_router +- name: Ethernet2.142 + description: P2P_cv-pathfinder-edge2B_Ethernet52.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.8/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.142 + peer_type: wan_router +- name: Ethernet2.666 + description: P2P_cv-pathfinder-edge2B_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.8/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet52.666 + peer_type: wan_router hostname: site-ha-enabled-leaf2A +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.45.2/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65199' router_id: 192.168.45.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.0.5 peer_group: IPv4-UNDERLAY-PEERS @@ -44,18 +162,47 @@ router_bgp: remote_as: '65000' peer: cv-pathfinder-edge2B description: cv-pathfinder-edge2B_Ethernet52 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.2:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.2:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned + - id: 666 + tenant: TenantC + rd: 192.168.45.2:1666 + route_targets: + both: + - 1666:1666 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: IT - router_id: 192.168.45.2 - neighbors: - - ip_address: 172.17.0.5 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2A_Ethernet52.1000_vrf_IT - - ip_address: 172.17.0.9 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2B_Ethernet52.1000_vrf_IT rd: 192.168.45.2:1000 route_targets: import: @@ -66,20 +213,20 @@ router_bgp: - address_family: evpn route_targets: - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD router_id: 192.168.45.2 neighbors: - ip_address: 172.17.0.5 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2A_Ethernet52.142_vrf_PROD + description: cv-pathfinder-edge2A_Ethernet52.1000_vrf_IT - ip_address: 172.17.0.9 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2B_Ethernet52.142_vrf_PROD + description: cv-pathfinder-edge2B_Ethernet52.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD rd: 192.168.45.2:142 route_targets: import: @@ -90,20 +237,20 @@ router_bgp: - address_family: evpn route_targets: - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK router_id: 192.168.45.2 neighbors: - ip_address: 172.17.0.5 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2A_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-edge2A_Ethernet52.142_vrf_PROD - ip_address: 172.17.0.9 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2B_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-edge2B_Ethernet52.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK rd: 192.168.45.2:666 route_targets: import: @@ -114,6 +261,16 @@ router_bgp: - address_family: evpn route_targets: - 666:666 + router_id: 192.168.45.2 + neighbors: + - ip_address: 172.17.0.5 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.9 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet52.666_vrf_ATTRACTED-VRF-FROM-UPLINK redistribute: connected: enabled: true @@ -128,179 +285,26 @@ router_bgp: - address_family: evpn route_targets: - '1:1' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 100 - tenant: TenantA - rd: 192.168.45.2:1100 - route_targets: - both: - - 1100:1100 - redistribute_routes: - - learned - - id: 101 - tenant: TenantA - rd: 192.168.45.2:1101 - route_targets: - both: - - 1101:1101 - redistribute_routes: - - learned - - id: 666 - tenant: TenantC - rd: 192.168.45.2:1666 - route_targets: - both: - - 1666:1666 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: VLAN100 + shutdown: true + vrf: PROD + ip_address_virtual: 10.0.100.1/24 + tenant: TenantA +- name: Vlan666 + description: VLAN666 + shutdown: true + vrf: ATTRACTED-VRF-FROM-UPLINK + ip_address_virtual: 10.66.66.66/24 + tenant: TenantC vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet52 - peer_type: wan_router - description: P2P_cv-pathfinder-edge2A_Ethernet52 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.4/31 -- name: Ethernet1.1000 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet52.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-edge2A_Ethernet52.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.4/31 -- name: Ethernet1.142 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet52.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-edge2A_Ethernet52.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.4/31 -- name: Ethernet1.666 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet52.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-edge2A_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.4/31 -- name: Ethernet2 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet52 - peer_type: wan_router - description: P2P_cv-pathfinder-edge2B_Ethernet52 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.8/31 -- name: Ethernet2.1000 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet52.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-edge2B_Ethernet52.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.8/31 -- name: Ethernet2.142 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet52.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-edge2B_Ethernet52.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.8/31 -- name: Ethernet2.666 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet52.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-edge2B_Ethernet52.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.8/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.45.2/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.45.0/24 eq 32 - - sequence: 20 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: VLAN100 @@ -311,28 +315,24 @@ vlans: - id: 666 name: VLAN666 tenant: TenantC -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:01 -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true tenant: TenantA - description: VLAN100 - shutdown: true - ip_address_virtual: 10.0.100.1/24 - vrf: PROD -- name: Vlan666 +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true tenant: TenantC - description: VLAN666 - shutdown: true - ip_address_virtual: 10.66.66.66/24 - vrf: ATTRACTED-VRF-FROM-UPLINK vxlan_interface: vxlan1: description: site-ha-enabled-leaf2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 1100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml index 0fa73330482..e978df2796e 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/site-ha-enabled-leaf2B.yml @@ -1,38 +1,156 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_cv-pathfinder-edge2A_Ethernet53 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.6/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet1.1000 + description: P2P_cv-pathfinder-edge2A_Ethernet53.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.6/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.1000 + peer_type: wan_router +- name: Ethernet1.142 + description: P2P_cv-pathfinder-edge2A_Ethernet53.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.6/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.142 + peer_type: wan_router +- name: Ethernet1.666 + description: P2P_cv-pathfinder-edge2A_Ethernet53.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.6/31 + peer: cv-pathfinder-edge2A + peer_interface: Ethernet53.666 + peer_type: wan_router +- name: Ethernet2 + description: P2P_cv-pathfinder-edge2B_Ethernet53 + shutdown: false + mtu: 9214 + ip_address: 172.17.0.10/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet2.1000 + description: P2P_cv-pathfinder-edge2B_Ethernet53.1000_VRF_IT + shutdown: false + mtu: 9214 + vrf: IT + encapsulation_dot1q: + vlan: 1000 + ip_address: 172.17.0.10/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.1000 + peer_type: wan_router +- name: Ethernet2.142 + description: P2P_cv-pathfinder-edge2B_Ethernet53.142_VRF_PROD + shutdown: false + mtu: 9214 + vrf: PROD + encapsulation_dot1q: + vlan: 142 + ip_address: 172.17.0.10/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.142 + peer_type: wan_router +- name: Ethernet2.666 + description: P2P_cv-pathfinder-edge2B_Ethernet53.666_VRF_ATTRACTED-VRF-FROM-UPLINK + shutdown: false + mtu: 9214 + vrf: ATTRACTED-VRF-FROM-UPLINK + encapsulation_dot1q: + vlan: 666 + ip_address: 172.17.0.10/31 + peer: cv-pathfinder-edge2B + peer_interface: Ethernet53.666 + peer_type: wan_router hostname: site-ha-enabled-leaf2B +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:01 is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.45.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.255.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.45.0/24 eq 32 + - sequence: 20 + action: permit 192.168.255.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65199' router_id: 192.168.45.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.17.0.7 peer_group: IPv4-UNDERLAY-PEERS @@ -44,18 +162,47 @@ router_bgp: remote_as: '65000' peer: cv-pathfinder-edge2B description: cv-pathfinder-edge2B_Ethernet53 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: TenantA + rd: 192.168.45.3:1100 + route_targets: + both: + - 1100:1100 + redistribute_routes: + - learned + - id: 101 + tenant: TenantA + rd: 192.168.45.3:1101 + route_targets: + both: + - 1101:1101 + redistribute_routes: + - learned + - id: 666 + tenant: TenantC + rd: 192.168.45.3:1666 + route_targets: + both: + - 1666:1666 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: IT - router_id: 192.168.45.3 - neighbors: - - ip_address: 172.17.0.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2A_Ethernet53.1000_vrf_IT - - ip_address: 172.17.0.11 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65000' - description: cv-pathfinder-edge2B_Ethernet53.1000_vrf_IT rd: 192.168.45.3:1000 route_targets: import: @@ -66,20 +213,20 @@ router_bgp: - address_family: evpn route_targets: - 1000:1000 - redistribute: - connected: - enabled: true - - name: PROD router_id: 192.168.45.3 neighbors: - ip_address: 172.17.0.7 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2A_Ethernet53.142_vrf_PROD + description: cv-pathfinder-edge2A_Ethernet53.1000_vrf_IT - ip_address: 172.17.0.11 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2B_Ethernet53.142_vrf_PROD + description: cv-pathfinder-edge2B_Ethernet53.1000_vrf_IT + redistribute: + connected: + enabled: true + - name: PROD rd: 192.168.45.3:142 route_targets: import: @@ -90,20 +237,20 @@ router_bgp: - address_family: evpn route_targets: - 142:142 - redistribute: - connected: - enabled: true - - name: ATTRACTED-VRF-FROM-UPLINK router_id: 192.168.45.3 neighbors: - ip_address: 172.17.0.7 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2A_Ethernet53.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-edge2A_Ethernet53.142_vrf_PROD - ip_address: 172.17.0.11 peer_group: IPv4-UNDERLAY-PEERS remote_as: '65000' - description: cv-pathfinder-edge2B_Ethernet53.666_vrf_ATTRACTED-VRF-FROM-UPLINK + description: cv-pathfinder-edge2B_Ethernet53.142_vrf_PROD + redistribute: + connected: + enabled: true + - name: ATTRACTED-VRF-FROM-UPLINK rd: 192.168.45.3:666 route_targets: import: @@ -114,6 +261,16 @@ router_bgp: - address_family: evpn route_targets: - 666:666 + router_id: 192.168.45.3 + neighbors: + - ip_address: 172.17.0.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2A_Ethernet53.666_vrf_ATTRACTED-VRF-FROM-UPLINK + - ip_address: 172.17.0.11 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65000' + description: cv-pathfinder-edge2B_Ethernet53.666_vrf_ATTRACTED-VRF-FROM-UPLINK redistribute: connected: enabled: true @@ -128,179 +285,26 @@ router_bgp: - address_family: evpn route_targets: - '1:1' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vlans: - - id: 100 - tenant: TenantA - rd: 192.168.45.3:1100 - route_targets: - both: - - 1100:1100 - redistribute_routes: - - learned - - id: 101 - tenant: TenantA - rd: 192.168.45.3:1101 - route_targets: - both: - - 1101:1101 - redistribute_routes: - - learned - - id: 666 - tenant: TenantC - rd: 192.168.45.3:1666 - route_targets: - both: - - 1666:1666 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: VLAN100 + shutdown: true + vrf: PROD + ip_address_virtual: 10.0.100.1/24 + tenant: TenantA +- name: Vlan666 + description: VLAN666 + shutdown: true + vrf: ATTRACTED-VRF-FROM-UPLINK + ip_address_virtual: 10.66.66.66/24 + tenant: TenantC vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: IT - tenant: TenantA - ip_routing: true -- name: PROD - tenant: TenantA - ip_routing: true -- name: ATTRACTED-VRF-FROM-UPLINK - tenant: TenantC - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ethernet_interfaces: -- name: Ethernet1 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet53 - peer_type: wan_router - description: P2P_cv-pathfinder-edge2A_Ethernet53 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.6/31 -- name: Ethernet1.1000 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet53.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-edge2A_Ethernet53.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.6/31 -- name: Ethernet1.142 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet53.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-edge2A_Ethernet53.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.6/31 -- name: Ethernet1.666 - peer: cv-pathfinder-edge2A - peer_interface: Ethernet53.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-edge2A_Ethernet53.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.6/31 -- name: Ethernet2 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet53 - peer_type: wan_router - description: P2P_cv-pathfinder-edge2B_Ethernet53 - shutdown: false - mtu: 9214 - switchport: - enabled: false - ip_address: 172.17.0.10/31 -- name: Ethernet2.1000 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet53.1000 - peer_type: wan_router - vrf: IT - description: P2P_cv-pathfinder-edge2B_Ethernet53.1000_VRF_IT - shutdown: false - encapsulation_dot1q: - vlan: 1000 - mtu: 9214 - ip_address: 172.17.0.10/31 -- name: Ethernet2.142 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet53.142 - peer_type: wan_router - vrf: PROD - description: P2P_cv-pathfinder-edge2B_Ethernet53.142_VRF_PROD - shutdown: false - encapsulation_dot1q: - vlan: 142 - mtu: 9214 - ip_address: 172.17.0.10/31 -- name: Ethernet2.666 - peer: cv-pathfinder-edge2B - peer_interface: Ethernet53.666 - peer_type: wan_router - vrf: ATTRACTED-VRF-FROM-UPLINK - description: P2P_cv-pathfinder-edge2B_Ethernet53.666_VRF_ATTRACTED-VRF-FROM-UPLINK - shutdown: false - encapsulation_dot1q: - vlan: 666 - mtu: 9214 - ip_address: 172.17.0.10/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.45.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.255.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.45.0/24 eq 32 - - sequence: 20 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: VLAN100 @@ -311,28 +315,24 @@ vlans: - id: 666 name: VLAN666 tenant: TenantC -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:01 -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: IT + ip_routing: true tenant: TenantA - description: VLAN100 - shutdown: true - ip_address_virtual: 10.0.100.1/24 - vrf: PROD -- name: Vlan666 +- name: PROD + ip_routing: true + tenant: TenantA +- name: ATTRACTED-VRF-FROM-UPLINK + ip_routing: true tenant: TenantC - description: VLAN666 - shutdown: true - ip_address_virtual: 10.66.66.66/24 - vrf: ATTRACTED-VRF-FROM-UPLINK vxlan_interface: vxlan1: description: site-ha-enabled-leaf2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 1100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-1.yml index e629223d581..9cce42ca5fa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-1.yml @@ -1,38 +1,65 @@ -hostname: snmp-settings-1 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 10.10.10.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: snmp-settings-1 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 10.10.10.43/26 - gateway: 10.10.10.1 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 10.10.10.1 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com + communities: + - name: SNMP-COMMUNITY-1 + access: ro + access_list_ipv4: + name: onur + - name: SNMP-COMMUNITY-2 + access: rw + access_list_ipv4: + name: SNMP-MGMT + access_list_ipv6: + name: SNMP-MGMT + view: VW-READ + - name: SNMP-COMMUNITY-3 + ipv4_acls: + - name: SNMP-MGMT + vrf: MGMT + - name: onur + ipv6_acls: + - name: SNMP-MGMT + vrf: MGMT + - name: onur_v6 + views: + - name: VW-WRITE + mib_family_name: iso + included: true + - name: VW-READ + mib_family_name: iso + included: true + groups: + - name: GRP-READ-ONLY + version: v3 + authentication: priv + read: v3read + - name: GRP-READ-WRITE + version: v3 + authentication: auth + read: v3read + write: v3write users: - name: usertest-auth-priv group: usergroup @@ -78,50 +105,23 @@ snmp_server: users: - username: USER-WRITE authentication_level: auth + traps: + enable: true vrfs: - name: default enable: false - name: MGMT enable: true - communities: - - name: SNMP-COMMUNITY-1 - access: ro - access_list_ipv4: - name: onur - - name: SNMP-COMMUNITY-2 - access: rw - access_list_ipv4: - name: SNMP-MGMT - access_list_ipv6: - name: SNMP-MGMT - view: VW-READ - - name: SNMP-COMMUNITY-3 - ipv4_acls: - - name: SNMP-MGMT - vrf: MGMT - - name: onur - ipv6_acls: - - name: SNMP-MGMT - vrf: MGMT - - name: onur_v6 - views: - - name: VW-WRITE - mib_family_name: iso - included: true - - name: VW-READ - mib_family_name: iso - included: true - groups: - - name: GRP-READ-ONLY - version: v3 - authentication: priv - read: v3read - - name: GRP-READ-WRITE - version: v3 - authentication: auth - read: v3read - write: v3write - traps: - enable: true -ip_igmp_snooping: - globally_enabled: true +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 10.10.10.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-2.yml index ec3e9841763..7a400c081e9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/snmp-settings-2.yml @@ -1,24 +1,17 @@ -hostname: snmp-settings-2 -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false +hostname: snmp-settings-2 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true management_api_http: + enable_https: true enable_vrfs: - name: MGMT - enable_https: true +service_routing_protocols_model: multi-agent snmp_server: hosts: - host: 10.6.75.125 @@ -50,16 +43,23 @@ snmp_server: enable: true - name: SNMPVRF enable: true -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan123 description: Inband Management shutdown: false - mtu: 1500 ip_address: 192.168.0.1/24 + mtu: 1500 type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/source-interfaces.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/source-interfaces.yml index 07f8afc92d1..4b287eb917b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/source-interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/source-interfaces.yml @@ -1,37 +1,21 @@ -hostname: source-interfaces -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: default - ip_routing: false -- name: INBANDMGMT -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: default - ip_address: 192.168.0.2/24 - type: oob -management_api_http: - enable_vrfs: - - name: default - enable_https: true -ip_radius_source_interfaces: +hostname: source-interfaces +ip_domain_lookup: + source_interfaces: + - name: Management1 + - name: Vlan4092 + vrf: INBANDMGMT +ip_http_client_source_interfaces: - name: Management1 - name: Vlan4092 vrf: INBANDMGMT -ip_tacacs_source_interfaces: +ip_igmp_snooping: + globally_enabled: true +ip_radius_source_interfaces: - name: Management1 - name: Vlan4092 vrf: INBANDMGMT @@ -39,35 +23,51 @@ ip_ssh_client_source_interfaces: - name: Management1 - name: Vlan4092 vrf: INBANDMGMT -ip_domain_lookup: - source_interfaces: - - name: Management1 - - name: Vlan4092 - vrf: INBANDMGMT -ip_http_client_source_interfaces: +ip_tacacs_source_interfaces: - name: Management1 - name: Vlan4092 vrf: INBANDMGMT +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: default +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: default + ip_address: 192.168.0.2/24 + type: oob +service_routing_protocols_model: multi-agent snmp_server: local_interfaces: - name: Management1 - name: Vlan4092 vrf: INBANDMGMT -ip_igmp_snooping: - globally_enabled: true -vlans: -- id: 4092 - tenant: system - name: INBAND_MGMT +static_routes: +- vrf: INBANDMGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 10.20.30.1 +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4092 description: Inband Management shutdown: false - mtu: 1500 vrf: INBANDMGMT ip_address: 10.20.30.40/24 + mtu: 1500 type: inband_mgmt -static_routes: -- destination_address_prefix: 0.0.0.0/0 - gateway: 10.20.30.1 - vrf: INBANDMGMT +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: INBAND_MGMT + tenant: system +vrfs: +- name: default + ip_routing: false +- name: INBANDMGMT diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/spanning-tree-mode-rapid-pvst.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/spanning-tree-mode-rapid-pvst.yml index af11c959480..5195fa30f6d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/spanning-tree-mode-rapid-pvst.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/spanning-tree-mode-rapid-pvst.yml @@ -1,17 +1,17 @@ -hostname: spanning-tree-mode-rapid-pvst -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +hostname: spanning-tree-mode-rapid-pvst +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +service_routing_protocols_model: multi-agent spanning_tree: mode: rapid-pvst rapid_pvst_instances: @@ -21,13 +21,12 @@ spanning_tree: priority: 32768 - id: 1-10,13-20,23-4093 priority: 8192 -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 10 name: DEFAULTPRIORITY @@ -53,5 +52,6 @@ vlans: - id: 23 name: PRIORITY8192 tenant: test -ip_igmp_snooping: - globally_enabled: true +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1a.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1a.yml index 782025e2415..e8648554224 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1a.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1a.yml @@ -1,186 +1,186 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_trunk-group-tests-l2leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l2leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_trunk-group-tests-l2leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l2leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_trunk-group-tests-l3leaf1a_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l3leaf1a + peer_interface: Ethernet1 + peer_type: l3leaf +- name: Ethernet2 + description: L2_trunk-group-tests-l3leaf1b_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l3leaf1b + peer_interface: Ethernet1 + peer_type: l3leaf +- name: Ethernet13 + description: SERVER_server_with_tg_300_Nic3 + shutdown: false + channel_group: + id: 13 + mode: active + peer: server_with_tg_300 + peer_interface: Nic3 + peer_type: server hostname: trunk-group-tests-l2leaf1a +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: TRUNK_GROUP_TESTS_L2LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.248.1 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_trunk-group-tests-l2leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_TRUNK_GROUP_TESTS_L3LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - UPLINK +- name: Port-Channel13 + description: portchannel + shutdown: false + mlag: 13 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TG_NOT_MATCHING_ANY_VLANS + - TG_300 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.248.0/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 100 name: svi100_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_100 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 200 name: svi200_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 300 name: svi300_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_300 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 398 name: svi398_without_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 110 name: l2vlan110_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_100 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 210 name: l2vlan210_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 310 name: l2vlan310_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_300 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 399 name: l2vlan399_without_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - UPLINK -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.248.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_trunk-group-tests-l2leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_TRUNK_GROUP_TESTS_L3LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - UPLINK - shutdown: false - mlag: 1 -- name: Port-Channel13 - description: portchannel - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TG_NOT_MATCHING_ANY_VLANS - - TG_300 - mlag: 13 -ethernet_interfaces: -- name: Ethernet3 - peer: trunk-group-tests-l2leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l2leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: trunk-group-tests-l2leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l2leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: trunk-group-tests-l3leaf1a - peer_interface: Ethernet1 - peer_type: l3leaf - description: L2_trunk-group-tests-l3leaf1a_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: trunk-group-tests-l3leaf1b - peer_interface: Ethernet1 - peer_type: l3leaf - description: L2_trunk-group-tests-l3leaf1b_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet13 - peer: server_with_tg_300 - peer_interface: Nic3 - peer_type: server - description: SERVER_server_with_tg_300_Nic3 - shutdown: false - channel_group: - id: 13 - mode: active -mlag_configuration: - domain_id: TRUNK_GROUP_TESTS_L2LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.248.1 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true + tenant: TRUNK_GROUP_TESTS +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1b.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1b.yml index e805f8b814e..45557678f26 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1b.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf1b.yml @@ -1,191 +1,191 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_trunk-group-tests-l2leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l2leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_trunk-group-tests-l2leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l2leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_trunk-group-tests-l3leaf1a_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l3leaf1a + peer_interface: Ethernet2 + peer_type: l3leaf +- name: Ethernet2 + description: L2_trunk-group-tests-l3leaf1b_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l3leaf1b + peer_interface: Ethernet2 + peer_type: l3leaf +- name: Ethernet12 + description: SERVER_server_with_tg_200_Nic1 + shutdown: false + peer: server_with_tg_200 + peer_interface: Nic1 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TG_NOT_MATCHING_ANY_VLANS + - TG_200 +- name: Ethernet13 + description: SERVER_server_with_tg_300_Nic4 + shutdown: false + channel_group: + id: 13 + mode: active + peer: server_with_tg_300 + peer_interface: Nic4 + peer_type: server hostname: trunk-group-tests-l2leaf1b +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: TRUNK_GROUP_TESTS_L2LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.248.0 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_trunk-group-tests-l2leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - CUSTOM_MLAG_TG_NAME +- name: Port-Channel1 + description: L2_TRUNK_GROUP_TESTS_L3LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - UPLINK +- name: Port-Channel13 + description: portchannel + shutdown: false + mlag: 13 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TG_NOT_MATCHING_ANY_VLANS + - TG_300 +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: '4094' static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.248.1/31 + mtu: 9214 + no_autostate: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: '4094' vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - CUSTOM_MLAG_TG_NAME + tenant: system - id: 100 name: svi100_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME + tenant: TRUNK_GROUP_TESTS - id: 200 name: svi200_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME - TG_200 + tenant: TRUNK_GROUP_TESTS - id: 300 name: svi300_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME - TG_300 + tenant: TRUNK_GROUP_TESTS - id: 398 name: svi398_without_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME + tenant: TRUNK_GROUP_TESTS - id: 110 name: l2vlan110_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME + tenant: TRUNK_GROUP_TESTS - id: 210 name: l2vlan210_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME - TG_200 + tenant: TRUNK_GROUP_TESTS - id: 310 name: l2vlan310_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME - TG_300 + tenant: TRUNK_GROUP_TESTS - id: 399 name: l2vlan399_without_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - CUSTOM_UPLINK_TG_NAME -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.248.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_trunk-group-tests-l2leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - CUSTOM_MLAG_TG_NAME - shutdown: false -- name: Port-Channel1 - description: L2_TRUNK_GROUP_TESTS_L3LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - UPLINK - shutdown: false - mlag: 1 -- name: Port-Channel13 - description: portchannel - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TG_NOT_MATCHING_ANY_VLANS - - TG_300 - mlag: 13 -ethernet_interfaces: -- name: Ethernet3 - peer: trunk-group-tests-l2leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l2leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: trunk-group-tests-l2leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l2leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: trunk-group-tests-l3leaf1a - peer_interface: Ethernet2 - peer_type: l3leaf - description: L2_trunk-group-tests-l3leaf1a_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: trunk-group-tests-l3leaf1b - peer_interface: Ethernet2 - peer_type: l3leaf - description: L2_trunk-group-tests-l3leaf1b_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet12 - peer: server_with_tg_200 - peer_interface: Nic1 - peer_type: server - description: SERVER_server_with_tg_200_Nic1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TG_NOT_MATCHING_ANY_VLANS - - TG_200 -- name: Ethernet13 - peer: server_with_tg_300 - peer_interface: Nic4 - peer_type: server - description: SERVER_server_with_tg_300_Nic4 - shutdown: false - channel_group: - id: 13 - mode: active -mlag_configuration: - domain_id: TRUNK_GROUP_TESTS_L2LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.248.0 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true + tenant: TRUNK_GROUP_TESTS +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf3.yml index 6f49efb759e..02d747c9262 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf3.yml @@ -1,53 +1,33 @@ -hostname: trunk-group-tests-l2leaf3 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: trunk-group-tests-l3leaf1a - peer_interface: Ethernet5 - peer_type: l3leaf description: L2_trunk-group-tests-l3leaf1a_Ethernet5 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: trunk-group-tests-l3leaf1b + peer: trunk-group-tests-l3leaf1a peer_interface: Ethernet5 peer_type: l3leaf +- name: Ethernet2 description: L2_trunk-group-tests-l3leaf1b_Ethernet5 shutdown: false channel_group: id: 1 mode: active + peer: trunk-group-tests-l3leaf1b + peer_interface: Ethernet5 + peer_type: l3leaf - name: Ethernet12 + description: SERVER_server_with_tg_200_Nic2 + shutdown: false peer: server_with_tg_200 peer_interface: Nic2 peer_type: server - description: SERVER_server_with_tg_200_Nic2 - shutdown: false switchport: enabled: true mode: trunk @@ -55,28 +35,48 @@ ethernet_interfaces: groups: - TG_NOT_MATCHING_ANY_VLANS - TG_200 +hostname: trunk-group-tests-l2leaf3 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_TRUNK_GROUP_TESTS_L3LEAF1_Port-Channel5 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - UPLINK - shutdown: false +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 200 name: svi200_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - TG_200 - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 210 name: l2vlan210_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - TG_200 - UPLINK -ip_igmp_snooping: - globally_enabled: true + tenant: TRUNK_GROUP_TESTS +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf4.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf4.yml index b6af2772a62..5a354dd0663 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf4.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l2leaf4.yml @@ -1,53 +1,33 @@ -hostname: trunk-group-tests-l2leaf4 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: trunk-group-tests-l3leaf2a - peer_interface: Ethernet1 - peer_type: l3leaf description: L2_trunk-group-tests-l3leaf2a_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: trunk-group-tests-l3leaf2b + peer: trunk-group-tests-l3leaf2a peer_interface: Ethernet1 peer_type: l3leaf +- name: Ethernet2 description: L2_trunk-group-tests-l3leaf2b_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: trunk-group-tests-l3leaf2b + peer_interface: Ethernet1 + peer_type: l3leaf - name: Ethernet12 + description: SERVER_server_with_tg_200_Nic3 + shutdown: false peer: server_with_tg_200 peer_interface: Nic3 peer_type: server - description: SERVER_server_with_tg_200_Nic3 - shutdown: false switchport: enabled: true mode: trunk @@ -55,30 +35,50 @@ ethernet_interfaces: groups: - TG_NOT_MATCHING_ANY_VLANS - TG_200 +hostname: trunk-group-tests-l2leaf4 +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_TRUNK_GROUP_TESTS_L3LEAF2_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - UPLINK - shutdown: false +service_routing_protocols_model: multi-agent +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 1.1.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 200 name: svi200_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK + tenant: TRUNK_GROUP_TESTS - id: 210 name: l2vlan210_with_trunk_groups - tenant: TRUNK_GROUP_TESTS trunk_groups: - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - UPLINK -ip_igmp_snooping: - globally_enabled: true + tenant: TRUNK_GROUP_TESTS +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1a.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1a.yml index 5c010fb956b..e49bcbb9439 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1a.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1a.yml @@ -1,124 +1,221 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_trunk-group-tests-l3leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_trunk-group-tests-l3leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_trunk-group-tests-l2leaf1a_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l2leaf1a + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet2 + description: L2_trunk-group-tests-l2leaf1b_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l2leaf1b + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: L2_trunk-group-tests-l2leaf3_Ethernet1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: trunk-group-tests-l2leaf3 + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet11 + description: SERVER_server_with_tg_100_Nic1 + shutdown: false + peer: server_with_tg_100 + peer_interface: Nic1 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TG_NOT_MATCHING_ANY_VLANS + - TG_100 +- name: Ethernet13 + description: SERVER_server_with_tg_300_Nic1 + shutdown: false + channel_group: + id: 13 + mode: active + peer: server_with_tg_300 + peer_interface: Nic1 + peer_type: server hostname: trunk-group-tests-l3leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.250.9/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.249.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: TRUNK_GROUP_TESTS_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.248.1 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_trunk-group-tests-l3leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_TRUNK_GROUP_TESTS_L2LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Port-Channel5 + description: L2_trunk-group-tests-l2leaf3_Port-Channel1 + shutdown: false + mlag: 5 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - trunk-group-tests-l2leaf3 +- name: Port-Channel13 + description: portchannel + shutdown: false + mlag: 13 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TG_NOT_MATCHING_ANY_VLANS + - TG_300 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.250.0/24 eq 32 + - sequence: 20 + action: permit 192.168.249.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.247.0/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.250.9 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: trunk-group-tests-l3leaf1b - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.247.1 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: trunk-group-tests-l3leaf1b description: trunk-group-tests-l3leaf1b_Vlan4093 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TG_100 - rd: 192.168.250.9:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - router_id: 192.168.250.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.247.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: trunk-group-tests-l3leaf1b_Vlan3099 - updates: - wait_install: true - - name: TG_200 - rd: 192.168.250.9:200 - route_targets: - import: - - address_family: evpn - route_targets: - - 200:200 - export: - - address_family: evpn - route_targets: - - 200:200 - router_id: 192.168.250.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.247.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: trunk-group-tests-l3leaf1b_Vlan3199 - updates: - wait_install: true - - name: TG_300 - rd: 192.168.250.9:300 - route_targets: - import: - - address_family: evpn - route_targets: - - 300:300 - export: - - address_family: evpn - route_targets: - - 300:300 - router_id: 192.168.250.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.247.1 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: trunk-group-tests-l3leaf1b_Vlan3299 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 100 tenant: TRUNK_GROUP_TESTS @@ -200,113 +297,250 @@ router_bgp: - 10399:10399 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TG_100 + rd: 192.168.250.9:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.250.9 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.247.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: trunk-group-tests-l3leaf1b_Vlan3099 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TG_200 + rd: 192.168.250.9:200 + route_targets: + import: + - address_family: evpn + route_targets: + - 200:200 + export: + - address_family: evpn + route_targets: + - 200:200 + router_id: 192.168.250.9 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.247.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: trunk-group-tests-l3leaf1b_Vlan3199 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TG_300 + rd: 192.168.250.9:300 + route_targets: + import: + - address_family: evpn + route_targets: + - 300:300 + export: + - address_family: evpn + route_targets: + - 300:300 + router_id: 192.168.250.9 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.247.1 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: trunk-group-tests-l3leaf1b_Vlan3299 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.247.0/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.248.0/31 + mtu: 9214 + no_autostate: true +- name: Vlan100 + description: svi100_with_trunk_groups + shutdown: false + vrf: TG_100 + ip_address_virtual: 10.1.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3099 + description: MLAG_L3_VRF_TG_100 + shutdown: false + vrf: TG_100 + ip_address: 10.255.247.0/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering +- name: Vlan200 + description: svi200_with_trunk_groups + shutdown: false + vrf: TG_200 + ip_address_virtual: 10.2.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3199 + description: MLAG_L3_VRF_TG_200 + shutdown: false + vrf: TG_200 + ip_address: 10.255.247.0/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering +- name: Vlan300 + description: svi300_with_trunk_groups + shutdown: false + vrf: TG_300 + ip_address_virtual: 10.3.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan301 + description: svi301_with_trunk_groups_only_l3leaf + shutdown: false + vrf: TG_300 + ip_address_virtual: 10.3.1.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 +- name: Vlan398 + description: svi398_without_trunk_groups + shutdown: false + vrf: TG_300 + ip_address_virtual: 10.3.1.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3299 + description: MLAG_L3_VRF_TG_300 + shutdown: false + vrf: TG_300 + ip_address: 10.255.247.0/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TG_100 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -- name: TG_200 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -- name: TG_300 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 100 + name: svi100_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - TG_100 - TG_NOT_MATCHING_ANY_SERVERS - name: svi100_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 110 + name: l2vlan110_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - TG_100 - TG_NOT_MATCHING_ANY_SERVERS - name: l2vlan110_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 200 + name: svi200_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf3 - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - name: svi200_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 210 + name: l2vlan210_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf3 - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - name: l2vlan210_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 300 + name: svi300_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - TG_300 - TG_NOT_MATCHING_ANY_SERVERS - name: svi300_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 310 + name: l2vlan310_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - TG_300 - TG_NOT_MATCHING_ANY_SERVERS - name: l2vlan310_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 398 + name: svi398_without_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - name: svi398_without_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 399 + name: l2vlan399_without_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - MLAG - name: l2vlan399_without_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 3099 name: MLAG_L3_VRF_TG_100 @@ -320,11 +554,11 @@ vlans: tenant: TRUNK_GROUP_TESTS - id: 301 name: svi301_with_trunk_groups_only_l3leaf - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_300 - TG_NOT_MATCHING_ANY_SERVERS + tenant: TRUNK_GROUP_TESTS - id: 3299 name: MLAG_L3_VRF_TG_300 trunk_groups: @@ -332,263 +566,29 @@ vlans: tenant: TRUNK_GROUP_TESTS - id: 311 name: l2vlan310_with_trunk_groups_only_l3leaf - tenant: TRUNK_GROUP_TESTS trunk_groups: - MLAG - TG_300 - TG_NOT_MATCHING_ANY_SERVERS -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.247.0/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.248.0/31 -- name: Vlan100 - tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi100_with_trunk_groups - shutdown: false - ip_address_virtual: 10.1.0.1/24 - vrf: TG_100 -- name: Vlan3099 - tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_100 - vrf: TG_100 - mtu: 9214 - ip_address: 10.255.247.0/31 -- name: Vlan200 - tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi200_with_trunk_groups - shutdown: false - ip_address_virtual: 10.2.0.1/24 - vrf: TG_200 -- name: Vlan3199 - tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_200 - vrf: TG_200 - mtu: 9214 - ip_address: 10.255.247.0/31 -- name: Vlan300 tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi300_with_trunk_groups - shutdown: false - ip_address_virtual: 10.3.0.1/24 - vrf: TG_300 -- name: Vlan301 +vrfs: +- name: MGMT + ip_routing: false +- name: TG_100 + ip_routing: true tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - description: svi301_with_trunk_groups_only_l3leaf - shutdown: false - ip_address_virtual: 10.3.1.1/24 - vrf: TG_300 -- name: Vlan398 +- name: TG_200 + ip_routing: true tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi398_without_trunk_groups - shutdown: false - ip_address_virtual: 10.3.1.1/24 - vrf: TG_300 -- name: Vlan3299 +- name: TG_300 + ip_routing: true tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_300 - vrf: TG_300 - mtu: 9214 - ip_address: 10.255.247.0/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_trunk-group-tests-l3leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_TRUNK_GROUP_TESTS_L2LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TRUNK_GROUP_TESTS_L2LEAF1 - shutdown: false - mlag: 1 -- name: Port-Channel5 - description: L2_trunk-group-tests-l2leaf3_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - trunk-group-tests-l2leaf3 - shutdown: false - mlag: 5 -- name: Port-Channel13 - description: portchannel - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TG_NOT_MATCHING_ANY_VLANS - - TG_300 - mlag: 13 -ethernet_interfaces: -- name: Ethernet3 - peer: trunk-group-tests-l3leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: trunk-group-tests-l3leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: trunk-group-tests-l2leaf1a - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf1a_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: trunk-group-tests-l2leaf1b - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf1b_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet5 - peer: trunk-group-tests-l2leaf3 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf3_Ethernet1 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet11 - peer: server_with_tg_100 - peer_interface: Nic1 - peer_type: server - description: SERVER_server_with_tg_100_Nic1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TG_NOT_MATCHING_ANY_VLANS - - TG_100 -- name: Ethernet13 - peer: server_with_tg_300 - peer_interface: Nic1 - peer_type: server - description: SERVER_server_with_tg_300_Nic1 - shutdown: false - channel_group: - id: 13 - mode: active -mlag_configuration: - domain_id: TRUNK_GROUP_TESTS_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.248.1 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.250.9/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.249.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.250.0/24 eq 32 - - sequence: 20 - action: permit 192.168.249.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.247.0/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: trunk-group-tests-l3leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1b.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1b.yml index 2896704ea3a..246e09ca1d3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1b.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf1b.yml @@ -1,124 +1,209 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_trunk-group-tests-l3leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_trunk-group-tests-l3leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_trunk-group-tests-l2leaf1a_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l2leaf1a + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet2 + description: L2_trunk-group-tests-l2leaf1b_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l2leaf1b + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: L2_trunk-group-tests-l2leaf3_Ethernet2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: trunk-group-tests-l2leaf3 + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet13 + description: SERVER_server_with_tg_300_Nic2 + shutdown: false + channel_group: + id: 13 + mode: active + peer: server_with_tg_300 + peer_interface: Nic2 + peer_type: server hostname: trunk-group-tests-l3leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.250.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.249.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: TRUNK_GROUP_TESTS_L3LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.248.0 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_trunk-group-tests-l3leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - CUSTOM_MLAG_TG_NAME + - CUSTOM_LEAF_PEER_L3_TG_NAME +- name: Port-Channel1 + description: L2_TRUNK_GROUP_TESTS_L2LEAF1_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Port-Channel5 + description: L2_trunk-group-tests-l2leaf3_Port-Channel1 + shutdown: false + mlag: 5 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - trunk-group-tests-l2leaf3 +- name: Port-Channel13 + description: portchannel + shutdown: false + mlag: 13 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - TG_NOT_MATCHING_ANY_VLANS + - TG_300 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.250.0/24 eq 32 + - sequence: 20 + action: permit 192.168.249.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.247.0/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.250.10 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65001' - next_hop_self: true description: trunk-group-tests-l3leaf1a - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.247.0 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: trunk-group-tests-l3leaf1a description: trunk-group-tests-l3leaf1a_Vlan4093 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: TG_100 - rd: 192.168.250.10:100 - route_targets: - import: - - address_family: evpn - route_targets: - - 100:100 - export: - - address_family: evpn - route_targets: - - 100:100 - router_id: 192.168.250.10 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.247.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: trunk-group-tests-l3leaf1a_Vlan3099 - updates: - wait_install: true - - name: TG_200 - rd: 192.168.250.10:200 - route_targets: - import: - - address_family: evpn - route_targets: - - 200:200 - export: - - address_family: evpn - route_targets: - - 200:200 - router_id: 192.168.250.10 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.247.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: trunk-group-tests-l3leaf1a_Vlan3199 - updates: - wait_install: true - - name: TG_300 - rd: 192.168.250.10:300 - route_targets: - import: - - address_family: evpn - route_targets: - - 300:300 - export: - - address_family: evpn - route_targets: - - 300:300 - router_id: 192.168.250.10 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.247.0 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: trunk-group-tests-l3leaf1a_Vlan3299 - updates: - wait_install: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 100 tenant: TRUNK_GROUP_TESTS @@ -200,103 +285,240 @@ router_bgp: - 10399:10399 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: TG_100 + rd: 192.168.250.10:100 + route_targets: + import: + - address_family: evpn + route_targets: + - 100:100 + export: + - address_family: evpn + route_targets: + - 100:100 + router_id: 192.168.250.10 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.247.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: trunk-group-tests-l3leaf1a_Vlan3099 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TG_200 + rd: 192.168.250.10:200 + route_targets: + import: + - address_family: evpn + route_targets: + - 200:200 + export: + - address_family: evpn + route_targets: + - 200:200 + router_id: 192.168.250.10 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.247.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: trunk-group-tests-l3leaf1a_Vlan3199 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: TG_300 + rd: 192.168.250.10:300 + route_targets: + import: + - address_family: evpn + route_targets: + - 300:300 + export: + - address_family: evpn + route_targets: + - 300:300 + router_id: 192.168.250.10 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.247.0 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: trunk-group-tests-l3leaf1a_Vlan3299 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.247.1/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.248.1/31 + mtu: 9214 + no_autostate: true +- name: Vlan100 + description: svi100_with_trunk_groups + shutdown: false + vrf: TG_100 + ip_address_virtual: 10.1.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3099 + description: MLAG_L3_VRF_TG_100 + shutdown: false + vrf: TG_100 + ip_address: 10.255.247.1/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering +- name: Vlan200 + description: svi200_with_trunk_groups + shutdown: false + vrf: TG_200 + ip_address_virtual: 10.2.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3199 + description: MLAG_L3_VRF_TG_200 + shutdown: false + vrf: TG_200 + ip_address: 10.255.247.1/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering +- name: Vlan300 + description: svi300_with_trunk_groups + shutdown: false + vrf: TG_300 + ip_address_virtual: 10.3.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan301 + description: svi301_with_trunk_groups_only_l3leaf + shutdown: false + vrf: TG_300 + ip_address_virtual: 10.3.1.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 +- name: Vlan398 + description: svi398_without_trunk_groups + shutdown: false + vrf: TG_300 + ip_address_virtual: 10.3.1.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3299 + description: MLAG_L3_VRF_TG_300 + shutdown: false + vrf: TG_300 + ip_address: 10.255.247.1/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TG_100 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -- name: TG_200 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -- name: TG_300 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - CUSTOM_LEAF_PEER_L3_TG_NAME -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - CUSTOM_MLAG_TG_NAME + tenant: system - id: 100 + name: svi100_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - name: svi100_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 110 + name: l2vlan110_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - name: l2vlan110_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 200 + name: svi200_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf3 - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - name: svi200_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 210 + name: l2vlan210_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf3 - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - name: l2vlan210_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 300 + name: svi300_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - TG_300 - name: svi300_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 310 + name: l2vlan310_with_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - TG_300 - name: l2vlan310_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 398 + name: svi398_without_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - name: svi398_without_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 399 + name: l2vlan399_without_trunk_groups trunk_groups: - TRUNK_GROUP_TESTS_L2LEAF1 - CUSTOM_MLAG_TG_NAME - name: l2vlan399_without_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 3099 name: MLAG_L3_VRF_TG_100 @@ -310,10 +532,10 @@ vlans: tenant: TRUNK_GROUP_TESTS - id: 301 name: svi301_with_trunk_groups_only_l3leaf - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - TG_300 + tenant: TRUNK_GROUP_TESTS - id: 3299 name: MLAG_L3_VRF_TG_300 trunk_groups: @@ -321,250 +543,28 @@ vlans: tenant: TRUNK_GROUP_TESTS - id: 311 name: l2vlan310_with_trunk_groups_only_l3leaf - tenant: TRUNK_GROUP_TESTS trunk_groups: - CUSTOM_MLAG_TG_NAME - TG_300 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.247.1/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.248.1/31 -- name: Vlan100 - tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi100_with_trunk_groups - shutdown: false - ip_address_virtual: 10.1.0.1/24 - vrf: TG_100 -- name: Vlan3099 - tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_100 - vrf: TG_100 - mtu: 9214 - ip_address: 10.255.247.1/31 -- name: Vlan200 - tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi200_with_trunk_groups - shutdown: false - ip_address_virtual: 10.2.0.1/24 - vrf: TG_200 -- name: Vlan3199 - tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_200 - vrf: TG_200 - mtu: 9214 - ip_address: 10.255.247.1/31 -- name: Vlan300 tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi300_with_trunk_groups - shutdown: false - ip_address_virtual: 10.3.0.1/24 - vrf: TG_300 -- name: Vlan301 +vrfs: +- name: MGMT + ip_routing: false +- name: TG_100 + ip_routing: true tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - description: svi301_with_trunk_groups_only_l3leaf - shutdown: false - ip_address_virtual: 10.3.1.1/24 - vrf: TG_300 -- name: Vlan398 +- name: TG_200 + ip_routing: true tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi398_without_trunk_groups - shutdown: false - ip_address_virtual: 10.3.1.1/24 - vrf: TG_300 -- name: Vlan3299 +- name: TG_300 + ip_routing: true tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_300 - vrf: TG_300 - mtu: 9214 - ip_address: 10.255.247.1/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_trunk-group-tests-l3leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - CUSTOM_MLAG_TG_NAME - - CUSTOM_LEAF_PEER_L3_TG_NAME - shutdown: false -- name: Port-Channel1 - description: L2_TRUNK_GROUP_TESTS_L2LEAF1_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TRUNK_GROUP_TESTS_L2LEAF1 - shutdown: false - mlag: 1 -- name: Port-Channel5 - description: L2_trunk-group-tests-l2leaf3_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - trunk-group-tests-l2leaf3 - shutdown: false - mlag: 5 -- name: Port-Channel13 - description: portchannel - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - groups: - - TG_NOT_MATCHING_ANY_VLANS - - TG_300 - mlag: 13 -ethernet_interfaces: -- name: Ethernet3 - peer: trunk-group-tests-l3leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: trunk-group-tests-l3leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: trunk-group-tests-l2leaf1a - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf1a_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: trunk-group-tests-l2leaf1b - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf1b_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet5 - peer: trunk-group-tests-l2leaf3 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf3_Ethernet2 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet13 - peer: server_with_tg_300 - peer_interface: Nic2 - peer_type: server - description: SERVER_server_with_tg_300_Nic2 - shutdown: false - channel_group: - id: 13 - mode: active -mlag_configuration: - domain_id: TRUNK_GROUP_TESTS_L3LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.248.0 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.250.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.249.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.250.0/24 eq 32 - - sequence: 20 - action: permit 192.168.249.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.247.0/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: trunk-group-tests-l3leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2a.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2a.yml index e1a6fa3ea19..8561d4207b7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2a.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2a.yml @@ -1,57 +1,189 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_trunk-group-tests-l3leaf2b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf2b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_trunk-group-tests-l3leaf2b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf2b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_trunk-group-tests-l2leaf4_Ethernet1 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l2leaf4 + peer_interface: Ethernet1 + peer_type: l2leaf hostname: trunk-group-tests-l3leaf2a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.250.11/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.249.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: TRUNK_GROUP_TESTS_L3LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.248.5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_trunk-group-tests-l3leaf2b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_trunk-group-tests-l2leaf4_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - trunk-group-tests-l2leaf4 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.250.0/24 eq 32 + - sequence: 20 + action: permit 192.168.249.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.247.4/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65002' router_id: 192.168.250.11 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65002' - next_hop_self: true description: trunk-group-tests-l3leaf2b - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.247.5 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: trunk-group-tests-l3leaf2b description: trunk-group-tests-l3leaf2b_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 200 + tenant: TRUNK_GROUP_TESTS + rd: 192.168.250.11:10200 + route_targets: + both: + - 10200:10200 + redistribute_routes: + - learned + - id: 210 + tenant: TRUNK_GROUP_TESTS + rd: 192.168.250.11:10210 + route_targets: + both: + - 10210:10210 + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TG_200 rd: 192.168.250.11:200 @@ -65,234 +197,102 @@ router_bgp: route_targets: - 200:200 router_id: 192.168.250.11 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.247.5 peer_group: MLAG-IPv4-UNDERLAY-PEER description: trunk-group-tests-l3leaf2b_Vlan3199 - updates: - wait_install: true - vlans: - - id: 200 - tenant: TRUNK_GROUP_TESTS - rd: 192.168.250.11:10200 - route_targets: - both: - - 10200:10200 - redistribute_routes: - - learned - - id: 210 - tenant: TRUNK_GROUP_TESTS - rd: 192.168.250.11:10210 - route_targets: - both: - - 10210:10210 - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.247.4/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.248.4/31 + mtu: 9214 + no_autostate: true +- name: Vlan200 + description: svi200_with_trunk_groups + shutdown: false + vrf: TG_200 + ip_address_virtual: 10.2.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3199 + description: MLAG_L3_VRF_TG_200 + shutdown: false + vrf: TG_200 + ip_address: 10.255.247.4/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TG_200 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 200 + name: svi200_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf4 - MLAG - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - name: svi200_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 210 + name: l2vlan210_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf4 - MLAG - TG_200 - TG_NOT_MATCHING_ANY_SERVERS - name: l2vlan210_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 3199 name: MLAG_L3_VRF_TG_200 trunk_groups: - MLAG tenant: TRUNK_GROUP_TESTS -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.247.4/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.248.4/31 -- name: Vlan200 - tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi200_with_trunk_groups - shutdown: false - ip_address_virtual: 10.2.0.1/24 - vrf: TG_200 -- name: Vlan3199 +vrfs: +- name: MGMT + ip_routing: false +- name: TG_200 + ip_routing: true tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_200 - vrf: TG_200 - mtu: 9214 - ip_address: 10.255.247.4/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_trunk-group-tests-l3leaf2b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_trunk-group-tests-l2leaf4_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - trunk-group-tests-l2leaf4 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: trunk-group-tests-l3leaf2b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf2b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: trunk-group-tests-l3leaf2b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf2b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: trunk-group-tests-l2leaf4 - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf4_Ethernet1 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: TRUNK_GROUP_TESTS_L3LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.248.5 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.250.11/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.249.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.250.0/24 eq 32 - - sequence: 20 - action: permit 192.168.249.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.247.4/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: trunk-group-tests-l3leaf2a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 200 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2b.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2b.yml index 472256773de..c57d04b7a41 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2b.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/trunk-group-tests-l3leaf2b.yml @@ -1,57 +1,189 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_trunk-group-tests-l3leaf2a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf2a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_trunk-group-tests-l3leaf2a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: trunk-group-tests-l3leaf2a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_trunk-group-tests-l2leaf4_Ethernet2 + shutdown: false + channel_group: + id: 1 + mode: active + peer: trunk-group-tests-l2leaf4 + peer_interface: Ethernet2 + peer_type: l2leaf hostname: trunk-group-tests-l3leaf2b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.250.12/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.249.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +mlag_configuration: + domain_id: TRUNK_GROUP_TESTS_L3LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.248.4 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_trunk-group-tests-l3leaf2a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - CUSTOM_MLAG_TG_NAME +- name: Port-Channel1 + description: L2_trunk-group-tests-l2leaf4_Port-Channel1 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + groups: + - trunk-group-tests-l2leaf4 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.250.0/24 eq 32 + - sequence: 20 + action: permit 192.168.249.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.247.4/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65002' router_id: 192.168.250.12 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65002' - next_hop_self: true description: trunk-group-tests-l3leaf2a - maximum_routes: 12000 + next_hop_self: true send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.247.4 peer_group: MLAG-IPv4-UNDERLAY-PEER peer: trunk-group-tests-l3leaf2a description: trunk-group-tests-l3leaf2a_Vlan4093 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 200 + tenant: TRUNK_GROUP_TESTS + rd: 192.168.250.12:10200 + route_targets: + both: + - 10200:10200 + redistribute_routes: + - learned + - id: 210 + tenant: TRUNK_GROUP_TESTS + rd: 192.168.250.12:10210 + route_targets: + both: + - 10210:10210 + redistribute_routes: + - learned address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: TG_200 rd: 192.168.250.12:200 @@ -65,230 +197,98 @@ router_bgp: route_targets: - 200:200 router_id: 192.168.250.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.247.4 peer_group: MLAG-IPv4-UNDERLAY-PEER description: trunk-group-tests-l3leaf2a_Vlan3199 - updates: - wait_install: true - vlans: - - id: 200 - tenant: TRUNK_GROUP_TESTS - rd: 192.168.250.12:10200 - route_targets: - both: - - 10200:10200 - redistribute_routes: - - learned - - id: 210 - tenant: TRUNK_GROUP_TESTS - rd: 192.168.250.12:10210 - route_targets: - both: - - 10210:10210 - redistribute_routes: - - learned + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + no_spanning_tree_vlan: 4093-4094 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 1.1.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.247.5/31 + mtu: 9214 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.248.5/31 + mtu: 9214 + no_autostate: true +- name: Vlan200 + description: svi200_with_trunk_groups + shutdown: false + vrf: TG_200 + ip_address_virtual: 10.2.0.1/24 + tenant: TRUNK_GROUP_TESTS + tags: + - TRUNK_GROUP_TESTS_L3LEAF1 + - TRUNK_GROUP_TESTS_L2LEAF1 +- name: Vlan3199 + description: MLAG_L3_VRF_TG_200 + shutdown: false + vrf: TG_200 + ip_address: 10.255.247.5/31 + mtu: 9214 + tenant: TRUNK_GROUP_TESTS + type: underlay_peering vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: TG_200 - tenant: TRUNK_GROUP_TESTS - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -spanning_tree: - no_spanning_tree_vlan: 4093-4094 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - CUSTOM_MLAG_TG_NAME -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - CUSTOM_MLAG_TG_NAME + tenant: system - id: 200 + name: svi200_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf4 - CUSTOM_MLAG_TG_NAME - name: svi200_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 210 + name: l2vlan210_with_trunk_groups trunk_groups: - trunk-group-tests-l2leaf4 - CUSTOM_MLAG_TG_NAME - name: l2vlan210_with_trunk_groups tenant: TRUNK_GROUP_TESTS - id: 3199 name: MLAG_L3_VRF_TG_200 trunk_groups: - CUSTOM_MLAG_TG_NAME tenant: TRUNK_GROUP_TESTS -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 9214 - ip_address: 10.255.247.5/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 9214 - ip_address: 10.255.248.5/31 -- name: Vlan200 - tenant: TRUNK_GROUP_TESTS - tags: - - TRUNK_GROUP_TESTS_L3LEAF1 - - TRUNK_GROUP_TESTS_L2LEAF1 - description: svi200_with_trunk_groups - shutdown: false - ip_address_virtual: 10.2.0.1/24 - vrf: TG_200 -- name: Vlan3199 +vrfs: +- name: MGMT + ip_routing: false +- name: TG_200 + ip_routing: true tenant: TRUNK_GROUP_TESTS - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_TG_200 - vrf: TG_200 - mtu: 9214 - ip_address: 10.255.247.5/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_trunk-group-tests-l3leaf2a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - CUSTOM_MLAG_TG_NAME - shutdown: false -- name: Port-Channel1 - description: L2_trunk-group-tests-l2leaf4_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - trunk-group-tests-l2leaf4 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: trunk-group-tests-l3leaf2a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf2a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: trunk-group-tests-l3leaf2a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_trunk-group-tests-l3leaf2a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: trunk-group-tests-l2leaf4 - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_trunk-group-tests-l2leaf4_Ethernet2 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: TRUNK_GROUP_TESTS_L3LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.248.4 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.250.12/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.249.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.250.0/24 eq 32 - - sequence: 20 - action: permit 192.168.249.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.247.4/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vxlan_interface: vxlan1: description: trunk-group-tests-l3leaf2b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 200 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_1.yml index d8cc1f2f686..0b74e40cd57 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_1.yml @@ -1,106 +1,35 @@ -hostname: underlay_filter_peer_as_evpn_1 -is_deployed: true -router_bgp: - as: '64512' - router_id: 192.168.255.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.153.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '64513' - peer: underlay_filter_peer_as_evpn_2 - description: underlay_filter_peer_as_evpn_2_Ethernet1 - route_map_out: RM-BGP-AS64513-OUT - - ip_address: 192.168.153.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '64513' - peer: underlay_filter_peer_as_evpn_3 - description: underlay_filter_peer_as_evpn_3_Ethernet1 - route_map_out: RM-BGP-AS64513-OUT - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: underlay_filter_peer_as_evpn_2 - description: underlay_filter_peer_as_evpn_2_Loopback0 - remote_as: '64513' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: underlay_filter_peer_as_evpn_3 - description: underlay_filter_peer_as_evpn_3_Loopback0 - remote_as: '64513' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: underlay_filter_peer_as_evpn_2 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_underlay_filter_peer_as_evpn_2_Ethernet1 shutdown: false mtu: 9214 - switchport: - enabled: false ip_address: 192.168.153.1/31 -- name: Ethernet2 - peer: underlay_filter_peer_as_evpn_3 + peer: underlay_filter_peer_as_evpn_2 peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_underlay_filter_peer_as_evpn_3_Ethernet1 shutdown: false mtu: 9214 + ip_address: 192.168.153.3/31 + peer: underlay_filter_peer_as_evpn_3 + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ip_address: 192.168.153.3/31 +hostname: underlay_filter_peer_as_evpn_1 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -110,6 +39,10 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.254.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -137,12 +70,79 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '64512' + router_id: 192.168.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.153.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '64513' + peer: underlay_filter_peer_as_evpn_2 + description: underlay_filter_peer_as_evpn_2_Ethernet1 + route_map_out: RM-BGP-AS64513-OUT + - ip_address: 192.168.153.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '64513' + peer: underlay_filter_peer_as_evpn_3 + description: underlay_filter_peer_as_evpn_3_Ethernet1 + route_map_out: RM-BGP-AS64513-OUT + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '64513' + peer: underlay_filter_peer_as_evpn_2 + description: underlay_filter_peer_as_evpn_2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '64513' + peer: underlay_filter_peer_as_evpn_3 + description: underlay_filter_peer_as_evpn_3_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: underlay_filter_peer_as_evpn_1_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_2.yml index fa59e0b4c15..3fea1502136 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_2.yml @@ -1,86 +1,25 @@ -hostname: underlay_filter_peer_as_evpn_2 -is_deployed: true -router_bgp: - as: '64513' - router_id: 192.168.255.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.153.1 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '64512' - peer: underlay_filter_peer_as_evpn_1 - description: underlay_filter_peer_as_evpn_1_Ethernet1 - route_map_out: RM-BGP-AS64512-OUT - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: underlay_filter_peer_as_evpn_1 - description: underlay_filter_peer_as_evpn_1_Loopback0 - remote_as: '64512' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: underlay_filter_peer_as_evpn_1 - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_underlay_filter_peer_as_evpn_1_Ethernet1 shutdown: false mtu: 9214 + ip_address: 192.168.153.0/31 + peer: underlay_filter_peer_as_evpn_1 + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ip_address: 192.168.153.0/31 +hostname: underlay_filter_peer_as_evpn_2 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -90,6 +29,10 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.254.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -117,12 +60,69 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '64513' + router_id: 192.168.255.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.153.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '64512' + peer: underlay_filter_peer_as_evpn_1 + description: underlay_filter_peer_as_evpn_1_Ethernet1 + route_map_out: RM-BGP-AS64512-OUT + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '64512' + peer: underlay_filter_peer_as_evpn_1 + description: underlay_filter_peer_as_evpn_1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: underlay_filter_peer_as_evpn_2_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_3.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_3.yml index 9424de6defc..66a1978a872 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_3.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/underlay_filter_peer_as_evpn_3.yml @@ -1,86 +1,25 @@ -hostname: underlay_filter_peer_as_evpn_3 -is_deployed: true -router_bgp: - as: '64513' - router_id: 192.168.255.3 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.153.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '64512' - peer: underlay_filter_peer_as_evpn_1 - description: underlay_filter_peer_as_evpn_1_Ethernet2 - route_map_out: RM-BGP-AS64512-OUT - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: underlay_filter_peer_as_evpn_1 - description: underlay_filter_peer_as_evpn_1_Loopback0 - remote_as: '64512' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: underlay_filter_peer_as_evpn_1 - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_underlay_filter_peer_as_evpn_1_Ethernet2 shutdown: false mtu: 9214 + ip_address: 192.168.153.2/31 + peer: underlay_filter_peer_as_evpn_1 + peer_interface: Ethernet2 + peer_type: l3leaf switchport: enabled: false - ip_address: 192.168.153.2/31 +hostname: underlay_filter_peer_as_evpn_3 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -90,6 +29,10 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.254.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -117,12 +60,69 @@ router_bfd: interval: 300 min_rx: 300 multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '64513' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.153.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '64512' + peer: underlay_filter_peer_as_evpn_1 + description: underlay_filter_peer_as_evpn_1_Ethernet2 + route_map_out: RM-BGP-AS64512-OUT + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '64512' + peer: underlay_filter_peer_as_evpn_1 + description: underlay_filter_peer_as_evpn_1_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: underlay_filter_peer_as_evpn_3_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-child.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-child.yml index 524aef5b6dc..3d0655e26b5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-child.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-child.yml @@ -1,50 +1,50 @@ -hostname: uplink-native-vlan-child -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 200 - name: NATIVE - state: suspend -- id: 100 - name: NETWORK_SERVICES_VLAN - tenant: test ethernet_interfaces: - name: Ethernet2 - peer: uplink-native-vlan-parent - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_uplink-native-vlan-parent_Ethernet2 shutdown: false channel_group: id: 2 mode: active + peer: uplink-native-vlan-parent + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: uplink-native-vlan-child +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel2 description: L2_uplink-native-vlan-parent_Port-Channel2 + shutdown: false switchport: enabled: true mode: trunk trunk: - native_vlan: 200 allowed_vlan: '100' - shutdown: false -ip_igmp_snooping: - globally_enabled: true + native_vlan: 200 +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 200 + name: NATIVE + state: suspend +- id: 100 + name: NETWORK_SERVICES_VLAN + tenant: test +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-grandparent.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-grandparent.yml index 585218ad674..cec3b442d13 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-grandparent.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-grandparent.yml @@ -1,47 +1,47 @@ -hostname: uplink-native-vlan-grandparent -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 - peer: uplink-native-vlan-parent - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_uplink-native-vlan-parent_Ethernet1 shutdown: false channel_group: id: 1 mode: active + peer: uplink-native-vlan-parent + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: uplink-native-vlan-grandparent +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_uplink-native-vlan-parent_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: - native_vlan: 100 allowed_vlan: '100' - shutdown: false + native_vlan: 100 +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 100 name: NETWORK_SERVICES_VLAN tenant: test -ip_igmp_snooping: - globally_enabled: true +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-parent.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-parent.yml index 46477eed32d..38014ed8ad9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-parent.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink-native-vlan-parent.yml @@ -1,68 +1,68 @@ -hostname: uplink-native-vlan-parent -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -vlans: -- id: 200 - name: NATIVE - state: suspend -- id: 100 - name: NETWORK_SERVICES_VLAN - tenant: test ethernet_interfaces: - name: Ethernet1 - peer: uplink-native-vlan-grandparent - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_uplink-native-vlan-grandparent_Ethernet1 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: uplink-native-vlan-child - peer_interface: Ethernet2 + peer: uplink-native-vlan-grandparent + peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet2 description: L2_uplink-native-vlan-child_Ethernet2 shutdown: false channel_group: id: 2 mode: active + peer: uplink-native-vlan-child + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: uplink-native-vlan-parent +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_uplink-native-vlan-grandparent_Port-Channel1 + shutdown: false switchport: enabled: true mode: trunk trunk: - native_vlan: 100 allowed_vlan: '100' - shutdown: false + native_vlan: 100 - name: Port-Channel2 description: L2_uplink-native-vlan-child_Port-Channel2 + shutdown: false switchport: enabled: true mode: trunk trunk: - native_vlan: 200 allowed_vlan: '100' - shutdown: false -ip_igmp_snooping: - globally_enabled: true + native_vlan: 200 +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 200 + name: NATIVE + state: suspend +- id: 100 + name: NETWORK_SERVICES_VLAN + tenant: test +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_l2leaf.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_l2leaf.yml index b113c95024e..ff8547003c4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_l2leaf.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_l2leaf.yml @@ -1,74 +1,46 @@ -hostname: uplink_lan_l2leaf -is_deployed: true -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet1 + description: L2_uplink_lan_wan_router1_Ethernet2 + shutdown: false + flow_tracker: + sampled: FLOW-TRACKER + spanning_tree_portfast: edge peer: uplink_lan_wan_router1 peer_interface: Ethernet2 peer_type: wan_router - description: L2_uplink_lan_wan_router1_Ethernet2 - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,100 native_vlan: 10 - spanning_tree_portfast: edge +- name: Ethernet2 + description: L2_uplink_lan_wan_router2_Ethernet2 + shutdown: false flow_tracker: sampled: FLOW-TRACKER -- name: Ethernet2 + spanning_tree_portfast: edge peer: uplink_lan_wan_router2 peer_interface: Ethernet2 peer_type: wan_router - description: L2_uplink_lan_wan_router2_Ethernet2 - shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 10,100 - spanning_tree_portfast: edge - flow_tracker: - sampled: FLOW-TRACKER -vlans: -- id: 10 - name: VLAN10_NATIVE - tenant: TEST -- id: 100 - name: VLAN100 - tenant: TEST -- id: 102 - name: VLAN102 - tenant: TEST -ip_igmp_snooping: - globally_enabled: true flow_tracking: sampled: sample: 10000 trackers: - - name: FLOW-TRACKER - record_export: + - record_export: on_inactive_timeout: 70000 on_interval: 300000 + name: FLOW-TRACKER exporters: - name: CV-TELEMETRY collector: @@ -76,3 +48,31 @@ flow_tracking: local_interface: Loopback0 template_interval: 3600000 shutdown: false +hostname: uplink_lan_l2leaf +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 10 + name: VLAN10_NATIVE + tenant: TEST +- id: 100 + name: VLAN100 + tenant: TEST +- id: 102 + name: VLAN102 + tenant: TEST +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router1.yml index 35762e30268..1427ecb56c0 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router1.yml @@ -1,153 +1,172 @@ -hostname: uplink_lan_wan_router1 -is_deployed: true -router_bgp: - as: '65100' - router_id: 192.168.1.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65100' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - vrfs: - - name: VRF1 - rd: 192.168.1.1:123 - route_targets: - import: - - address_family: evpn - route_targets: - - 123:123 - export: - - address_family: evpn - route_targets: - - 123:123 - router_id: 192.168.1.1 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.1.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.2.1/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: TEST - ip_routing: true - ipv6_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet2 - peer: uplink_lan_l2leaf - peer_interface: Ethernet1 VLAN 10 - peer_type: l2leaf description: L2_uplink_lan_l2leaf_Ethernet1 shutdown: false - switchport: - enabled: false - vrf: VRF1 - ip_address: 10.0.10.1/24 mtu: 9218 + vrf: VRF1 flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet2.100 + ip_address: 10.0.10.1/24 peer: uplink_lan_l2leaf - peer_interface: Ethernet1 VLAN 100 + peer_interface: Ethernet1 VLAN 10 peer_type: l2leaf + switchport: + enabled: false +- name: Ethernet2.100 description: My vlan 100 shutdown: false + vrf: VRF1 + flow_tracker: + hardware: FLOW-TRACKER encapsulation_dot1q: vlan: 100 - vrf: VRF1 ip_address: 10.0.100.1/24 - ipv6_address: cafe::cafe/64 ipv6_enable: true + ipv6_address: cafe::cafe/64 + peer: uplink_lan_l2leaf + peer_interface: Ethernet1 VLAN 100 + peer_type: l2leaf eos_cli: comment yo - flow_tracker: - hardware: FLOW-TRACKER _custom_key: custom_value - name: Ethernet1 - peer_type: l3_interface - ip_address: 10.9.9.9/31 + description: Comcast_999 shutdown: false + ip_address: 10.9.9.9/31 + peer_type: l3_interface switchport: enabled: false - description: Comcast_999 +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: uplink_lan_wan_router1 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.1.1:1 +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.2.1 + sa_policies: + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: test + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: CP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.1.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: region1 + - name: Zone + value: region1-ZONE + - name: Site + value: site1 + interface_tags: + - interface: Ethernet2 + tags: + - name: Type + value: lan + - interface: Ethernet2.100 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - name: Circuit + value: '999' + cv_pathfinder: + role: edge + region: region1 + zone: region1-ZONE + site: site1 + vtep_ip: 192.168.2.1 + ssl_profile: STUN-DTLS + interfaces: + - name: Ethernet1 + carrier: Comcast + circuit_id: '999' + pathgroup: INET prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -182,48 +201,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.1.1:1 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.2.1 - sa_policies: - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: test - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: CP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: edge region: @@ -240,6 +217,17 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - name: DEFAULT-POLICY-CONTROL-PLANE load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE + policies: + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: VRF1 policy: DEFAULT-POLICY @@ -253,25 +241,97 @@ router_adaptive_virtual_topology: id: 254 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65100' + router_id: 192.168.1.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65100' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: VRF1 + rd: 192.168.1.1:123 + route_targets: + import: + - address_family: evpn + route_targets: + - 123:123 + export: + - address_family: evpn + route_targets: + - 123:123 + router_id: 192.168.1.1 + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.1.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 100 @@ -286,89 +346,29 @@ router_path_selection: - name: LB-DEFAULT-POLICY-CONTROL-PLANE path_groups: - name: INET + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true -application_traffic_recognition: - application_profiles: - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.2.1/32 - flow_tracker: - hardware: FLOW-TRACKER +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + ipv6_routing: true + tenant: TEST vxlan_interface: vxlan1: description: uplink_lan_wan_router1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: VRF1 vni: 123 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: region1 - - name: Zone - value: region1-ZONE - - name: Site - value: site1 - interface_tags: - - interface: Ethernet2 - tags: - - name: Type - value: lan - - interface: Ethernet2.100 - tags: - - name: Type - value: lan - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast - - name: Circuit - value: '999' - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 192.168.2.1 - region: region1 - zone: region1-ZONE - site: site1 - interfaces: - - name: Ethernet1 - carrier: Comcast - circuit_id: '999' - pathgroup: INET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router2.yml index eef35c3ee53..62b671ac0ac 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/uplink_lan_wan_router2.yml @@ -1,162 +1,185 @@ -hostname: uplink_lan_wan_router2 -is_deployed: true -router_bgp: - as: '65100' - router_id: 192.168.1.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - send_community: all - maximum_routes: 0 - remote_as: '65100' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: false - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - vrfs: - - name: VRF1 - rd: 192.168.1.2:123 - route_targets: - import: - - address_family: evpn - route_targets: - - 123:123 - export: - - address_family: evpn - route_targets: - - 123:123 - router_id: 192.168.1.2 - redistribute: - connected: - enabled: true - - name: default - rd: 192.168.1.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE config_end: true +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 192.168.2.2/32 + flow_tracker: + hardware: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: TEST - ip_routing: true - ipv6_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true ethernet_interfaces: - name: Ethernet2 + description: L2_uplink_lan_l2leaf_Ethernet2 + shutdown: false + mtu: 9218 peer: uplink_lan_l2leaf peer_interface: Ethernet2 peer_type: l2leaf - description: L2_uplink_lan_l2leaf_Ethernet2 - shutdown: false switchport: enabled: false - mtu: 9218 - name: Ethernet2.10 - peer: uplink_lan_l2leaf - peer_interface: Ethernet2 VLAN 10 - peer_type: l2leaf description: VLAN10_NATIVE shutdown: false - encapsulation_dot1q: - vlan: 10 - vrf: VRF1 - ip_address: 10.0.10.1/24 mtu: 9218 + vrf: VRF1 flow_tracker: hardware: FLOW-TRACKER -- name: Ethernet2.100 + encapsulation_dot1q: + vlan: 10 + ip_address: 10.0.10.1/24 peer: uplink_lan_l2leaf - peer_interface: Ethernet2 VLAN 100 + peer_interface: Ethernet2 VLAN 10 peer_type: l2leaf +- name: Ethernet2.100 description: My vlan 100 shutdown: false + vrf: VRF1 + flow_tracker: + hardware: FLOW-TRACKER encapsulation_dot1q: vlan: 100 - vrf: VRF1 ip_address: 10.0.100.1/24 - ipv6_address: cafe::cafe/64 ipv6_enable: true + ipv6_address: cafe::cafe/64 + peer: uplink_lan_l2leaf + peer_interface: Ethernet2 VLAN 100 + peer_type: l2leaf eos_cli: comment yo - flow_tracker: - hardware: FLOW-TRACKER _custom_key: custom_value - name: Ethernet1 - peer_type: l3_interface - ip_address: 10.9.9.1/31 + description: Comcast_999 shutdown: false + ip_address: 10.9.9.1/31 + peer_type: l3_interface switchport: enabled: false - description: Comcast_999 +flow_tracking: + hardware: + trackers: + - name: FLOW-TRACKER + record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: uplink_lan_wan_router2 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.1.2:2 +ip_routing: true +ip_security: + ike_policies: + - name: CP-IKE-POLICY + local_id: 192.168.2.2 + sa_policies: + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: test + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: CP-PROFILE +is_deployed: true loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.1.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: region1 + - name: Zone + value: region1-ZONE + - name: Site + value: site2 + interface_tags: + - interface: Ethernet2 + tags: + - name: Type + value: lan + - interface: Ethernet2.10 + tags: + - name: Type + value: lan + - interface: Ethernet2.100 + tags: + - name: Type + value: lan + - interface: Ethernet1 + tags: + - name: Type + value: wan + - name: Carrier + value: Comcast + - name: Circuit + value: '999' + cv_pathfinder: + role: edge + region: region1 + zone: region1-ZONE + site: site2 + vtep_ip: 192.168.2.2 + ssl_profile: STUN-DTLS + interfaces: + - name: Ethernet1 + carrier: Comcast + circuit_id: '999' + pathgroup: INET prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -191,48 +214,6 @@ route_maps: type: permit match: - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.1.2:2 -ip_security: - ike_policies: - - name: CP-IKE-POLICY - local_id: 192.168.2.2 - sa_policies: - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: test - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: CP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' router_adaptive_virtual_topology: topology_role: edge region: @@ -249,6 +230,17 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-DEFAULT - name: DEFAULT-POLICY-CONTROL-PLANE load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE + policies: + - name: DEFAULT-POLICY + matches: + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: VRF1 policy: DEFAULT-POLICY @@ -262,25 +254,97 @@ router_adaptive_virtual_topology: id: 254 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY - matches: - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65100' + router_id: 192.168.1.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65100' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: VRF1 + rd: 192.168.1.2:123 + route_targets: + import: + - address_family: evpn + route_targets: + - 123:123 + export: + - address_family: evpn + route_targets: + - 123:123 + router_id: 192.168.1.2 + redistribute: + connected: + enabled: true + - name: default + rd: 192.168.1.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: INET id: 100 @@ -295,93 +359,29 @@ router_path_selection: - name: LB-DEFAULT-POLICY-CONTROL-PLANE path_groups: - name: INET + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true -application_traffic_recognition: - application_profiles: - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 192.168.2.2/32 - flow_tracker: - hardware: FLOW-TRACKER +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + ipv6_routing: true + tenant: TEST vxlan_interface: vxlan1: description: uplink_lan_wan_router2_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: VRF1 vni: 123 - name: default vni: 1 -flow_tracking: - hardware: - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: region1 - - name: Zone - value: region1-ZONE - - name: Site - value: site2 - interface_tags: - - interface: Ethernet2 - tags: - - name: Type - value: lan - - interface: Ethernet2.10 - tags: - - name: Type - value: lan - - interface: Ethernet2.100 - tags: - - name: Type - value: lan - - interface: Ethernet1 - tags: - - name: Type - value: wan - - name: Carrier - value: Comcast - - name: Circuit - value: '999' - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 192.168.2.2 - region: region1 - zone: region1-ZONE - site: site2 - interfaces: - - name: Ethernet1 - carrier: Comcast - circuit_id: '999' - pathgroup: INET diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/varpv6.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/varpv6.yml index ed35a170cec..4b1c6847936 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/varpv6.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/varpv6.yml @@ -1,58 +1,73 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: varpv6 +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.101/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.101/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '101' router_id: 192.168.255.101 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF1 - rd: 192.168.255.101:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - router_id: 192.168.255.101 - redistribute: - connected: - enabled: true + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 100 tenant: TENANT1 @@ -94,119 +109,104 @@ router_bgp: - 10500:10500 redistribute_routes: - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF1 + rd: 192.168.255.101:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + router_id: 192.168.255.101 + redistribute: + connected: + enabled: true service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: TENANT1 - ip_routing: true - ipv6_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.101/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.101/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -vlans: -- id: 100 - name: VARPv6_configured_1 - tenant: TENANT1 -- id: 200 - name: VARPv6_not_configured_1 - tenant: TENANT1 -- id: 300 - name: VARPv6_configured_2 - tenant: TENANT1 -- id: 400 - name: VARPv6_not_configured_2 - tenant: TENANT1 -- id: 500 - name: VARPv6_not_configured_3 - tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan100 - tenant: TENANT1 description: VARPv6_configured_1 shutdown: false + vrf: VRF1 ipv6_address: 2001:db8::2/64 ipv6_virtual_router_addresses: - fe80::1 - vrf: VRF1 -- name: Vlan200 tenant: TENANT1 +- name: Vlan200 description: VARPv6_not_configured_1 shutdown: false vrf: VRF1 -- name: Vlan300 tenant: TENANT1 +- name: Vlan300 description: VARPv6_configured_2 shutdown: false + vrf: VRF1 ipv6_enable: true ipv6_virtual_router_addresses: - fe80::1 - vrf: VRF1 -- name: Vlan400 tenant: TENANT1 +- name: Vlan400 description: VARPv6_not_configured_2 shutdown: false - ipv6_enable: false vrf: VRF1 -- name: Vlan500 + ipv6_enable: false tenant: TENANT1 +- name: Vlan500 description: VARPv6_not_configured_3 shutdown: false + vrf: VRF1 ipv6_enable: false ipv6_address_virtuals: - 2001:db8::1/64 - vrf: VRF1 + tenant: TENANT1 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 100 + name: VARPv6_configured_1 + tenant: TENANT1 +- id: 200 + name: VARPv6_not_configured_1 + tenant: TENANT1 +- id: 300 + name: VARPv6_configured_2 + tenant: TENANT1 +- id: 400 + name: VARPv6_not_configured_2 + tenant: TENANT1 +- id: 500 + name: VARPv6_not_configured_3 + tenant: TENANT1 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true + ipv6_routing: true + tenant: TENANT1 vxlan_interface: vxlan1: description: varpv6_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 10100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/vrfs_rd_rt_override.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/vrfs_rd_rt_override.yml index 97311e07652..53dfe419930 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/vrfs_rd_rt_override.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/vrfs_rd_rt_override.yml @@ -1,42 +1,100 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: vrfs_rd_rt_override +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.10.0.20/32 +- name: Loopback1 + description: MY_VTEP_LOOPBACK + shutdown: false + ip_address: 10.11.0.20/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.10.0.0/24 eq 32 + - sequence: 20 + action: permit 10.11.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.10.0.20 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 send_community: all maximum_routes: 0 - ebgp_multihop: 3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 100 + tenant: TENANT1 + rd: 10.10.0.20:10100 + route_targets: + both: + - 10100:10100 + redistribute_routes: + - learned + - id: 200 + tenant: TENANT1 + rd: 10.10.0.20:10200 + route_targets: + both: + - 10200:10200 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true address_family_ipv4: peer_groups: - name: IPv4-UNDERLAY-PEERS activate: true - name: EVPN-OVERLAY-PEERS activate: false - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true vrfs: - name: VRF1 rd: 111:222 @@ -68,77 +126,26 @@ router_bgp: redistribute: connected: enabled: true - vlans: - - id: 100 - tenant: TENANT1 - rd: 10.10.0.20:10100 - route_targets: - both: - - 10100:10100 - redistribute_routes: - - learned - - id: 200 - tenant: TENANT1 - rd: 10.10.0.20:10200 - route_targets: - both: - - 10200:10200 - redistribute_routes: - - learned service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan100 + description: VLAN100 + shutdown: false + vrf: VRF1 + ip_address_virtual: 10.0.100.1/24 + tenant: TENANT1 +- name: Vlan200 + description: VLAN200 + shutdown: false + vrf: VRF2 + ip_address_virtual: 10.0.200.1/24 + tenant: TENANT1 vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -vrfs: -- name: MGMT - ip_routing: false -- name: VRF1 - tenant: TENANT1 - ip_routing: true -- name: VRF2 - tenant: TENANT1 - ip_routing: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.10.0.20/32 -- name: Loopback1 - description: MY_VTEP_LOOPBACK - shutdown: false - ip_address: 10.11.0.20/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.10.0.0/24 eq 32 - - sequence: 20 - action: permit 10.11.0.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 vlans: - id: 100 name: VLAN100 @@ -146,28 +153,21 @@ vlans: - id: 200 name: VLAN200 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan100 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF1 + ip_routing: true tenant: TENANT1 - description: VLAN100 - shutdown: false - ip_address_virtual: 10.0.100.1/24 - vrf: VRF1 -- name: Vlan200 +- name: VRF2 + ip_routing: true tenant: TENANT1 - description: VLAN200 - shutdown: false - ip_address_virtual: 10.0.200.1/24 - vrf: VRF2 vxlan_interface: vxlan1: description: vrfs_rd_rt_override_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 100 vni: 10100 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/custom-structured-configuration.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/custom-structured-configuration.yml index 961615d97a9..659c6da2f8c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/custom-structured-configuration.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/custom-structured-configuration.yml @@ -101,3 +101,9 @@ csc_2_management_api_http: csc_1_ip_igmp_snooping: null # Replacing the default dict with null. csc_2_ip_igmp_snooping: {} # Replacing the null above with an empty dict. + +# Test Creating an AvdList (list without primary key) and merging null on top. Should render null. +csc_1_domain_list: + - foo.foo + - bar.bar +csc_2_domain_list: null diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1a.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1a.yml index 2d06256cc53..6370572ce8f 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1a.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1a.yml @@ -1,51 +1,289 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.1/31 + peer: dc1-spine1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.3/31 + peer: dc1-spine2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet6 + description: P2P_dc1-wan1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.0/31 + peer: dc1-wan1 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet7 + description: P2P_dc1-wan2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.4/31 + peer: dc1-wan2 + peer_interface: Ethernet1 + peer_type: wan_router + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf1c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf1c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf1-server1 + peer_interface: PCI1 + peer_type: server +- name: Ethernet31 + description: WORKSTATION_dc1-leaf1-workstation1_e1 + shutdown: false + spanning_tree_portfast: edge + peer: dc1-leaf1-workstation1 + peer_interface: e1 + peer_type: workstation + port_profile: Workstations + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Ethernet32 + description: WORKSTATION_dc1-leaf1-workstation2_e1 + shutdown: false + spanning_tree_portfast: edge + peer: dc1-leaf1-workstation2 + peer_interface: e1 + peer_type: workstation + port_profile: Workstations + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 11 +- name: Ethernet33 + description: WORKSTATION_dc1-leaf1-workstationNoLLDP_e1 + shutdown: false + spanning_tree_portfast: edge + peer: dc1-leaf1-workstationNoLLDP + peer_interface: e1 + peer_type: workstation + port_profile: Workstations_NoLLDP + validate_lldp: false + switchport: + enabled: true + mode: access + access_vlan: 11 hostname: dc1-leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.3/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.3/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.3/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.3/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.101/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.1.65 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402,4085 +- name: Port-Channel5 + description: PortChannel dc1-leaf1-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.96/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 172.21.110.0/24 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65101' router_id: 10.255.0.3 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65101' - next_hop_self: true description: dc1-leaf1b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.1.97 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -73,62 +311,23 @@ router_bgp: description: dc1-wan2_Ethernet1 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' - ip_address: 10.1.1.1 peer_group: EVPN-OVERLAY-PEERS description: External peer - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.3:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1b_Vlan3009 - - name: VRF11 - rd: 10.255.0.3:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.3 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.97 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1b_Vlan3010 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -178,391 +377,210 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.3:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.3 + neighbors: + - ip_address: 10.255.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.3:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.3 + neighbors: + - ip_address: 10.255.1.97 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_path_selection: + path_groups: + - name: Test_local_interface + id: 110 + dynamic_peers: + enabled: true + - name: Test_stun_server_profile + id: 210 + local_interfaces: + - name: Ethernet3 service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.3 - name: VRF11 - tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.101/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VRF10_VLAN11 - tenant: TENANT1 -- id: 12 - name: VRF10_VLAN12 - tenant: TENANT1 -- id: 3009 - name: MLAG_L3_VRF_VRF10 - trunk_groups: - - MLAG - tenant: TENANT1 -- id: 21 - name: VRF11_VLAN21 - tenant: TENANT1 -- id: 22 - name: VRF11_VLAN22 - tenant: TENANT1 -- id: 3010 - name: MLAG_L3_VRF_VRF11 - trunk_groups: - - MLAG - tenant: TENANT1 -- id: 3401 - name: L2_VLAN3401 - tenant: TENANT1 -- id: 3402 - name: L2_VLAN3402 - tenant: TENANT1 -- id: 4085 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.64/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 - tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.96/31 -- name: Vlan4085 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.2/24 - ip_virtual_router_addresses: - - 172.21.110.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402,4085 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: PortChannel dc1-leaf1-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc1-spine1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.1/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc1-spine2_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.3/31 -- name: Ethernet6 - peer: dc1-wan1 - peer_interface: Ethernet1 - peer_type: wan_router - description: P2P_dc1-wan1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.0/31 -- name: Ethernet7 - peer: dc1-wan2 - peer_interface: Ethernet1 - peer_type: wan_router - description: P2P_dc1-wan2_Ethernet1 + ip_address: 10.255.11.3 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false + ip_address: 10.255.1.96/31 mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.4/31 -- name: Ethernet8 - peer: dc1-leaf1c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc1-leaf1c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc1-leaf1-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet31 - peer: dc1-leaf1-workstation1 - peer_interface: e1 - peer_type: workstation - port_profile: Workstations - description: WORKSTATION_dc1-leaf1-workstation1_e1 +- name: Vlan4094 + description: MLAG shutdown: false - validate_state: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge -- name: Ethernet32 - peer: dc1-leaf1-workstation2 - peer_interface: e1 - peer_type: workstation - port_profile: Workstations - description: WORKSTATION_dc1-leaf1-workstation2_e1 + ip_address: 10.255.1.64/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 shutdown: false - validate_state: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge -- name: Ethernet33 - peer: dc1-leaf1-workstationNoLLDP - peer_interface: e1 - peer_type: workstation - port_profile: Workstations_NoLLDP - description: WORKSTATION_dc1-leaf1-workstationNoLLDP_e1 + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - validate_lldp: false - switchport: - enabled: true - mode: access - access_vlan: 11 - spanning_tree_portfast: edge -mlag_configuration: - domain_id: DC1_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.1.65 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 shutdown: false - ip_address: 10.255.0.3/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: VRF10 + ip_address: 10.255.1.96/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 shutdown: false - ip_address: 10.255.1.3/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 shutdown: false - vrf: VRF10 - ip_address: 10.255.10.3/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false vrf: VRF11 - ip_address: 10.255.11.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.96/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 172.21.110.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + ip_address: 10.255.1.96/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan4085 + description: Inband Management + shutdown: false + ip_address: 172.21.110.2/24 + ip_virtual_router_addresses: + - 172.21.110.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VRF10_VLAN11 + tenant: TENANT1 +- id: 12 + name: VRF10_VLAN12 + tenant: TENANT1 +- id: 3009 + name: MLAG_L3_VRF_VRF10 + trunk_groups: + - MLAG + tenant: TENANT1 +- id: 21 + name: VRF11_VLAN21 + tenant: TENANT1 +- id: 22 + name: VRF11_VLAN22 + tenant: TENANT1 +- id: 3010 + name: MLAG_L3_VRF_VRF11 + trunk_groups: + - MLAG + tenant: TENANT1 +- id: 3401 + name: L2_VLAN3401 + tenant: TENANT1 +- id: 3402 + name: L2_VLAN3402 + tenant: TENANT1 +- id: 4085 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true + tenant: TENANT1 +- name: VRF11 + ip_routing: true + tenant: TENANT1 vxlan_interface: vxlan1: description: dc1-leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -582,21 +600,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.3 -- name: VRF11 - ip_address: 10.255.11.3 -metadata: - platform: vEOS-lab -dns_domain: dc1.local -router_path_selection: - path_groups: - - name: Test_local_interface - id: 110 - dynamic_peers: - enabled: true - - name: Test_stun_server_profile - id: 210 - local_interfaces: - - name: Ethernet3 diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1b.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1b.yml index 6d169a4ed46..5e9412f9622 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1b.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1b.yml @@ -1,616 +1,624 @@ -hostname: dc1-leaf1b -is_deployed: true -router_bgp: - as: '65101' - router_id: 10.255.0.4 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65101' - next_hop_self: true - description: dc1-leaf1a - password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: Q4fqtbqcZ7oQuKfuWtNGRQ== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: dc1-leaf1a - description: dc1-leaf1a_Vlan4093 - - ip_address: 10.255.255.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: dc1-spine1 - description: dc1-spine1_Ethernet2 - - ip_address: 10.255.255.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: dc1-spine2 - description: dc1-spine2_Ethernet2 - - ip_address: 10.255.255.3 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: dc1-wan1 - description: dc1-wan1_Ethernet2 - - ip_address: 10.255.255.7 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: dc1-wan2 - description: dc1-wan2_Ethernet2 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: dc1-spine1 - description: dc1-spine1_Loopback0 - remote_as: '65100' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: dc1-spine2 - description: dc1-spine2_Loopback0 - remote_as: '65100' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.4:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1a_Vlan3009 - - name: VRF11 - rd: 10.255.0.4:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.96 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf1a_Vlan3010 - vlans: - - id: 11 - tenant: TENANT1 - rd: 10.255.0.4:10011 - route_targets: - both: - - 10011:10011 - redistribute_routes: - - learned - - id: 12 - tenant: TENANT1 - rd: 10.255.0.4:10012 - route_targets: - both: - - 10012:10012 - redistribute_routes: - - learned - - id: 21 - tenant: TENANT1 - rd: 10.255.0.4:10021 - route_targets: - both: - - 10021:10021 - redistribute_routes: - - learned - - id: 22 - tenant: TENANT1 - rd: 10.255.0.4:10022 - route_targets: - both: - - 10022:10022 - redistribute_routes: - - learned - - id: 3401 - tenant: TENANT1 - rd: 10.255.0.4:13401 - route_targets: - both: - - 13401:13401 - redistribute_routes: - - learned - - id: 3402 - tenant: TENANT1 - rd: 10.255.0.4:13402 - route_targets: - both: - - 13402:13402 - redistribute_routes: - - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -- name: VRF10 - tenant: TENANT1 - ip_routing: true -- name: VRF11 - tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.102/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 11 - name: VRF10_VLAN11 - tenant: TENANT1 -- id: 12 - name: VRF10_VLAN12 - tenant: TENANT1 -- id: 3009 - name: MLAG_L3_VRF_VRF10 - trunk_groups: - - MLAG - tenant: TENANT1 -- id: 21 - name: VRF11_VLAN21 - tenant: TENANT1 -- id: 22 - name: VRF11_VLAN22 - tenant: TENANT1 -- id: 3010 - name: MLAG_L3_VRF_VRF11 - trunk_groups: - - MLAG - tenant: TENANT1 -- id: 3401 - name: L2_VLAN3401 - tenant: TENANT1 -- id: 3402 - name: L2_VLAN3402 - tenant: TENANT1 -- id: 4085 - tenant: system - name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.65/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 - tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.97/31 -- name: Vlan4085 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.3/24 - ip_virtual_router_addresses: - - 172.21.110.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402,4085 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: PortChannel dc1-leaf1-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true ethernet_interfaces: - name: Ethernet3 - peer: dc1-leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer description: MLAG_dc1-leaf1a_Ethernet3 shutdown: false channel_group: id: 3 mode: active -- name: Ethernet4 peer: dc1-leaf1a - peer_interface: Ethernet4 + peer_interface: Ethernet3 peer_type: mlag_peer +- name: Ethernet4 description: MLAG_dc1-leaf1a_Ethernet4 shutdown: false channel_group: id: 3 mode: active + peer: dc1-leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer - name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet2 - peer_type: spine description: P2P_dc1-spine1_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.255.255.5/31 -- name: Ethernet2 - peer: dc1-spine2 + peer: dc1-spine1 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_dc1-spine2_Ethernet2 shutdown: false mtu: 1500 + ip_address: 10.255.255.7/31 + peer: dc1-spine2 + peer_interface: Ethernet2 + peer_type: spine switchport: enabled: false - ip_address: 10.255.255.7/31 - name: Ethernet6 - peer: dc1-wan1 - peer_interface: Ethernet2 - peer_type: wan_router description: P2P_dc1-wan1_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.255.255.2/31 -- name: Ethernet7 - peer: dc1-wan2 + peer: dc1-wan1 peer_interface: Ethernet2 peer_type: wan_router + switchport: + enabled: false +- name: Ethernet7 description: P2P_dc1-wan2_Ethernet2 shutdown: false mtu: 1500 + ip_address: 10.255.255.6/31 + peer: dc1-wan2 + peer_interface: Ethernet2 + peer_type: wan_router switchport: enabled: false - ip_address: 10.255.255.6/31 - name: Ethernet8 - peer: dc1-leaf1c - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_dc1-leaf1c_Ethernet2 shutdown: false channel_group: id: 8 mode: active + peer: dc1-leaf1c + peer_interface: Ethernet2 + peer_type: l2leaf - name: Ethernet41 + description: Cameras + shutdown: false + spanning_tree_portfast: edge + peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet42 + description: Cameras + shutdown: false + spanning_tree_portfast: edge peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet43 description: Cameras shutdown: false + spanning_tree_portfast: edge + peer_type: network_port validate_state: false switchport: enabled: true mode: access access_vlan: 50 +- name: Ethernet44 + description: Cameras + shutdown: false spanning_tree_portfast: edge -- name: Ethernet42 peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet45 description: Cameras shutdown: false + spanning_tree_portfast: edge + peer_type: network_port validate_state: false switchport: enabled: true mode: access access_vlan: 50 +- name: Ethernet46 + description: Cameras + shutdown: false spanning_tree_portfast: edge -- name: Ethernet43 peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet47 + description: Cameras + shutdown: false + spanning_tree_portfast: edge + peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet48 description: Cameras shutdown: false - validate_state: false + spanning_tree_portfast: edge + peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet49 + description: Cameras + shutdown: false + spanning_tree_portfast: edge + peer_type: network_port + validate_state: false + switchport: + enabled: true + mode: access + access_vlan: 50 +- name: Ethernet5 + description: SERVER_dc1-leaf1-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf1-server1 + peer_interface: PCI2 + peer_type: server +hostname: dc1-leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.4/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.3/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.4/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.4/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.102/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.1.64 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf1a_Port-Channel3 + shutdown: false switchport: enabled: true - mode: access - access_vlan: 50 - spanning_tree_portfast: edge -- name: Ethernet44 - peer_type: network_port - description: Cameras + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf1c_Port-Channel1 shutdown: false - validate_state: false + mlag: 8 switchport: enabled: true - mode: access - access_vlan: 50 - spanning_tree_portfast: edge -- name: Ethernet45 - peer_type: network_port - description: Cameras + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402,4085 +- name: Port-Channel5 + description: PortChannel dc1-leaf1-server1 shutdown: false - validate_state: false - switchport: - enabled: true - mode: access - access_vlan: 50 + mlag: 5 spanning_tree_portfast: edge -- name: Ethernet46 - peer_type: network_port - description: Cameras - shutdown: false - validate_state: false switchport: enabled: true - mode: access - access_vlan: 50 - spanning_tree_portfast: edge -- name: Ethernet47 - peer_type: network_port - description: Cameras + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.96/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 172.21.110.0/24 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +router_bgp: + as: '65101' + router_id: 10.255.0.4 + maximum_paths: + paths: 4 + ecmp: 4 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65101' + description: dc1-leaf1a + next_hop_self: true + password: 4b21pAdCvWeAqpcKDFMdWw== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: 7x4B4rnJhZB438m9+BrBfQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: Q4fqtbqcZ7oQuKfuWtNGRQ== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: dc1-leaf1a + description: dc1-leaf1a_Vlan4093 + - ip_address: 10.255.255.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: dc1-spine1 + description: dc1-spine1_Ethernet2 + - ip_address: 10.255.255.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: dc1-spine2 + description: dc1-spine2_Ethernet2 + - ip_address: 10.255.255.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: dc1-wan1 + description: dc1-wan1_Ethernet2 + - ip_address: 10.255.255.7 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: dc1-wan2 + description: dc1-wan2_Ethernet2 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' + peer: dc1-spine1 + description: dc1-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' + peer: dc1-spine2 + description: dc1-spine2_Loopback0 + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlans: + - id: 11 + tenant: TENANT1 + rd: 10.255.0.4:10011 + route_targets: + both: + - 10011:10011 + redistribute_routes: + - learned + - id: 12 + tenant: TENANT1 + rd: 10.255.0.4:10012 + route_targets: + both: + - 10012:10012 + redistribute_routes: + - learned + - id: 21 + tenant: TENANT1 + rd: 10.255.0.4:10021 + route_targets: + both: + - 10021:10021 + redistribute_routes: + - learned + - id: 22 + tenant: TENANT1 + rd: 10.255.0.4:10022 + route_targets: + both: + - 10022:10022 + redistribute_routes: + - learned + - id: 3401 + tenant: TENANT1 + rd: 10.255.0.4:13401 + route_targets: + both: + - 13401:13401 + redistribute_routes: + - learned + - id: 3402 + tenant: TENANT1 + rd: 10.255.0.4:13402 + route_targets: + both: + - 13402:13402 + redistribute_routes: + - learned + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.4:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.4 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.4:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.4 + neighbors: + - ip_address: 10.255.1.96 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: VRF10 + ip_address: 10.255.10.4 +- name: VRF11 + ip_address: 10.255.11.4 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false - validate_state: false - switchport: - enabled: true - mode: access - access_vlan: 50 - spanning_tree_portfast: edge -- name: Ethernet48 - peer_type: network_port - description: Cameras + ip_address: 10.255.1.97/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG shutdown: false - validate_state: false - switchport: - enabled: true - mode: access - access_vlan: 50 - spanning_tree_portfast: edge -- name: Ethernet49 - peer_type: network_port - description: Cameras + ip_address: 10.255.1.65/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 shutdown: false - validate_state: false - switchport: - enabled: true - mode: access - access_vlan: 50 - spanning_tree_portfast: edge -- name: Ethernet5 - peer: dc1-leaf1-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc1-leaf1-server1_PCI2 + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.1.64 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 shutdown: false - ip_address: 10.255.0.4/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: VRF10 + ip_address: 10.255.1.97/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 shutdown: false - ip_address: 10.255.1.3/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 shutdown: false - vrf: VRF10 - ip_address: 10.255.10.4/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false vrf: VRF11 - ip_address: 10.255.11.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.96/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 172.21.110.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + ip_address: 10.255.1.97/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan4085 + description: Inband Management + shutdown: false + ip_address: 172.21.110.3/24 + ip_virtual_router_addresses: + - 172.21.110.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 11 + name: VRF10_VLAN11 + tenant: TENANT1 +- id: 12 + name: VRF10_VLAN12 + tenant: TENANT1 +- id: 3009 + name: MLAG_L3_VRF_VRF10 + trunk_groups: + - MLAG + tenant: TENANT1 +- id: 21 + name: VRF11_VLAN21 + tenant: TENANT1 +- id: 22 + name: VRF11_VLAN22 + tenant: TENANT1 +- id: 3010 + name: MLAG_L3_VRF_VRF11 + trunk_groups: + - MLAG + tenant: TENANT1 +- id: 3401 + name: L2_VLAN3401 + tenant: TENANT1 +- id: 3402 + name: L2_VLAN3402 + tenant: TENANT1 +- id: 4085 + name: INBAND_MGMT + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true + tenant: TENANT1 +- name: VRF11 + ip_routing: true + tenant: TENANT1 vxlan_interface: vxlan1: description: dc1-leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -630,11 +638,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.4 -- name: VRF11 - ip_address: 10.255.11.4 -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1c.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1c.yml index 9060e5bade0..97cb3ae9311 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1c.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf1c.yml @@ -1,85 +1,95 @@ -hostname: dc1-leaf1c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.110.1 - vrf: MGMT -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true +dns_domain: dc1.local enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile ethernet_interfaces: - name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc1-leaf1a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc1-leaf1b + peer: dc1-leaf1a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc1-leaf1b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc1-leaf1b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc1-leaf1-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc1-leaf1-server1 peer_interface: iLO peer_type: server - description: SERVER_dc1-leaf1-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc1-leaf1c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_L3_LEAF1_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402,4085 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.110.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT shutdown: false + vrf: MGMT + ip_address: 172.21.110.4/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -100,18 +110,8 @@ vlans: name: L2_VLAN3402 tenant: TENANT1 - id: 4085 - tenant: system name: L2LEAF_INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT - shutdown: false - mtu: 1500 - vrf: MGMT - ip_address: 172.21.110.4/24 - type: inband_mgmt -metadata: - platform: vEOS-lab -dns_domain: dc1.local + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2a.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2a.yml index 684e9ceb471..72bfc83ed47 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2a.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2a.yml @@ -1,151 +1,295 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf2b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf2b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.9/31 + peer: dc1-spine1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.11/31 + peer: dc1-spine2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf2c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf2c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc2-leaf2a_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 192.168.100.0/31 + peer: dc2-leaf2a + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf2-server1 + peer_interface: PCI1 + peer_type: server hostname: dc1-leaf2a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.5/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.5/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.5/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.103/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.1.69 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf2b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402,4085 +- name: Port-Channel5 + description: SERVER_dc1-leaf2-server1_PortChannel dc1-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.100/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 172.21.110.0/24 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.255.0.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: dc1-leaf2b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true - send_community: all - maximum_routes: 0 ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: dc1-leaf2b - description: dc1-leaf2b_Vlan4093 - - ip_address: 10.255.255.8 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: dc1-spine1 - description: dc1-spine1_Ethernet3 - - ip_address: 10.255.255.10 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: dc1-spine2 - description: dc1-spine2_Ethernet3 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: dc1-spine1 - description: dc1-spine1_Loopback0 - remote_as: '65100' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: dc1-spine2 - description: dc1-spine2_Loopback0 - remote_as: '65100' - - ip_address: 10.255.128.15 - peer_group: EVPN-OVERLAY-CORE - peer: dc2-leaf2a - description: dc2-leaf2a_Loopback0 - remote_as: '65202' - - ip_address: 192.168.100.1 - remote_as: '65202' - peer: dc2-leaf2a - description: dc2-leaf2a - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.5:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2b_Vlan3009 - - name: VRF11 - rd: 10.255.0.5:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.5 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.101 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2b_Vlan3010 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: dc1-leaf2b + description: dc1-leaf2b_Vlan4093 + - ip_address: 10.255.255.8 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: dc1-spine1 + description: dc1-spine1_Ethernet3 + - ip_address: 10.255.255.10 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: dc1-spine2 + description: dc1-spine2_Ethernet3 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' + peer: dc1-spine1 + description: dc1-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' + peer: dc1-spine2 + description: dc1-spine2_Loopback0 + - ip_address: 10.255.128.15 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65202' + peer: dc2-leaf2a + description: dc2-leaf2a_Loopback0 + - ip_address: 192.168.100.1 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65202' + peer: dc2-leaf2a + description: dc2-leaf2a + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 rd: 10.255.0.5:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10011 route_targets: both: - 10011:10011 @@ -154,12 +298,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10011 - id: 12 tenant: TENANT1 rd: 10.255.0.5:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10012 route_targets: both: - 10012:10012 @@ -168,12 +312,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10012 - id: 21 tenant: TENANT1 rd: 10.255.0.5:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10021 route_targets: both: - 10021:10021 @@ -182,12 +326,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10021 - id: 22 tenant: TENANT1 rd: 10.255.0.5:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:10022 route_targets: both: - 10022:10022 @@ -196,12 +340,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:10022 - id: 3401 tenant: TENANT1 rd: 10.255.0.5:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:13401 route_targets: both: - 13401:13401 @@ -210,12 +354,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:13401 - id: 3402 tenant: TENANT1 rd: 10.255.0.5:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.0.5:13402 route_targets: both: - 13402:13402 @@ -224,74 +368,163 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.5:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.5:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.5 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.5:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.5 + neighbors: + - ip_address: 10.255.1.101 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.5 - name: VRF11 + ip_address: 10.255.11.5 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.100/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.68/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.103/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.100/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.1.100/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan4085 + description: Inband Management + shutdown: false + ip_address: 172.21.110.2/24 + ip_virtual_router_addresses: + - 172.21.110.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -321,248 +554,23 @@ vlans: name: L2_VLAN3402 tenant: TENANT1 - id: 4085 - tenant: system name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.68/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.100/31 -- name: Vlan4085 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.2/24 - ip_virtual_router_addresses: - - 172.21.110.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf2b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402,4085 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf2-server1_PortChannel dc1-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf2b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf2b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf2b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc1-spine1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.9/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc1-spine2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.11/31 -- name: Ethernet8 - peer: dc1-leaf2c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc1-leaf2c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc2-leaf2a - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 192.168.100.0/31 - description: P2P_dc2-leaf2a_Ethernet6 -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc1-leaf2-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.1.69 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.5/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.5/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.100/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 172.21.110.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf2a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -582,11 +590,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.5 -- name: VRF11 - ip_address: 10.255.11.5 -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2b.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2b.yml index a05f3f96c38..d566249be67 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2b.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2b.yml @@ -1,151 +1,295 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-leaf2a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-leaf2a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-leaf2a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.13/31 + peer: dc1-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.15/31 + peer: dc1-spine2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc1-leaf2c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc1-leaf2c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc2-leaf2b_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 192.168.100.2/31 + peer: dc2-leaf2b + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc1-leaf2-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc1-leaf2-server1 + peer_interface: PCI2 + peer_type: server hostname: dc1-leaf2b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: false +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.1.5/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.6/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.6/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.104/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.1.68 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-leaf2a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc1-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402,4085 +- name: Port-Channel5 + description: SERVER_dc1-leaf2-server1_PortChannel dc1-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 + - sequence: 20 + action: permit 10.255.1.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.1.100/31 +- name: PL-L2LEAF-INBAND-MGMT + sequence_numbers: + - sequence: 10 + action: permit 172.21.110.0/24 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 20 + type: permit + match: + - ip address prefix-list PL-L2LEAF-INBAND-MGMT +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65102' router_id: 10.255.0.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - attached_host: - enabled: true + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: dc1-leaf2a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true - send_community: all - maximum_routes: 0 ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - peer: dc1-leaf2a - description: dc1-leaf2a_Vlan4093 - - ip_address: 10.255.255.12 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: dc1-spine1 - description: dc1-spine1_Ethernet4 - - ip_address: 10.255.255.14 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65100' - peer: dc1-spine2 - description: dc1-spine2_Ethernet4 - - ip_address: 10.255.0.1 - peer_group: EVPN-OVERLAY-PEERS - peer: dc1-spine1 - description: dc1-spine1_Loopback0 - remote_as: '65100' - - ip_address: 10.255.0.2 - peer_group: EVPN-OVERLAY-PEERS - peer: dc1-spine2 - description: dc1-spine2_Loopback0 - remote_as: '65100' - - ip_address: 10.255.128.16 - peer_group: EVPN-OVERLAY-CORE - peer: dc2-leaf2b - description: dc2-leaf2b_Loopback0 - remote_as: '65202' - - ip_address: 192.168.100.3 - remote_as: '65202' - peer: dc2-leaf2b - description: dc2-leaf2b - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.0.6:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.0.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2a_Vlan3009 - - name: VRF11 - rd: 10.255.0.6:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.0.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.1.100 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc1-leaf2a_Vlan3010 + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + peer: dc1-leaf2a + description: dc1-leaf2a_Vlan4093 + - ip_address: 10.255.255.12 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: dc1-spine1 + description: dc1-spine1_Ethernet4 + - ip_address: 10.255.255.14 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65100' + peer: dc1-spine2 + description: dc1-spine2_Ethernet4 + - ip_address: 10.255.0.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' + peer: dc1-spine1 + description: dc1-spine1_Loopback0 + - ip_address: 10.255.0.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' + peer: dc1-spine2 + description: dc1-spine2_Loopback0 + - ip_address: 10.255.128.16 + peer_group: EVPN-OVERLAY-CORE + remote_as: '65202' + peer: dc2-leaf2b + description: dc2-leaf2b_Loopback0 + - ip_address: 192.168.100.3 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65202' + peer: dc2-leaf2b + description: dc2-leaf2b + redistribute: + attached_host: + enabled: true + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 rd: 10.255.0.6:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10011 route_targets: both: - 10011:10011 @@ -154,12 +298,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10011 - id: 12 tenant: TENANT1 rd: 10.255.0.6:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10012 route_targets: both: - 10012:10012 @@ -168,12 +312,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10012 - id: 21 tenant: TENANT1 rd: 10.255.0.6:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10021 route_targets: both: - 10021:10021 @@ -182,12 +326,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10021 - id: 22 tenant: TENANT1 rd: 10.255.0.6:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:10022 route_targets: both: - 10022:10022 @@ -196,12 +340,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:10022 - id: 3401 tenant: TENANT1 rd: 10.255.0.6:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:13401 route_targets: both: - 13401:13401 @@ -210,12 +354,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:13401 - id: 3402 tenant: TENANT1 rd: 10.255.0.6:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.0.6:13402 route_targets: both: - 13402:13402 @@ -224,74 +368,163 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.0.6:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.0.6:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.0.6 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.0.6:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.0.6 + neighbors: + - ip_address: 10.255.1.100 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc1-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.6 - name: VRF11 + ip_address: 10.255.11.6 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.1.101/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.1.69/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.104/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.1.101/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.1.101/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan4085 + description: Inband Management + shutdown: false + ip_address: 172.21.110.3/24 + ip_virtual_router_addresses: + - 172.21.110.1 + mtu: 1500 + ip_attached_host_route_export: + enabled: true + distance: 19 +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -321,248 +554,23 @@ vlans: name: L2_VLAN3402 tenant: TENANT1 - id: 4085 - tenant: system name: INBAND_MGMT -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.1.69/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 + tenant: system +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.1.101/31 -- name: Vlan4085 - description: Inband Management - shutdown: false - mtu: 1500 - ip_attached_host_route_export: - enabled: true - distance: 19 - ip_address: 172.21.110.3/24 - ip_virtual_router_addresses: - - 172.21.110.1 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-leaf2a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc1-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402,4085 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc1-leaf2-server1_PortChannel dc1-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-leaf2a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-leaf2a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-leaf2a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc1-spine1_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.13/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc1-spine2_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.15/31 -- name: Ethernet8 - peer: dc1-leaf2c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc1-leaf2c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc2-leaf2b - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 192.168.100.2/31 - description: P2P_dc2-leaf2b_Ethernet6 -- name: Ethernet5 - peer: dc1-leaf2-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc1-leaf2-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC1_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.1.68 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 20 - type: permit - match: - - ip address prefix-list PL-L2LEAF-INBAND-MGMT -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.1.5/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.6/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 - - sequence: 20 - action: permit 10.255.1.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.1.100/31 -- name: PL-L2LEAF-INBAND-MGMT - sequence_numbers: - - sequence: 10 - action: permit 172.21.110.0/24 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc1-leaf2b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -582,11 +590,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.6 -- name: VRF11 - ip_address: 10.255.11.6 -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2c.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2c.yml index eb064bed26a..c2031de345c 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2c.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-leaf2c.yml @@ -1,85 +1,95 @@ -hostname: dc1-leaf2c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -- destination_address_prefix: 0.0.0.0/0 - gateway: 172.21.110.1 - vrf: MGMT -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true +dns_domain: dc1.local enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile ethernet_interfaces: - name: Ethernet1 - peer: dc1-leaf2a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc1-leaf2a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc1-leaf2b + peer: dc1-leaf2a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc1-leaf2b_Ethernet8 shutdown: true channel_group: id: 1 mode: active + peer: dc1-leaf2b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc1-leaf2-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc1-leaf2-server1 peer_interface: iLO peer_type: server - description: SERVER_dc1-leaf2-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc1-leaf2c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_L3_LEAF2_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402,4085 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.21.110.1 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4085 + description: L2LEAF_INBAND_MGMT shutdown: false + vrf: MGMT + ip_address: 172.21.110.5/24 + mtu: 1500 + type: inband_mgmt +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -100,21 +110,11 @@ vlans: name: L2_VLAN3402 tenant: TENANT1 - id: 4085 - tenant: system name: L2LEAF_INBAND_MGMT -ip_igmp_snooping: - globally_enabled: true -vlan_interfaces: -- name: Vlan4085 - description: L2LEAF_INBAND_MGMT - shutdown: false - mtu: 1500 - vrf: MGMT - ip_address: 172.21.110.5/24 - type: inband_mgmt -metadata: - platform: vEOS-lab -dns_domain: dc1.local + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: Vxlan1: description: dc1-leaf2c_VTEP diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine1.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine1.yml index 44cf30a7f89..384f26cbfe4 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine1.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine1.yml @@ -1,44 +1,143 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc1-leaf1a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.0/31 + peer: dc1-leaf1a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-leaf1b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.4/31 + peer: dc1-leaf1b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc1-leaf2a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.8/31 + peer: dc1-leaf2a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc1-leaf2b_Ethernet1 + shutdown: true + mtu: 1500 + ip_address: 10.255.255.12/31 + peer: dc1-leaf2b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_dc1-svc-leaf1a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.16/31 + peer: dc1-svc-leaf1a + peer_interface: Ethernet1 + peer_type: service_leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_dc1-svc-leaf1b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.20/31 + peer: dc1-svc-leaf1b + peer_interface: Ethernet1 + peer_type: service_leaf + switchport: + enabled: false hostname: dc1-spine1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.1/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.11/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 10.255.0.1 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 123.1.1.10 - activate: true - - ip_address: 123.1.1.11 - activate: true neighbors: - ip_address: 10.255.255.1 peer_group: IPv4-UNDERLAY-PEERS @@ -73,35 +172,35 @@ router_bgp: description: dc1-svc-leaf1b_Ethernet1 - ip_address: 10.255.0.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1a description: dc1-leaf1a_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1b description: dc1-leaf1b_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' shutdown: true - ip_address: 10.33.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65133' peer: dc1-svc-leaf1a description: dc1-svc-leaf1a_Loopback0 - remote_as: '65133' - ip_address: 10.33.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65133' peer: dc1-svc-leaf1b description: dc1-svc-leaf1b_Loopback0 - remote_as: '65133' - ip_address: 123.1.1.10 remote_as: '1234' local_as: '123' @@ -135,143 +234,44 @@ router_bgp: send_community: all - ip_address: fd5a:fe45:8831:06c5::b remote_as: '12345' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + neighbors: + - ip_address: 123.1.1.10 + activate: true + - ip_address: 123.1.1.11 + activate: true address_family_ipv6: neighbors: - ip_address: fd5a:fe45:8831:06c5::a activate: true - ip_address: fd5a:fe45:8831:06c5::b activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.11/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf1a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.0/31 -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf1b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.4/31 -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf2a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.8/31 -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc1-leaf2b_Ethernet1 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.12/31 -- name: Ethernet5 - peer: dc1-svc-leaf1a - peer_interface: Ethernet1 - peer_type: service_leaf - description: P2P_dc1-svc-leaf1a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.16/31 -- name: Ethernet6 - peer: dc1-svc-leaf1b - peer_interface: Ethernet1 - peer_type: service_leaf - description: P2P_dc1-svc-leaf1b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.20/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine2.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine2.yml index 6d5a003c5b8..b39daea2cb9 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine2.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-spine2.yml @@ -1,33 +1,143 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc1-leaf1a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.2/31 + peer: dc1-leaf1a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-leaf1b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.6/31 + peer: dc1-leaf1b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc1-leaf2a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.10/31 + peer: dc1-leaf2a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc1-leaf2b_Ethernet2 + shutdown: true + mtu: 1500 + ip_address: 10.255.255.14/31 + peer: dc1-leaf2b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_dc1-svc-leaf1a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.18/31 + peer: dc1-svc-leaf1a + peer_interface: Ethernet2 + peer_type: service_leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_dc1-svc-leaf1b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.22/31 + peer: dc1-svc-leaf1b + peer_interface: Ethernet2 + peer_type: service_leaf + switchport: + enabled: false hostname: dc1-spine2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.0.2/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.12/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.0.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65100' router_id: 10.255.0.2 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - name: IPv4-EXTERNAL-PEERS type: ipv4 remote_as: '577' @@ -37,14 +147,6 @@ router_bgp: - name: EVPN-EXTERNAL-PEERS type: evpn remote_as: '577' - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: IPv4-EXTERNAL-PEERS - activate: true neighbors: - ip_address: 10.255.255.3 peer_group: IPv4-UNDERLAY-PEERS @@ -79,35 +181,35 @@ router_bgp: description: dc1-svc-leaf1b_Ethernet2 - ip_address: 10.255.0.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1a description: dc1-leaf1a_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: dc1-leaf1b description: dc1-leaf1b_Loopback0 - remote_as: '65101' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' shutdown: true - ip_address: 10.33.0.5 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65133' peer: dc1-svc-leaf1a description: dc1-svc-leaf1a_Loopback0 - remote_as: '65133' - ip_address: 10.33.0.6 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65133' peer: dc1-svc-leaf1b description: dc1-svc-leaf1b_Loopback0 - remote_as: '65133' - ip_address: 142.112.39.2 peer_group: IPv4-EXTERNAL-PEERS description: Primary_ISP_IPv4 @@ -117,143 +219,41 @@ router_bgp: - ip_address: 142.112.41.2 peer_group: EVPN-EXTERNAL-PEERS description: Primary_ISP_EVPN + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true - name: EVPN-EXTERNAL-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: IPv4-EXTERNAL-PEERS + activate: true address_family_ipv6: peer_groups: - name: IPv6-EXTERNAL-PEERS activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.12/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -ethernet_interfaces: -- name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf1a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.2/31 -- name: Ethernet2 - peer: dc1-leaf1b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf1b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.6/31 -- name: Ethernet3 - peer: dc1-leaf2a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf2a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.10/31 -- name: Ethernet4 - peer: dc1-leaf2b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc1-leaf2b_Ethernet2 - shutdown: true - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.14/31 -- name: Ethernet5 - peer: dc1-svc-leaf1a - peer_interface: Ethernet2 - peer_type: service_leaf - description: P2P_dc1-svc-leaf1a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.18/31 -- name: Ethernet6 - peer: dc1-svc-leaf1b - peer_interface: Ethernet2 - peer_type: service_leaf - description: P2P_dc1-svc-leaf1b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.22/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.0.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.0.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1a.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1a.yml index 6e0df912d8e..7fbe6f6a48d 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1a.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1a.yml @@ -1,49 +1,162 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-svc-leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-svc-leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-svc-leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-svc-leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.17/31 + peer: dc1-spine1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.19/31 + peer: dc1-spine2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false hostname: dc1-svc-leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.33.0.5/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.33.1.5/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.31/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_SVC_LEAF1 + local_interface: Vlan4094 + peer_address: 10.33.1.73 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-svc-leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.33.0.0/27 eq 32 + - sequence: 20 + action: permit 10.33.1.0/27 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65133' router_id: 10.33.0.5 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65133' - next_hop_self: true description: dc1-svc-leaf1b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.33.1.105 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,190 +174,77 @@ router_bgp: description: dc1-spine2_Ethernet5 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.31/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.33.1.104/31 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.33.1.72/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-svc-leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-svc-leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-svc-leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-svc-leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-svc-leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_dc1-spine1_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.17/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_dc1-spine2_Ethernet5 - shutdown: false mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.19/31 -mlag_configuration: - domain_id: DC1_SVC_LEAF1 - local_interface: Vlan4094 - peer_address: 10.33.1.73 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.33.0.5/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.33.1.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.33.0.0/27 eq 32 - - sequence: 20 - action: permit 10.33.1.0/27 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: dc1-svc-leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1b.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1b.yml index bc5b962622e..ac835b5e778 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1b.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-svc-leaf1b.yml @@ -1,49 +1,162 @@ +aaa_root: + disabled: true +config_end: true +dns_domain: dc1.local +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc1-svc-leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-svc-leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc1-svc-leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc1-svc-leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc1-spine1_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.21/31 + peer: dc1-spine1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc1-spine2_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 10.33.255.23/31 + peer: dc1-spine2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false hostname: dc1-svc-leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.33.0.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.33.1.5/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.32/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC1_SVC_LEAF1 + local_interface: Vlan4094 + peer_address: 10.33.1.72 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc1-svc-leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.33.0.0/27 eq 32 + - sequence: 20 + action: permit 10.33.1.0/27 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65133' router_id: 10.33.0.6 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65133' - next_hop_self: true description: dc1-svc-leaf1a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.33.1.104 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,190 +174,77 @@ router_bgp: description: dc1-spine2_Ethernet6 - ip_address: 10.255.0.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine1 description: dc1-spine1_Loopback0 - remote_as: '65100' - ip_address: 10.255.0.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65100' peer: dc1-spine2 description: dc1-spine2_Loopback0 - remote_as: '65100' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.32/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.33.1.105/31 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.33.1.73/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc1-svc-leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet3 - peer: dc1-svc-leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc1-svc-leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc1-svc-leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc1-svc-leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc1-spine1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_dc1-spine1_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.21/31 -- name: Ethernet2 - peer: dc1-spine2 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_dc1-spine2_Ethernet6 - shutdown: false mtu: 1500 - switchport: - enabled: false - ip_address: 10.33.255.23/31 -mlag_configuration: - domain_id: DC1_SVC_LEAF1 - local_interface: Vlan4094 - peer_address: 10.33.1.72 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.33.0.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.33.1.5/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.33.0.0/27 eq 32 - - sequence: 20 - action: permit 10.33.1.0/27 eq 32 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: dc1-svc-leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-lab -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan1.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan1.yml index 2f2da3c499c..cd57f3edbbe 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan1.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan1.yml @@ -1,212 +1,230 @@ -hostname: dc1-wan1 -is_deployed: true -router_bgp: - as: '65101' - router_id: 10.255.2.1 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65101' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.255.0 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: dc1-leaf1a - description: dc1-leaf1a_Ethernet6 - - ip_address: 10.255.255.2 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: dc1-leaf1b - description: dc1-leaf1b_Ethernet6 - - ip_address: 10.255.255.10 - peer_group: WAN-OVERLAY-PEERS - peer: dc1-leaf1a - description: dc1-leaf1a_Dps1 - - ip_address: 10.255.255.20 - peer_group: WAN-OVERLAY-PEERS - peer: dc1-leaf1b - description: dc1-leaf1b_Dps1 - - ip_address: 10.255.1.2 - peer: dc1-wan2 - description: dc1-wan2 - remote_as: '65101' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 10.255.1.2 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - vrfs: - - name: default - rd: 10.255.2.1:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.3.1 -- destination_address_prefix: 100.64.0.0/16 - gateway: 100.64.3.1 -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 10.255.255.10/32 + - 10.255.255.20/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65101' config_end: true +dns_domain: dc1.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 10.255.1.1/32 + flow_tracker: + sampled: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.15/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile ethernet_interfaces: - name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet6 - peer_type: l3leaf description: P2P_dc1-leaf1a_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.255.255.1/31 -- name: Ethernet2 - peer: dc1-leaf1b + peer: dc1-leaf1a peer_interface: Ethernet6 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_dc1-leaf1b_Ethernet6 shutdown: false mtu: 1500 + ip_address: 10.255.255.3/31 + peer: dc1-leaf1b + peer_interface: Ethernet6 + peer_type: l3leaf switchport: enabled: false - ip_address: 10.255.255.3/31 - name: Ethernet3 - peer_type: l3_interface - ip_address: 172.18.3.2/24 + description: mpls-sp-1_DC1-MPLS-3 shutdown: false + ip_address: 172.18.3.2/24 + peer_type: l3_interface switchport: enabled: false - description: mpls-sp-1_DC1-MPLS-3 - name: Ethernet4 - peer_type: l3_interface - ip_address: 100.64.3.2/24 + description: isp-1_DC1-INET-3 shutdown: false + ip_address: 100.64.3.2/24 + peer_type: l3_interface switchport: enabled: false - description: isp-1_DC1-INET-3 +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: dc1-wan1 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 10.255.2.1:100 +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 10.255.1.1 + - name: CP-IKE-POLICY + local_id: 10.255.1.1 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: 0110100A480E0A0E231D1E + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: 0110100A480E0A0E231D1E + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.255.2.1/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65101' +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.15/24 + type: oob + gateway: 172.16.1.1 +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: Global + - name: Zone + value: Global-ZONE + - name: Site + value: DC1 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: mpls-sp-1 + - name: Circuit + value: DC1-MPLS-3 + - interface: Ethernet4 + tags: + - name: Type + value: wan + - name: Carrier + value: isp-1 + - name: Circuit + value: DC1-INET-3 + cv_pathfinder: + role: edge + region: Global + zone: Global-ZONE + site: DC1 + vtep_ip: 10.255.1.1 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 10.255.255.10 + - vtep_ip: 10.255.255.20 + interfaces: + - name: Ethernet3 + carrier: mpls-sp-1 + circuit_id: DC1-MPLS-3 + pathgroup: mpls + - name: Ethernet4 + carrier: isp-1 + circuit_id: DC1-INET-3 + pathgroup: internet prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -301,70 +319,12 @@ route_maps: description: Make locally injected routes less preferred on HA peer set: - local-preference 75 -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 10.255.2.1:100 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 10.255.1.1 - - name: CP-IKE-POLICY - local_id: 10.255.1.1 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: 0110100A480E0A0E231D1E - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: 0110100A480E0A0E231D1E - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -381,6 +341,13 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-POLICY-WITH-CP @@ -389,24 +356,134 @@ router_adaptive_virtual_topology: id: 254 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65101' + router_id: 10.255.2.1 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: 7x4B4rnJhZB438m9+BrBfQ== + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65101' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 10.255.255.0 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: dc1-leaf1a + description: dc1-leaf1a_Ethernet6 + - ip_address: 10.255.255.2 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: dc1-leaf1b + description: dc1-leaf1b_Ethernet6 + - ip_address: 10.255.255.10 + peer_group: WAN-OVERLAY-PEERS + peer: dc1-leaf1a + description: dc1-leaf1a_Dps1 + - ip_address: 10.255.255.20 + peer_group: WAN-OVERLAY-PEERS + peer: dc1-leaf1b + description: dc1-leaf1b_Dps1 + - ip_address: 10.255.1.2 + remote_as: '65101' + peer: dc1-wan2 + description: dc1-wan2 + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 10.255.1.2 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 10.255.2.1:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: mpls id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 stun: @@ -424,9 +501,9 @@ router_path_selection: name: dc1-leaf1b ipv4_addresses: - 172.18.2.2 - ipsec_profile: CP-PROFILE - name: internet id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet4 stun: @@ -444,9 +521,9 @@ router_path_selection: name: dc1-leaf1b ipv4_addresses: - 100.64.2.2 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet1 @@ -457,7 +534,6 @@ router_path_selection: ipv4_addresses: - 10.255.255.5 - 10.255.255.7 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-DEFAULT-POLICY-CONTROL-PLANE path_groups: @@ -469,8 +545,21 @@ router_path_selection: - name: internet - name: mpls - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.3.1 +- destination_address_prefix: 100.64.0.0/16 + gateway: 100.64.3.1 stun: client: server_profiles: @@ -486,105 +575,16 @@ stun: - name: internet-dc1-leaf1b-Ethernet7 ip_address: 100.64.2.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 10.255.255.10/32 - - 10.255.255.20/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 10.255.1.1/32 - flow_tracker: - sampled: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: dc1-wan1_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: Global - - name: Zone - value: Global-ZONE - - name: Site - value: DC1 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: lan - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: mpls-sp-1 - - name: Circuit - value: DC1-MPLS-3 - - interface: Ethernet4 - tags: - - name: Type - value: wan - - name: Carrier - value: isp-1 - - name: Circuit - value: DC1-INET-3 - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 10.255.1.1 - region: Global - zone: Global-ZONE - site: DC1 - interfaces: - - name: Ethernet3 - carrier: mpls-sp-1 - circuit_id: DC1-MPLS-3 - pathgroup: mpls - - name: Ethernet4 - carrier: isp-1 - circuit_id: DC1-INET-3 - pathgroup: internet - pathfinders: - - vtep_ip: 10.255.255.10 - - vtep_ip: 10.255.255.20 -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan2.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan2.yml index 5ef7ebf507c..ea676094289 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan2.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc1-wan2.yml @@ -1,213 +1,231 @@ -hostname: dc1-wan2 -is_deployed: true -router_bgp: - as: '65101' - router_id: 10.255.2.2 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: IPv4-UNDERLAY-PEERS - type: ipv4 - password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 - send_community: all - route_map_in: RM-BGP-UNDERLAY-PEERS-IN - route_map_out: RM-BGP-UNDERLAY-PEERS-OUT - allowas_in: - enabled: true - times: 1 - - name: WAN-OVERLAY-PEERS - type: wan - update_source: Dps1 - bfd: true - password: htm4AZe9mIQOO1uiMuGgYQ== - send_community: all - maximum_routes: 0 - remote_as: '65101' - ttl_maximum_hops: 1 - bfd_timers: - interval: 1000 - min_rx: 1000 - multiplier: 10 - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: WAN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.255.4 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: dc1-leaf1a - description: dc1-leaf1a_Ethernet7 - - ip_address: 10.255.255.6 - peer_group: IPv4-UNDERLAY-PEERS - remote_as: '65101' - peer: dc1-leaf1b - description: dc1-leaf1b_Ethernet7 - - ip_address: 10.255.255.10 - peer_group: WAN-OVERLAY-PEERS - peer: dc1-leaf1a - description: dc1-leaf1a_Dps1 - - ip_address: 10.255.255.20 - peer_group: WAN-OVERLAY-PEERS - peer: dc1-leaf1b - description: dc1-leaf1b_Dps1 - - ip_address: 10.255.1.1 - peer: dc1-wan1 - description: dc1-wan1 - remote_as: '65101' - update_source: Dps1 - route_reflector_client: true - send_community: all - route_map_in: RM-WAN-HA-PEER-IN - route_map_out: RM-WAN-HA-PEER-OUT - address_family_evpn: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - encapsulation: path-selection - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - neighbors: - - ip_address: 10.255.1.1 - activate: true - encapsulation: path-selection - address_family_ipv4_sr_te: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - address_family_link_state: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - path_selection: - roles: - producer: true - address_family_path_selection: - peer_groups: - - name: WAN-OVERLAY-PEERS - activate: true - bgp: - additional_paths: - receive: true - send: any - vrfs: - - name: default - rd: 10.255.2.2:1 - route_targets: - import: - - address_family: evpn - route_targets: - - '1:1' - export: - - address_family: evpn - route_targets: - - '1:1' - - route-map RM-EVPN-EXPORT-VRF-DEFAULT -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -- destination_address_prefix: 172.18.0.0/16 - gateway: 172.18.4.1 -- destination_address_prefix: 100.64.0.0/16 - gateway: 100.64.4.1 -service_routing_protocols_model: multi-agent -ip_routing: true aaa_root: disabled: true +agents: +- name: KernelFib + environment_variables: + - name: KERNELFIB_PROGRAM_ALL_ECMP + value: '1' +application_traffic_recognition: + field_sets: + ipv4_prefixes: + - name: PFX-PATHFINDERS + prefix_values: + - 10.255.255.10/32 + - 10.255.255.20/32 + applications: + ipv4_applications: + - name: APP-CONTROL-PLANE + dest_prefix_set_name: PFX-PATHFINDERS + application_profiles: + - name: APP-PROFILE-CONTROL-PLANE + applications: + - name: APP-CONTROL-PLANE +as_path: + access_lists: + - name: ASPATH-WAN + entries: + - type: permit + match: '65101' config_end: true +dns_domain: dc1.local +dps_interfaces: +- name: Dps1 + description: DPS Interface + mtu: 9194 + ip_address: 10.255.1.2/32 + flow_tracker: + sampled: FLOW-TRACKER enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: false -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.16/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile ethernet_interfaces: - name: Ethernet1 - peer: dc1-leaf1a - peer_interface: Ethernet7 - peer_type: l3leaf description: P2P_dc1-leaf1a_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 10.255.255.5/31 -- name: Ethernet2 - peer: dc1-leaf1b + peer: dc1-leaf1a peer_interface: Ethernet7 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_dc1-leaf1b_Ethernet7 shutdown: false mtu: 1500 + ip_address: 10.255.255.7/31 + peer: dc1-leaf1b + peer_interface: Ethernet7 + peer_type: l3leaf switchport: enabled: false - ip_address: 10.255.255.7/31 - name: Ethernet3 - peer_type: l3_interface - ip_address: 172.18.4.2/24 + description: mpls-sp-1_DC1-MPLS-4 shutdown: false + ip_address: 172.18.4.2/24 + peer_type: l3_interface switchport: enabled: false - description: mpls-sp-1_DC1-MPLS-4 - name: Ethernet4 - peer_type: l3_interface - ip_address: dhcp + description: isp-1_DC1-INET-4 shutdown: false + ip_address: dhcp + dhcp_client_accept_default_route: true + peer_type: l3_interface switchport: enabled: false - description: isp-1_DC1-INET-4 - dhcp_client_accept_default_route: true +flow_tracking: + sampled: + sample: 10000 + trackers: + - record_export: + on_inactive_timeout: 70000 + on_interval: 300000 + name: FLOW-TRACKER + exporters: + - name: CV-TELEMETRY + collector: + host: 127.0.0.1 + local_interface: Loopback0 + template_interval: 3600000 + shutdown: false +hostname: dc1-wan2 +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 10.255.2.1:100 +ip_routing: true +ip_security: + ike_policies: + - name: DP-IKE-POLICY + local_id: 10.255.1.2 + - name: CP-IKE-POLICY + local_id: 10.255.1.2 + sa_policies: + - name: DP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + - name: CP-SA-POLICY + esp: + encryption: aes256gcm128 + pfs_dh_group: 14 + profiles: + - name: DP-PROFILE + ike_policy: DP-IKE-POLICY + sa_policy: DP-SA-POLICY + connection: start + shared_key: 0110100A480E0A0E231D1E + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + - name: CP-PROFILE + ike_policy: CP-IKE-POLICY + sa_policy: CP-SA-POLICY + connection: start + shared_key: 0110100A480E0A0E231D1E + dpd: + interval: 10 + time: 50 + action: clear + mode: transport + key_controller: + profile: DP-PROFILE +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 10.255.2.2/32 -as_path: - access_lists: - - name: ASPATH-WAN - entries: - - type: permit - match: '65101' +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.16/24 + type: oob + gateway: 172.16.1.1 +management_security: + ssl_profiles: + - name: STUN-DTLS + tls_versions: '1.2' + trust_certificate: + certificates: + - aristaDeviceCertProvisionerDefaultRootCA.crt + certificate: + file: STUN-DTLS.crt + key: STUN-DTLS.key +metadata: + cv_tags: + device_tags: + - name: Role + value: edge + - name: Region + value: Global + - name: Zone + value: Global-ZONE + - name: Site + value: DC1 + interface_tags: + - interface: Ethernet1 + tags: + - name: Type + value: lan + - interface: Ethernet2 + tags: + - name: Type + value: lan + - interface: Ethernet3 + tags: + - name: Type + value: wan + - name: Carrier + value: mpls-sp-1 + - name: Circuit + value: DC1-MPLS-4 + - interface: Ethernet4 + tags: + - name: Type + value: wan + - name: Carrier + value: isp-1 + - name: Circuit + value: DC1-INET-4 + cv_pathfinder: + role: edge + region: Global + zone: Global-ZONE + site: DC1 + vtep_ip: 10.255.1.2 + ssl_profile: STUN-DTLS + pathfinders: + - vtep_ip: 10.255.255.10 + - vtep_ip: 10.255.255.20 + interfaces: + - name: Ethernet3 + carrier: mpls-sp-1 + circuit_id: DC1-MPLS-4 + pathgroup: mpls + - name: Ethernet4 + carrier: isp-1 + circuit_id: DC1-INET-4 + pathgroup: internet prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -302,70 +320,12 @@ route_maps: description: Make locally injected routes less preferred on HA peer set: - local-preference 75 -- name: RM-EVPN-EXPORT-VRF-DEFAULT - sequence_numbers: - - sequence: 10 - type: permit - match: - - extcommunity ECL-EVPN-SOO -agents: -- name: KernelFib - environment_variables: - - name: KERNELFIB_PROGRAM_ALL_ECMP - value: '1' -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 10.255.2.1:100 -ip_security: - ike_policies: - - name: DP-IKE-POLICY - local_id: 10.255.1.2 - - name: CP-IKE-POLICY - local_id: 10.255.1.2 - sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - - name: CP-SA-POLICY - esp: - encryption: aes256gcm128 - pfs_dh_group: 14 - profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: 0110100A480E0A0E231D1E - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - - name: CP-PROFILE - ike_policy: CP-IKE-POLICY - sa_policy: CP-SA-POLICY - connection: start - shared_key: 0110100A480E0A0E231D1E - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - key_controller: - profile: DP-PROFILE -management_security: - ssl_profiles: - - name: STUN-DTLS - certificate: - file: STUN-DTLS.crt - key: STUN-DTLS.key - trust_certificate: - certificates: - - aristaDeviceCertProvisionerDefaultRootCA.crt - tls_versions: '1.2' +- name: RM-EVPN-EXPORT-VRF-DEFAULT + sequence_numbers: + - sequence: 10 + type: permit + match: + - extcommunity ECL-EVPN-SOO router_adaptive_virtual_topology: topology_role: edge region: @@ -382,6 +342,13 @@ router_adaptive_virtual_topology: load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE - name: DEFAULT-POLICY-DEFAULT load_balance_policy: LB-DEFAULT-POLICY-DEFAULT + policies: + - name: DEFAULT-POLICY-WITH-CP + matches: + - application_profile: APP-PROFILE-CONTROL-PLANE + avt_profile: DEFAULT-POLICY-CONTROL-PLANE + - application_profile: default + avt_profile: DEFAULT-POLICY-DEFAULT vrfs: - name: default policy: DEFAULT-POLICY-WITH-CP @@ -390,24 +357,134 @@ router_adaptive_virtual_topology: id: 254 - name: DEFAULT-POLICY-DEFAULT id: 1 - policies: - - name: DEFAULT-POLICY-WITH-CP - matches: - - application_profile: APP-PROFILE-CONTROL-PLANE - avt_profile: DEFAULT-POLICY-CONTROL-PLANE - - application_profile: default - avt_profile: DEFAULT-POLICY-DEFAULT router_bfd: multihop: interval: 300 min_rx: 300 multiplier: 3 +router_bgp: + as: '65101' + router_id: 10.255.2.2 + maximum_paths: + paths: 16 + updates: + wait_install: true + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + password: 7x4B4rnJhZB438m9+BrBfQ== + send_community: all + maximum_routes: 12000 + allowas_in: + enabled: true + times: 1 + route_map_in: RM-BGP-UNDERLAY-PEERS-IN + route_map_out: RM-BGP-UNDERLAY-PEERS-OUT + - name: WAN-OVERLAY-PEERS + type: wan + remote_as: '65101' + update_source: Dps1 + bfd: true + bfd_timers: + interval: 1000 + min_rx: 1000 + multiplier: 10 + password: htm4AZe9mIQOO1uiMuGgYQ== + send_community: all + maximum_routes: 0 + ttl_maximum_hops: 1 + neighbors: + - ip_address: 10.255.255.4 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: dc1-leaf1a + description: dc1-leaf1a_Ethernet7 + - ip_address: 10.255.255.6 + peer_group: IPv4-UNDERLAY-PEERS + remote_as: '65101' + peer: dc1-leaf1b + description: dc1-leaf1b_Ethernet7 + - ip_address: 10.255.255.10 + peer_group: WAN-OVERLAY-PEERS + peer: dc1-leaf1a + description: dc1-leaf1a_Dps1 + - ip_address: 10.255.255.20 + peer_group: WAN-OVERLAY-PEERS + peer: dc1-leaf1b + description: dc1-leaf1b_Dps1 + - ip_address: 10.255.1.1 + remote_as: '65101' + peer: dc1-wan1 + description: dc1-wan1 + route_reflector_client: true + update_source: Dps1 + route_map_in: RM-WAN-HA-PEER-IN + route_map_out: RM-WAN-HA-PEER-OUT + send_community: all + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + neighbors: + - ip_address: 10.255.1.1 + activate: true + encapsulation: path-selection + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + encapsulation: path-selection + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: WAN-OVERLAY-PEERS + activate: false + address_family_ipv4_sr_te: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + address_family_link_state: + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + path_selection: + roles: + producer: true + address_family_path_selection: + bgp: + additional_paths: + receive: true + send: any + peer_groups: + - name: WAN-OVERLAY-PEERS + activate: true + vrfs: + - name: default + rd: 10.255.2.2:1 + route_targets: + import: + - address_family: evpn + route_targets: + - '1:1' + export: + - address_family: evpn + route_targets: + - '1:1' + - route-map RM-EVPN-EXPORT-VRF-DEFAULT router_path_selection: - tcp_mss_ceiling: - ipv4_segment_size: auto path_groups: - name: mpls id: 101 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet3 stun: @@ -425,9 +502,9 @@ router_path_selection: name: dc1-leaf1b ipv4_addresses: - 172.18.2.2 - ipsec_profile: CP-PROFILE - name: internet id: 102 + ipsec_profile: CP-PROFILE local_interfaces: - name: Ethernet4 stun: @@ -445,9 +522,9 @@ router_path_selection: name: dc1-leaf1b ipv4_addresses: - 100.64.2.2 - ipsec_profile: CP-PROFILE - name: LAN_HA id: 65535 + ipsec_profile: DP-PROFILE flow_assignment: lan local_interfaces: - name: Ethernet1 @@ -458,7 +535,6 @@ router_path_selection: ipv4_addresses: - 10.255.255.1 - 10.255.255.3 - ipsec_profile: DP-PROFILE load_balance_policies: - name: LB-DEFAULT-POLICY-CONTROL-PLANE path_groups: @@ -470,8 +546,21 @@ router_path_selection: - name: internet - name: mpls - name: LAN_HA + tcp_mss_ceiling: + ipv4_segment_size: auto router_traffic_engineering: enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +- destination_address_prefix: 172.18.0.0/16 + gateway: 172.18.4.1 +- destination_address_prefix: 100.64.0.0/16 + gateway: 100.64.4.1 stun: client: server_profiles: @@ -487,105 +576,16 @@ stun: - name: internet-dc1-leaf1b-Ethernet7 ip_address: 100.64.2.2 ssl_profile: STUN-DTLS -application_traffic_recognition: - application_profiles: - - name: APP-PROFILE-CONTROL-PLANE - applications: - - name: APP-CONTROL-PLANE - applications: - ipv4_applications: - - name: APP-CONTROL-PLANE - dest_prefix_set_name: PFX-PATHFINDERS - field_sets: - ipv4_prefixes: - - name: PFX-PATHFINDERS - prefix_values: - - 10.255.255.10/32 - - 10.255.255.20/32 -dps_interfaces: -- name: Dps1 - description: DPS Interface - mtu: 9194 - ip_address: 10.255.1.2/32 - flow_tracker: - sampled: FLOW-TRACKER +transceiver_qsfp_default_mode_4x10: false +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: dc1-wan2_VTEP vxlan: - udp_port: 4789 source_interface: Dps1 + udp_port: 4789 vrfs: - name: default vni: 1 -flow_tracking: - sampled: - sample: 10000 - trackers: - - name: FLOW-TRACKER - record_export: - on_inactive_timeout: 70000 - on_interval: 300000 - exporters: - - name: CV-TELEMETRY - collector: - host: 127.0.0.1 - local_interface: Loopback0 - template_interval: 3600000 - shutdown: false -metadata: - cv_tags: - device_tags: - - name: Role - value: edge - - name: Region - value: Global - - name: Zone - value: Global-ZONE - - name: Site - value: DC1 - interface_tags: - - interface: Ethernet1 - tags: - - name: Type - value: lan - - interface: Ethernet2 - tags: - - name: Type - value: lan - - interface: Ethernet3 - tags: - - name: Type - value: wan - - name: Carrier - value: mpls-sp-1 - - name: Circuit - value: DC1-MPLS-4 - - interface: Ethernet4 - tags: - - name: Type - value: wan - - name: Carrier - value: isp-1 - - name: Circuit - value: DC1-INET-4 - cv_pathfinder: - role: edge - ssl_profile: STUN-DTLS - vtep_ip: 10.255.1.2 - region: Global - zone: Global-ZONE - site: DC1 - interfaces: - - name: Ethernet3 - carrier: mpls-sp-1 - circuit_id: DC1-MPLS-4 - pathgroup: mpls - - name: Ethernet4 - carrier: isp-1 - circuit_id: DC1-INET-4 - pathgroup: internet - pathfinders: - - vtep_ip: 10.255.255.10 - - vtep_ip: 10.255.255.20 -dns_domain: dc1.local diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1a.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1a.yml index f1f8da05522..b747cf15222 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1a.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1a.yml @@ -1,49 +1,221 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf1b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf1b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.105/31 + peer: dc2-spine1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.107/31 + peer: dc2-spine2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf1c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf1c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc2-leaf1-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf1-server1 + peer_interface: PCI1 + peer_type: server hostname: dc2-leaf1a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.13/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.13/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.13/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.13/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.111/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.129.85 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf1b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: PortChannel dc2-leaf1-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.116/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65201' router_id: 10.255.128.13 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65201' - next_hop_self: true description: dc2-leaf1b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.129.117 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +233,18 @@ router_bgp: description: dc2-spine2_Ethernet1 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.13:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.117 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1b_Vlan3009 - - name: VRF11 - rd: 10.255.128.13:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.117 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,71 +294,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.13:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.13 + neighbors: + - ip_address: 10.255.129.117 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.13:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.13 + neighbors: + - ip_address: 10.255.129.117 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 + ip_address: 10.255.10.13 +- name: VRF11 + ip_address: 10.255.11.13 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.116/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.84/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.116/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 tenant: TENANT1 - ip_routing: true -- name: VRF11 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.111/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF11 + ip_address: 10.255.129.116/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -256,218 +460,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.116/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.84/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.116/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.116/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf1b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: PortChannel dc2-leaf1-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf1b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf1b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf1b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf1b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc2-spine1_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.105/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_dc2-spine2_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.107/31 -- name: Ethernet8 - peer: dc2-leaf1c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc2-leaf1c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc2-leaf1-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc2-leaf1-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.129.85 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.13/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.13/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.13/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.116/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf1a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -487,10 +494,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.13 -- name: VRF11 - ip_address: 10.255.11.13 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1b.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1b.yml index 936c75a0078..6b1a8958b33 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1b.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1b.yml @@ -1,49 +1,221 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf1a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf1a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf1a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.109/31 + peer: dc2-spine1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.111/31 + peer: dc2-spine2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf1c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf1c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet5 + description: SERVER_dc2-leaf1-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf1-server1 + peer_interface: PCI2 + peer_type: server hostname: dc2-leaf1b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.14/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.13/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.14/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.14/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.112/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF1 + local_interface: Vlan4094 + peer_address: 10.255.129.84 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf1a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf1c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: PortChannel dc2-leaf1-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.116/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65201' router_id: 10.255.128.14 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65201' - next_hop_self: true description: dc2-leaf1a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.129.116 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +233,18 @@ router_bgp: description: dc2-spine2_Ethernet2 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.14:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.116 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1a_Vlan3009 - - name: VRF11 - rd: 10.255.128.14:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.116 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,71 +294,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.14:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.14 + neighbors: + - ip_address: 10.255.129.116 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.14:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.14 + neighbors: + - ip_address: 10.255.129.116 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf1a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 + ip_address: 10.255.10.14 +- name: VRF11 + ip_address: 10.255.11.14 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.117/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.85/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 + tenant: TENANT1 +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.117/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 tenant: TENANT1 - ip_routing: true -- name: VRF11 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.112/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF11 + ip_address: 10.255.129.117/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -256,218 +460,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.117/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.85/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.117/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.117/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf1a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf1c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: PortChannel dc2-leaf1-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf1a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf1a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf1a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf1a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc2-spine1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.109/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_dc2-spine2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.111/31 -- name: Ethernet8 - peer: dc2-leaf1c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc2-leaf1c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet5 - peer: dc2-leaf1-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc2-leaf1-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF1 - local_interface: Vlan4094 - peer_address: 10.255.129.84 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.14/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.13/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.14/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.14/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.116/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf1b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -487,10 +494,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.14 -- name: VRF11 - ip_address: 10.255.11.14 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1c.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1c.yml index 60b8f4eef49..48c3145ffae 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1c.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf1c.yml @@ -1,90 +1,91 @@ -hostname: dc2-leaf1c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.161/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile ethernet_interfaces: - name: Ethernet1 - peer: dc2-leaf1a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc2-leaf1a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc2-leaf1b + peer: dc2-leaf1a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc2-leaf1b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc2-leaf1b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc2-leaf1-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc2-leaf1-server1 peer_interface: iLO peer_type: server - description: SERVER_dc2-leaf1-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc2-leaf1c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.161/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC2_L3_LEAF1_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -104,7 +105,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2a.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2a.yml index 4eb0f593c58..7cec4a827d0 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2a.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2a.yml @@ -1,58 +1,238 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf2b_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2b + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf2b_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2b + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.113/31 + peer: dc2-spine1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.115/31 + peer: dc2-spine2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf2c_Ethernet1 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf2c + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc1-leaf2a_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 192.168.100.1/31 + peer: dc1-leaf2a + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc2-leaf2-server1_PCI1 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf2-server1 + peer_interface: PCI1 + peer_type: server hostname: dc2-leaf2a +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.15/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.15/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.15/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.15/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.113/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.129.89 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf2b_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc2-leaf2-server1_PortChannel dc2-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.120/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65202' router_id: 10.255.128.15 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65202' - next_hop_self: true description: dc2-leaf2b + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false neighbors: - ip_address: 10.255.129.121 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -70,80 +250,35 @@ router_bgp: description: dc2-spine2_Ethernet3 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - ip_address: 10.255.0.5 peer_group: EVPN-OVERLAY-CORE + remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a_Loopback0 - remote_as: '65102' - ip_address: 192.168.100.0 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65102' peer: dc1-leaf2a description: dc1-leaf2a - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.15:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.121 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2b_Vlan3009 - - name: VRF11 - rd: 10.255.128.15:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.121 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 rd: 10.255.128.15:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10011 route_targets: both: - 10011:10011 @@ -152,12 +287,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10011 - id: 12 tenant: TENANT1 rd: 10.255.128.15:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10012 route_targets: both: - 10012:10012 @@ -166,12 +301,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10012 - id: 21 tenant: TENANT1 rd: 10.255.128.15:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10021 route_targets: both: - 10021:10021 @@ -180,12 +315,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10021 - id: 22 tenant: TENANT1 rd: 10.255.128.15:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:10022 route_targets: both: - 10022:10022 @@ -194,12 +329,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:10022 - id: 3401 tenant: TENANT1 rd: 10.255.128.15:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:13401 route_targets: both: - 13401:13401 @@ -208,12 +343,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:13401 - id: 3402 tenant: TENANT1 rd: 10.255.128.15:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.128.15:13402 route_targets: both: - 13402:13402 @@ -222,74 +357,153 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.15:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.15:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.15 + neighbors: + - ip_address: 10.255.129.121 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2b_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.15:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.15 + neighbors: + - ip_address: 10.255.129.121 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2b_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.15 - name: VRF11 + ip_address: 10.255.11.15 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.120/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.88/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.120/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.113/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF11 + ip_address: 10.255.129.120/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -318,228 +532,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.120/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.88/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.120/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.120/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf2b_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc2-leaf2-server1_PortChannel dc2-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf2b - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf2b_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf2b - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf2b_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc2-spine1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.113/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_dc2-spine2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.115/31 -- name: Ethernet8 - peer: dc2-leaf2c - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_dc2-leaf2c_Ethernet1 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc1-leaf2a - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 192.168.100.1/31 - description: P2P_dc1-leaf2a_Ethernet6 -- name: Ethernet5 - peer: dc2-leaf2-server1 - peer_interface: PCI1 - peer_type: server - description: SERVER_dc2-leaf2-server1_PCI1 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.129.89 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.15/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.15/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.15/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.15/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.120/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf2a_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -559,10 +566,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.15 -- name: VRF11 - ip_address: 10.255.11.15 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2b.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2b.yml index cc2e04d54fe..5ebb3c5444b 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2b.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2b.yml @@ -1,58 +1,238 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf2a_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2a + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf2a_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf2a + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.117/31 + peer: dc2-spine1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet4 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.119/31 + peer: dc2-spine2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet8 + description: L2_dc2-leaf2c_Ethernet2 + shutdown: false + channel_group: + id: 8 + mode: active + peer: dc2-leaf2c + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet6 + description: P2P_dc1-leaf2b_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 192.168.100.3/31 + peer: dc1-leaf2b + peer_interface: Ethernet6 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: SERVER_dc2-leaf2-server1_PCI2 + shutdown: false + channel_group: + id: 5 + mode: active + peer: dc2-leaf2-server1 + peer_interface: PCI2 + peer_type: server hostname: dc2-leaf2b +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.16/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.15/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.16/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.16/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.114/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.129.88 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf2a_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel8 + description: L2_dc2-leaf2c_Port-Channel1 + shutdown: false + mlag: 8 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22,3401-3402 +- name: Port-Channel5 + description: SERVER_dc2-leaf2-server1_PortChannel dc2-leaf2-server1 + shutdown: false + mlag: 5 + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 11-12,21-22 + native_vlan: 4092 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.120/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65202' router_id: 10.255.128.16 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65202' - next_hop_self: true description: dc2-leaf2a + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: EVPN-OVERLAY-CORE type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 15 send_community: all maximum_routes: 0 - ebgp_multihop: 15 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - - name: EVPN-OVERLAY-CORE - activate: false neighbors: - ip_address: 10.255.129.120 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -70,80 +250,35 @@ router_bgp: description: dc2-spine2_Ethernet4 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - ip_address: 10.255.0.6 peer_group: EVPN-OVERLAY-CORE + remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b_Loopback0 - remote_as: '65102' - ip_address: 192.168.100.2 + peer_group: IPv4-UNDERLAY-PEERS remote_as: '65102' peer: dc1-leaf2b description: dc1-leaf2b - peer_group: IPv4-UNDERLAY-PEERS - address_family_evpn: - neighbor_default: - next_hop_self_received_evpn_routes: - enable: true - inter_domain: true - peer_groups: - - name: EVPN-OVERLAY-CORE - domain_remote: true - activate: true - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.16:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.120 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2a_Vlan3009 - - name: VRF11 - rd: 10.255.128.16:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.16 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.120 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 rd: 10.255.128.16:10011 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10011 route_targets: both: - 10011:10011 @@ -152,12 +287,12 @@ router_bgp: route_target: 10011:10011 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10011 - id: 12 tenant: TENANT1 rd: 10.255.128.16:10012 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10012 route_targets: both: - 10012:10012 @@ -166,12 +301,12 @@ router_bgp: route_target: 10012:10012 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10012 - id: 21 tenant: TENANT1 rd: 10.255.128.16:10021 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10021 route_targets: both: - 10021:10021 @@ -180,12 +315,12 @@ router_bgp: route_target: 10021:10021 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10021 - id: 22 tenant: TENANT1 rd: 10.255.128.16:10022 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:10022 route_targets: both: - 10022:10022 @@ -194,12 +329,12 @@ router_bgp: route_target: 10022:10022 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:10022 - id: 3401 tenant: TENANT1 rd: 10.255.128.16:13401 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:13401 route_targets: both: - 13401:13401 @@ -208,12 +343,12 @@ router_bgp: route_target: 13401:13401 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:13401 - id: 3402 tenant: TENANT1 rd: 10.255.128.16:13402 + rd_evpn_domain: + domain: remote + rd: 10.255.128.16:13402 route_targets: both: - 13402:13402 @@ -222,74 +357,153 @@ router_bgp: route_target: 13402:13402 redistribute_routes: - learned - rd_evpn_domain: - domain: remote - rd: 10.255.128.16:13402 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + neighbor_default: + next_hop_self_received_evpn_routes: + enable: true + inter_domain: true + peer_groups: + - name: EVPN-OVERLAY-CORE + activate: true + domain_remote: true + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + - name: EVPN-OVERLAY-CORE + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.16:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.16 + neighbors: + - ip_address: 10.255.129.120 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2a_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.16:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.16 + neighbors: + - ip_address: 10.255.129.120 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf2a_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.16 - name: VRF11 + ip_address: 10.255.11.16 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.121/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.89/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.121/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 shutdown: false - vrf: MGMT - ip_address: 172.16.1.114/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF11 + ip_address: 10.255.129.121/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -318,228 +532,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.121/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.89/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.121/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.121/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf2a_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel8 - description: L2_dc2-leaf2c_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false - mlag: 8 -- name: Port-Channel5 - description: SERVER_dc2-leaf2-server1_PortChannel dc2-leaf2-server1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 11-12,21-22 - native_vlan: 4092 - spanning_tree_portfast: edge - mlag: 5 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf2a - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf2a_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf2a - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf2a_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc2-spine1_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.117/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_dc2-spine2_Ethernet4 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.119/31 -- name: Ethernet8 - peer: dc2-leaf2c - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_dc2-leaf2c_Ethernet2 - shutdown: false - channel_group: - id: 8 - mode: active -- name: Ethernet6 - peer: dc1-leaf2b - peer_interface: Ethernet6 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 192.168.100.3/31 - description: P2P_dc1-leaf2b_Ethernet6 -- name: Ethernet5 - peer: dc2-leaf2-server1 - peer_interface: PCI2 - peer_type: server - description: SERVER_dc2-leaf2-server1_PCI2 - shutdown: false - channel_group: - id: 5 - mode: active -mlag_configuration: - domain_id: DC2_L3_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.129.88 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.16/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.15/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.16/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.16/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.120/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf2b_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -559,10 +566,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.16 -- name: VRF11 - ip_address: 10.255.11.16 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2c.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2c.yml index 8dab8b055ad..992cb4640ea 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2c.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf2c.yml @@ -1,90 +1,91 @@ -hostname: dc2-leaf2c -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 aaa_root: disabled: true config_end: true enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 32768 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.162/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile ethernet_interfaces: - name: Ethernet1 - peer: dc2-leaf2a - peer_interface: Ethernet8 - peer_type: l3leaf description: L2_dc2-leaf2a_Ethernet8 shutdown: false channel_group: id: 1 mode: active -- name: Ethernet2 - peer: dc2-leaf2b + peer: dc2-leaf2a peer_interface: Ethernet8 peer_type: l3leaf +- name: Ethernet2 description: L2_dc2-leaf2b_Ethernet8 shutdown: false channel_group: id: 1 mode: active + peer: dc2-leaf2b + peer_interface: Ethernet8 + peer_type: l3leaf - name: Ethernet5 + description: SERVER_dc2-leaf2-server1_iLO + shutdown: false + spanning_tree_portfast: edge peer: dc2-leaf2-server1 peer_interface: iLO peer_type: server - description: SERVER_dc2-leaf2-server1_iLO - shutdown: false switchport: enabled: true mode: access access_vlan: 11 - spanning_tree_portfast: edge +hostname: dc2-leaf2c +ip_igmp_snooping: + globally_enabled: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.162/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab port_channel_interfaces: - name: Port-Channel1 description: L2_DC2_L3_LEAF2_Port-Channel8 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 11-12,21-22,3401-3402 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 32768 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 11 name: VRF10_VLAN11 @@ -104,7 +105,6 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-lab +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3a.arista.com.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3a.arista.com.yml index 4b61a2678b1..39cea567de7 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3a.arista.com.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3a.arista.com.yml @@ -1,49 +1,260 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf3b.arista.com_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf3b.arista.com + peer_interface: Ethernet3 + peer_type: mlag_peer + validate_state: false +- name: Ethernet4 + description: MLAG_dc2-leaf3b.arista.com_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf3b.arista.com + peer_interface: Ethernet4 + peer_type: mlag_peer + validate_lldp: false +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.121/31 + peer: dc2-spine1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet5 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.123/31 + peer: dc2-spine2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet11 + description: dc2-leaf3-fw1_e1 + type: port-channel-member + channel_group: + id: 11 + mode: active + peer: dc2-leaf3-fw1 + peer_interface: e1 + peer_type: firewall +- name: Ethernet12 + description: Test_mode_and_vlans + vlans: '100' + mode: access + type: switched +- name: Ethernet13 + description: Test_native_vlan_and_trunk_groups + native_vlan: 4092 + native_vlan_tag: true + mode: trunk + trunk_groups: + - MLAG + type: switched +- name: Ethernet14 + description: Test_phone + mode: trunk phone + phone: + trunk: tagged + vlan: 20 + type: switched +- name: Ethernet15 + description: Test_type_routed + shutdown: false + type: routed + ip_address: 1.1.1.1/24 + peer: dc2-leaf2b + peer_interface: Ethernet2 +- name: Ethernet16 + description: Test_dhcp_interface_connectivity + ip_address: dhcp + peer: dc2-leaf3b.arista.com + peer_interface: Ethernet16 hostname: dc2-leaf3a.arista.com +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.17/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.17/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.17/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.17/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.115/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF3 + local_interface: Vlan4094 + peer_address: 10.255.129.93 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf3b.arista.com_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel11 + description: dc2-leaf3-fw1_PortChannel + vlans: 11-12,21-22 + type: switched + mode: trunk + native_vlan: 4092 + mlag: 11 + spanning_tree_portfast: edge +- name: Port-Channel12 + description: Test_mode_and_vlans + vlans: '100' + type: switched + mode: access +- name: Port-Channel13 + description: Test_native_vlan_and_trunk_groups + type: switched + mode: trunk + native_vlan: 4092 + native_vlan_tag: true + trunk_groups: + - MLAG +- name: Port-Channel14 + description: Test_phone + type: switched + mode: trunk phone + phone: + trunk: tagged + vlan: 20 +- name: Port-Channel15 + description: Test_type_routed + type: routed + ip_address: 1.1.1.1/24 + peer: dc2-leaf2b + peer_interface: Ethernet2 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.124/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65203' router_id: 10.255.128.17 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65203' - next_hop_self: true description: dc2-leaf3b.arista.com + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.129.125 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +272,18 @@ router_bgp: description: dc2-spine2_Ethernet5 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.17:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.17 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.125 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf3b.arista.com_Vlan3009 - - name: VRF11 - rd: 10.255.128.17:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.17 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.125 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf3b.arista.com_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,71 +333,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.17:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.17 + neighbors: + - ip_address: 10.255.129.125 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf3b.arista.com_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.17:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.17 + neighbors: + - ip_address: 10.255.129.125 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf3b.arista.com_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.17 - name: VRF11 + ip_address: 10.255.11.17 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.124/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.92/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.115/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.124/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.129.124/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -256,257 +499,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.124/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.92/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.124/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.124/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf3b.arista.com_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel11 - description: dc2-leaf3-fw1_PortChannel - vlans: 11-12,21-22 - type: switched - mode: trunk - native_vlan: 4092 - mlag: 11 - spanning_tree_portfast: edge -- name: Port-Channel12 - description: Test_mode_and_vlans - vlans: '100' - type: switched - mode: access -- name: Port-Channel13 - description: Test_native_vlan_and_trunk_groups - type: switched - mode: trunk - native_vlan: 4092 - native_vlan_tag: true - trunk_groups: - - MLAG -- name: Port-Channel14 - description: Test_phone - type: switched - mode: trunk phone - phone: - trunk: tagged - vlan: 20 -- name: Port-Channel15 - description: Test_type_routed - type: routed - ip_address: 1.1.1.1/24 - peer: dc2-leaf2b - peer_interface: Ethernet2 -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf3b.arista.com - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf3b.arista.com_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active - validate_state: false -- name: Ethernet4 - peer: dc2-leaf3b.arista.com - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf3b.arista.com_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active - validate_lldp: false -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_dc2-spine1_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.121/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_dc2-spine2_Ethernet5 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.123/31 -- name: Ethernet11 - description: dc2-leaf3-fw1_e1 - type: port-channel-member - channel_group: - id: 11 - mode: active - peer: dc2-leaf3-fw1 - peer_interface: e1 - peer_type: firewall -- name: Ethernet12 - description: Test_mode_and_vlans - vlans: '100' - mode: access - type: switched -- name: Ethernet13 - description: Test_native_vlan_and_trunk_groups - native_vlan: 4092 - native_vlan_tag: true - mode: trunk - trunk_groups: - - MLAG - type: switched -- name: Ethernet14 - description: Test_phone - mode: trunk phone - phone: - trunk: tagged - vlan: 20 - type: switched -- name: Ethernet15 - description: Test_type_routed - shutdown: false - type: routed - ip_address: 1.1.1.1/24 - peer: dc2-leaf2b - peer_interface: Ethernet2 -- name: Ethernet16 - description: Test_dhcp_interface_connectivity - ip_address: dhcp - peer: dc2-leaf3b.arista.com - peer_interface: Ethernet16 -mlag_configuration: - domain_id: DC2_L3_LEAF3 - local_interface: Vlan4094 - peer_address: 10.255.129.93 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.17/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.17/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.17/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.17/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.124/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf3a.arista.com_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -526,10 +533,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.17 -- name: VRF11 - ip_address: 10.255.11.17 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3b.arista.com.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3b.arista.com.yml index 482bd63cbe1..227eb89d4cb 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3b.arista.com.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-leaf3b.arista.com.yml @@ -1,49 +1,208 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_dc2-leaf3a.arista.com_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf3a.arista.com + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_dc2-leaf3a.arista.com_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: dc2-leaf3a.arista.com + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_dc2-spine1_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.125/31 + peer: dc2-spine1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-spine2_Ethernet6 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.127/31 + peer: dc2-spine2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet11 + description: dc2-leaf3-fw1_e1 + type: port-channel-member + channel_group: + id: 11 + mode: active + peer: dc2-leaf3-fw1 + peer_interface: e1 + peer_type: firewall +- name: Ethernet16 + description: Test_dhcp_interface_connectivity + ip_address: dhcp + peer: dc2-leaf3a.arista.com + peer_interface: Ethernet16 hostname: dc2-leaf3b.arista.com +interface_defaults: + ethernet: + shutdown: true +ip_igmp_snooping: + globally_enabled: true +ip_routing: true +ip_virtual_router_mac_address: 00:1c:73:00:00:99 is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.18/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 10.255.129.17/32 +- name: Loopback10 + description: DIAG_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.10.18/32 +- name: Loopback11 + description: DIAG_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.11.18/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.116/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +mlag_configuration: + domain_id: DC2_L3_LEAF3 + local_interface: Vlan4094 + peer_address: 10.255.129.92 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_dc2-leaf3a.arista.com_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel11 + description: dc2-leaf3-fw1_PortChannel + vlans: 11-12,21-22 + type: switched + mode: trunk + native_vlan: 4092 + mlag: 11 + spanning_tree_portfast: edge +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 + - sequence: 20 + action: permit 10.255.129.0/27 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.129.124/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65203' router_id: 10.255.128.18 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65203' - next_hop_self: true description: dc2-leaf3a.arista.com + next_hop_self: true password: 4b21pAdCvWeAqpcKDFMdWw== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.129.124 peer_group: MLAG-IPv4-UNDERLAY-PEER @@ -61,59 +220,18 @@ router_bgp: description: dc2-spine2_Ethernet6 - ip_address: 10.255.128.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine1 description: dc2-spine1_Loopback0 - remote_as: '65200' - ip_address: 10.255.128.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65200' peer: dc2-spine2 description: dc2-spine2_Loopback0 - remote_as: '65200' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - vrfs: - - name: VRF10 - rd: 10.255.128.18:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 10.255.128.18 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.124 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf3a.arista.com_Vlan3009 - - name: VRF11 - rd: 10.255.128.18:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 10.255.128.18 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.129.124 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: dc2-leaf3a.arista.com_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP vlans: - id: 11 tenant: TENANT1 @@ -163,71 +281,144 @@ router_bgp: - 13402:13402 redistribute_routes: - learned -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: VRF10 + rd: 10.255.128.18:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 10.255.128.18 + neighbors: + - ip_address: 10.255.129.124 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf3a.arista.com_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: VRF11 + rd: 10.255.128.18:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 10.255.128.18 + neighbors: + - ip_address: 10.255.129.124 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: dc2-leaf3a.arista.com_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 -vrfs: -- name: MGMT - ip_routing: false +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 172.16.1.1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: - name: VRF10 - tenant: TENANT1 - ip_routing: true + ip_address: 10.255.10.18 - name: VRF11 + ip_address: 10.255.11.18 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.129.125/31 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.129.93/31 + mtu: 1500 + no_autostate: true +- name: Vlan11 + description: VRF10_VLAN11 + shutdown: false + vrf: VRF10 + ip_address_virtual: 10.10.11.1/24 tenant: TENANT1 - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT +- name: Vlan12 + description: VRF10_VLAN12 shutdown: false - vrf: MGMT - ip_address: 172.16.1.116/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile + vrf: VRF10 + ip_address_virtual: 10.10.12.1/24 + tenant: TENANT1 +- name: Vlan3009 + description: MLAG_L3_VRF_VRF10 + shutdown: false + vrf: VRF10 + ip_address: 10.255.129.125/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +- name: Vlan21 + description: VRF11_VLAN21 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.21.1/24 + tenant: TENANT1 +- name: Vlan22 + description: VRF11_VLAN22 + shutdown: false + vrf: VRF11 + ip_address_virtual: 10.10.22.1/24 + tenant: TENANT1 +- name: Vlan3010 + description: MLAG_L3_VRF_VRF11 + shutdown: false + vrf: VRF11 + ip_address: 10.255.129.125/31 + mtu: 1500 + tenant: TENANT1 + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4093 - tenant: system name: MLAG_L3 trunk_groups: - MLAG -- id: 4094 tenant: system +- id: 4094 name: MLAG trunk_groups: - MLAG + tenant: system - id: 11 name: VRF10_VLAN11 tenant: TENANT1 @@ -256,202 +447,21 @@ vlans: - id: 3402 name: L2_VLAN3402 tenant: TENANT1 -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.129.125/31 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.129.93/31 -- name: Vlan11 - tenant: TENANT1 - description: VRF10_VLAN11 - shutdown: false - ip_address_virtual: 10.10.11.1/24 - vrf: VRF10 -- name: Vlan12 - tenant: TENANT1 - description: VRF10_VLAN12 - shutdown: false - ip_address_virtual: 10.10.12.1/24 - vrf: VRF10 -- name: Vlan3009 - tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF10 - vrf: VRF10 - mtu: 1500 - ip_address: 10.255.129.125/31 -- name: Vlan21 - tenant: TENANT1 - description: VRF11_VLAN21 - shutdown: false - ip_address_virtual: 10.10.21.1/24 - vrf: VRF11 -- name: Vlan22 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF10 + ip_routing: true tenant: TENANT1 - description: VRF11_VLAN22 - shutdown: false - ip_address_virtual: 10.10.22.1/24 - vrf: VRF11 -- name: Vlan3010 +- name: VRF11 + ip_routing: true tenant: TENANT1 - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_VRF11 - vrf: VRF11 - mtu: 1500 - ip_address: 10.255.129.125/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_dc2-leaf3a.arista.com_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel11 - description: dc2-leaf3-fw1_PortChannel - vlans: 11-12,21-22 - type: switched - mode: trunk - native_vlan: 4092 - mlag: 11 - spanning_tree_portfast: edge -ethernet_interfaces: -- name: Ethernet3 - peer: dc2-leaf3a.arista.com - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_dc2-leaf3a.arista.com_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: dc2-leaf3a.arista.com - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_dc2-leaf3a.arista.com_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: dc2-spine1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_dc2-spine1_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.125/31 -- name: Ethernet2 - peer: dc2-spine2 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_dc2-spine2_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.127/31 -- name: Ethernet11 - description: dc2-leaf3-fw1_e1 - type: port-channel-member - channel_group: - id: 11 - mode: active - peer: dc2-leaf3-fw1 - peer_interface: e1 - peer_type: firewall -- name: Ethernet16 - description: Test_dhcp_interface_connectivity - ip_address: dhcp - peer: dc2-leaf3a.arista.com - peer_interface: Ethernet16 -mlag_configuration: - domain_id: DC2_L3_LEAF3 - local_interface: Vlan4094 - peer_address: 10.255.129.92 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.18/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 10.255.129.17/32 -- name: Loopback10 - description: DIAG_VRF_VRF10 - shutdown: false - vrf: VRF10 - ip_address: 10.255.10.18/32 -- name: Loopback11 - description: DIAG_VRF_VRF11 - shutdown: false - vrf: VRF11 - ip_address: 10.255.11.18/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 - - sequence: 20 - action: permit 10.255.129.0/27 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.129.124/31 -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:1c:73:00:00:99 vxlan_interface: vxlan1: description: dc2-leaf3b.arista.com_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 11 @@ -471,13 +481,3 @@ vxlan_interface: vni: 10 - name: VRF11 vni: 11 -virtual_source_nat_vrfs: -- name: VRF10 - ip_address: 10.255.10.18 -- name: VRF11 - ip_address: 10.255.11.18 -metadata: - platform: vEOS-lab -interface_defaults: - ethernet: - shutdown: true diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine1.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine1.yml index 08b527f5c87..ea8aac7bca0 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine1.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine1.yml @@ -1,39 +1,142 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc2-leaf1a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.104/31 + peer: dc2-leaf1a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-leaf1b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.108/31 + peer: dc2-leaf1b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc2-leaf2a_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.112/31 + peer: dc2-leaf2a + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc2-leaf2b_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.116/31 + peer: dc2-leaf2b + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_dc2-leaf3a.arista.com_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.120/31 + peer: dc2-leaf3a.arista.com + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_dc2-leaf3b.arista.com_Ethernet1 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.124/31 + peer: dc2-leaf3b.arista.com + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false hostname: dc2-spine1 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.11/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.21/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65200' router_id: 10.255.128.11 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.105 peer_group: IPv4-UNDERLAY-PEERS @@ -67,164 +170,61 @@ router_bgp: description: dc2-leaf3b.arista.com_Ethernet1 - ip_address: 10.255.128.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1a description: dc2-leaf1a_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1b description: dc2-leaf1b_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2a description: dc2-leaf2a_Loopback0 - remote_as: '65202' - ip_address: 10.255.128.16 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2b description: dc2-leaf2b_Loopback0 - remote_as: '65202' - ip_address: 10.255.128.17 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65203' peer: dc2-leaf3a.arista.com description: dc2-leaf3a.arista.com_Loopback0 - remote_as: '65203' - ip_address: 10.255.128.18 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65203' peer: dc2-leaf3b.arista.com description: dc2-leaf3b.arista.com_Loopback0 - remote_as: '65203' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.21/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -ethernet_interfaces: -- name: Ethernet1 - peer: dc2-leaf1a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf1a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.104/31 -- name: Ethernet2 - peer: dc2-leaf1b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf1b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.108/31 -- name: Ethernet3 - peer: dc2-leaf2a - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf2a_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.112/31 -- name: Ethernet4 - peer: dc2-leaf2b - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf2b_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.116/31 -- name: Ethernet5 - peer: dc2-leaf3a.arista.com - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf3a.arista.com_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.120/31 -- name: Ethernet6 - peer: dc2-leaf3b.arista.com - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_dc2-leaf3b.arista.com_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.124/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine2.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine2.yml index 28a3401ff0a..193ee7601fc 100644 --- a/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine2.yml +++ b/ansible_collections/arista/avd/molecule/eos_validate_state/intended/structured_configs/dc2-spine2.yml @@ -1,39 +1,142 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_dc2-leaf1a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.106/31 + peer: dc2-leaf1a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_dc2-leaf1b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.110/31 + peer: dc2-leaf1b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: P2P_dc2-leaf2a_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.114/31 + peer: dc2-leaf2a + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: P2P_dc2-leaf2b_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.118/31 + peer: dc2-leaf2b + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: P2P_dc2-leaf3a.arista.com_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.122/31 + peer: dc2-leaf3a.arista.com + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: P2P_dc2-leaf3b.arista.com_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 10.255.255.126/31 + peer: dc2-leaf3b.arista.com + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false hostname: dc2-spine2 +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: ansible + privilege: 15 + role: network-admin + sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 10.255.128.12/32 +management_api_http: + enable_https: true + https_ssl_profile: eAPI_SSL_Profile + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 172.16.1.22/24 + type: oob + gateway: 172.16.1.1 +metadata: + platform: vEOS-lab +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.255.128.0/27 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 router_bgp: as: '65200' router_id: 10.255.128.12 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP + bgp: + default: + ipv4_unicast: false peer_groups: - name: IPv4-UNDERLAY-PEERS type: ipv4 password: 7x4B4rnJhZB438m9+BrBfQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: Q4fqtbqcZ7oQuKfuWtNGRQ== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: IPv4-UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 10.255.255.107 peer_group: IPv4-UNDERLAY-PEERS @@ -67,164 +170,61 @@ router_bgp: description: dc2-leaf3b.arista.com_Ethernet2 - ip_address: 10.255.128.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1a description: dc2-leaf1a_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65201' peer: dc2-leaf1b description: dc2-leaf1b_Loopback0 - remote_as: '65201' - ip_address: 10.255.128.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2a description: dc2-leaf2a_Loopback0 - remote_as: '65202' - ip_address: 10.255.128.16 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65202' peer: dc2-leaf2b description: dc2-leaf2b_Loopback0 - remote_as: '65202' - ip_address: 10.255.128.17 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65203' peer: dc2-leaf3a.arista.com description: dc2-leaf3a.arista.com_Loopback0 - remote_as: '65203' - ip_address: 10.255.128.18 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65203' peer: dc2-leaf3b.arista.com description: dc2-leaf3b.arista.com_Loopback0 - remote_as: '65203' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 172.16.1.1 -service_routing_protocols_model: multi-agent -ip_routing: true +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: ansible - privilege: 15 - role: network-admin - sha512_password: $6$7u4j1rkb3VELgcZE$EJt2Qff8kd/TapRoci0XaIZsL4tFzgq1YZBLD9c6f/knXzvcYY0NcMKndZeCv0T268knGKhOEwZAxqKjlMm920 vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 172.16.1.22/24 - gateway: 172.16.1.1 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true - https_ssl_profile: eAPI_SSL_Profile -ethernet_interfaces: -- name: Ethernet1 - peer: dc2-leaf1a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf1a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.106/31 -- name: Ethernet2 - peer: dc2-leaf1b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf1b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.110/31 -- name: Ethernet3 - peer: dc2-leaf2a - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf2a_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.114/31 -- name: Ethernet4 - peer: dc2-leaf2b - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf2b_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.118/31 -- name: Ethernet5 - peer: dc2-leaf3a.arista.com - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf3a.arista.com_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.122/31 -- name: Ethernet6 - peer: dc2-leaf3b.arista.com - peer_interface: Ethernet2 - peer_type: l3leaf - description: P2P_dc2-leaf3b.arista.com_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 10.255.255.126/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 10.255.128.12/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 10.255.128.0/27 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 300 - min_rx: 300 - multiplier: 3 -metadata: - platform: vEOS-lab diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml index cb0dd5a89db..89ffc85683d 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml @@ -1,42 +1,245 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet41 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet6 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.81/31 + peer: DC1-SPINE1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet42 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet6 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.83/31 + peer: DC1-SPINE2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet43 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet6 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.85/31 + peer: DC1-SPINE3 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet44 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet6 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.87/31 + peer: DC1-SPINE4 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_WAN_Zone + ip_address: 10.10.10.10/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet8 + description: test + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + ip_address: 10.10.10.10/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet9 + description: test + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + ip_address: 10.10.20.20/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet10.100 + description: subinterface test + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + encapsulation_dot1q: + vlan: 100 + ip_address: 10.10.11.10/24 + peer_type: l3_interface +- name: Ethernet10.200 + description: subinterface test with vlan override + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + encapsulation_dot1q: + vlan: 121 + ip_address: 10.10.21.10/24 + peer_type: l3_interface +- name: Ethernet10 + shutdown: false + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet4000 + description: My test + shutdown: false + mtu: 1500 + ip_address: 10.3.2.1/21 + peer: MY-own-peer + peer_interface: Ethernet123 + peer_type: my_precious + switchport: + enabled: false +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G hostname: DC1-BL1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +- ip_address: 1.1.1.1 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.14/32 +- name: Loopback1 + description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.14/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: null +platform: + sand: + lag: + hardware_only: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 + notifying: true +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ip next-hop 123.1.1.1 +- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ipv6 next-hop fd5a:fe45:8831:06c5::1 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65104' router_id: 192.168.255.14 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.80 peer_group: UNDERLAY-PEERS @@ -60,35 +263,62 @@ router_bgp: description: DC1-SPINE4_Ethernet6 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: false - vrfs: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.14:14 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.14:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.14:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: false + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.14:14 route_targets: import: - address_family: evpn @@ -107,59 +337,59 @@ router_bgp: route_targets: - 65000:123 router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - static: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 123.1.1.10 - activate: true - - ip_address: 123.1.1.11 - activate: true + updates: + wait_install: true neighbors: - ip_address: 123.1.1.10 remote_as: '1234' - description: External IPv4 BGP peer password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 send_community: standard extended maximum_routes: 0 default_originate: always: false route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT route_map_in: RM-123-1-1-10-IN - local_as: '123' + route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - ip_address: 123.1.1.11 remote_as: '1234' - description: External IPv4 BGP peer password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 send_community: standard extended maximum_routes: 0 default_originate: always: false update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-123-1-1-11-OUT route_map_in: RM-123-1-1-11-IN - local_as: '123' + route_map_out: RM-123-1-1-11-OUT - ip_address: fd5a:fe45:8831:06c5::a remote_as: '12345' send_community: all route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - ip_address: fd5a:fe45:8831:06c5::b remote_as: '12345' + redistribute: + connected: + enabled: true + static: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 123.1.1.10 + activate: true + - ip_address: 123.1.1.11 + activate: true address_family_ipv6: neighbors: - ip_address: fd5a:fe45:8831:06c5::a activate: true - ip_address: fd5a:fe45:8831:06c5::b activate: true - updates: - wait_install: true - name: Tenant_L3_VRF_Zone rd: 192.168.255.14:15 route_targets: @@ -220,332 +450,104 @@ router_bgp: redistribute: connected: enabled: true - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.14:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.14:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-BL1A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -- destination_address_prefix: 10.3.4.0/24 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.4.0/24 gateway: 1.2.3.4 - vrf: Tenant_A_WAN_Zone -- destination_address_prefix: 1.1.1.0/24 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 1.1.1.0/24 + interface: vlan101 gateway: 10.1.1.1 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 1.1.2.0/24 interface: vlan101 - vrf: Tenant_A_WAN_Zone -- destination_address_prefix: 1.1.2.0/24 gateway: 10.1.1.1 distance: 200 tag: 666 name: RT-TO-FAKE-DMZ - interface: vlan101 - vrf: Tenant_A_WAN_Zone -- destination_address_prefix: 10.3.5.0/24 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.5.0/24 interface: Null0 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 + shutdown: false vrf: Tenant_A_WAN_Zone -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - notifying: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -- ip_address: 1.1.1.1 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +vlans: +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C vrfs: - name: MGMT ip_routing: false - name: Tenant_A_WAN_Zone - tenant: Tenant_A ip_routing: true -- name: Tenant_L3_VRF_Zone tenant: Tenant_A +- name: Tenant_L3_VRF_Zone ip_routing: true + tenant: Tenant_A - name: Tenant_B_OP_Zone - tenant: Tenant_B ip_routing: true -- name: Tenant_B_WAN_Zone tenant: Tenant_B +- name: Tenant_B_WAN_Zone ip_routing: true + tenant: Tenant_B - name: Tenant_C_WAN_Zone - tenant: Tenant_C ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: null -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-BL1A -ethernet_interfaces: -- name: Ethernet41 - peer: DC1-SPINE1 - peer_interface: Ethernet6 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet6 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.81/31 -- name: Ethernet42 - peer: DC1-SPINE2 - peer_interface: Ethernet6 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet6 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.83/31 -- name: Ethernet43 - peer: DC1-SPINE3 - peer_interface: Ethernet6 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet6 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.85/31 -- name: Ethernet44 - peer: DC1-SPINE4 - peer_interface: Ethernet6 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet6 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.87/31 -- name: Ethernet7 - peer_type: l3_interface - ip_address: 10.10.10.10/24 - mtu: 9000 - shutdown: false - description: test - switchport: - enabled: false - vrf: Tenant_A_WAN_Zone -- name: Ethernet8 - peer_type: l3_interface - ip_address: 10.10.10.10/24 - mtu: 9000 - shutdown: false - description: test - switchport: - enabled: false - vrf: Tenant_L3_VRF_Zone -- name: Ethernet9 - peer_type: l3_interface - ip_address: 10.10.20.20/24 - mtu: 9000 - shutdown: false - description: test - switchport: - enabled: false - vrf: Tenant_L3_VRF_Zone -- name: Ethernet10.100 - peer_type: l3_interface - ip_address: 10.10.11.10/24 - mtu: 9000 - shutdown: false - description: subinterface test - encapsulation_dot1q: - vlan: 100 - vrf: Tenant_L3_VRF_Zone -- name: Ethernet10.200 - peer_type: l3_interface - ip_address: 10.10.21.10/24 - mtu: 9000 - shutdown: false - description: subinterface test with vlan override - encapsulation_dot1q: - vlan: 121 - vrf: Tenant_L3_VRF_Zone -- name: Ethernet10 - switchport: - enabled: false - peer_type: l3_interface - shutdown: false -- name: Ethernet4000 - description: My test - shutdown: false - mtu: 1500 - ip_address: 10.3.2.1/21 - peer: MY-own-peer - peer_interface: Ethernet123 - peer_type: my_precious - switchport: - enabled: false -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.14/32 -- name: Loopback1 - description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.14/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ip next-hop 123.1.1.1 -- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ipv6 next-hop fd5a:fe45:8831:06c5::1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan350 tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone vxlan_interface: vxlan1: description: DC1-BL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -562,5 +564,3 @@ vxlan_interface: vni: 21 - name: Tenant_C_WAN_Zone vni: 31 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml index e51a6befa3d..b2f610ff523 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml @@ -1,42 +1,243 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet45 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet7 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.97/31 + peer: DC1-SPINE1 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet46 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet7 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.99/31 + peer: DC1-SPINE2 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet47 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet7 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.101/31 + peer: DC1-SPINE3 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet48 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet7 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.103/31 + peer: DC1-SPINE4 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: test + shutdown: false + mtu: 9000 + vrf: Tenant_A_WAN_Zone + ip_address: 10.10.20.20/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet8 + description: test + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + ip_address: 10.10.30.10/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet9 + description: test + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + ip_address: 10.10.40.20/24 + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet10.100 + description: subinterface test + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + encapsulation_dot1q: + vlan: 100 + ip_address: 10.10.31.10/24 + peer_type: l3_interface +- name: Ethernet10.200 + description: subinterface test with vlan override + shutdown: false + mtu: 9000 + vrf: Tenant_L3_VRF_Zone + encapsulation_dot1q: + vlan: 141 + ip_address: 10.10.41.10/24 + peer_type: l3_interface +- name: Ethernet10 + shutdown: false + peer_type: l3_interface + switchport: + enabled: false +- name: Ethernet4000 + description: My second test + shutdown: false + mtu: 1500 + ip_address: 10.1.2.3/12 + peer: MY-own-peer + peer_interface: Ethernet123 + peer_type: my_precious + switchport: + enabled: false +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G hostname: DC1-BL1B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.15/32 +- name: Loopback1 + description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.15/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.111/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: null +platform: + sand: + lag: + hardware_only: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 + notifying: true +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ip next-hop 123.1.1.1 +- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ipv6 next-hop fd5a:fe45:8831:06c5::1 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65105' router_id: 192.168.255.15 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.96 peer_group: UNDERLAY-PEERS @@ -60,37 +261,64 @@ router_bgp: description: DC1-SPINE4_Ethernet7 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: false - vrfs: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.15:14 - route_targets: - import: + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.15:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.15:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: false + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.15:14 + route_targets: + import: - address_family: evpn route_targets: - '14:14' @@ -107,59 +335,59 @@ router_bgp: route_targets: - 65000:123 router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - static: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 123.1.1.10 - activate: true - - ip_address: 123.1.1.11 - activate: true + updates: + wait_install: true neighbors: - ip_address: 123.1.1.10 remote_as: '1234' - description: External IPv4 BGP peer password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 send_community: standard extended maximum_routes: 0 default_originate: always: false route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT route_map_in: RM-123-1-1-10-IN - local_as: '123' + route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - ip_address: 123.1.1.11 remote_as: '1234' - description: External IPv4 BGP peer password: oBztv71m2uhR7hh58/OCNA== + local_as: '123' + description: External IPv4 BGP peer + ebgp_multihop: 3 send_community: standard extended maximum_routes: 0 default_originate: always: false update_source: Loopback123 - ebgp_multihop: 3 - route_map_out: RM-123-1-1-11-OUT route_map_in: RM-123-1-1-11-IN - local_as: '123' + route_map_out: RM-123-1-1-11-OUT - ip_address: fd5a:fe45:8831:06c5::a remote_as: '12345' send_community: all route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - ip_address: fd5a:fe45:8831:06c5::b remote_as: '12345' + redistribute: + connected: + enabled: true + static: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 123.1.1.10 + activate: true + - ip_address: 123.1.1.11 + activate: true address_family_ipv6: neighbors: - ip_address: fd5a:fe45:8831:06c5::a activate: true - ip_address: fd5a:fe45:8831:06c5::b activate: true - updates: - wait_install: true - name: Tenant_L3_VRF_Zone rd: 192.168.255.15:15 route_targets: @@ -220,330 +448,104 @@ router_bgp: redistribute: connected: enabled: true - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.15:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.15:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-BL1B +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -- destination_address_prefix: 10.3.4.0/24 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.4.0/24 gateway: 1.2.3.4 - vrf: Tenant_A_WAN_Zone -- destination_address_prefix: 1.1.1.0/24 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 1.1.1.0/24 + interface: vlan101 gateway: 10.1.1.1 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 1.1.2.0/24 interface: vlan101 - vrf: Tenant_A_WAN_Zone -- destination_address_prefix: 1.1.2.0/24 gateway: 10.1.1.1 distance: 200 tag: 666 name: RT-TO-FAKE-DMZ - interface: vlan101 - vrf: Tenant_A_WAN_Zone -- destination_address_prefix: 10.3.5.0/24 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.5.0/24 interface: Null0 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 + shutdown: false vrf: Tenant_A_WAN_Zone -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 + shutdown: false + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - notifying: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +vlans: +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C vrfs: - name: MGMT ip_routing: false - name: Tenant_A_WAN_Zone - tenant: Tenant_A ip_routing: true -- name: Tenant_L3_VRF_Zone tenant: Tenant_A +- name: Tenant_L3_VRF_Zone ip_routing: true + tenant: Tenant_A - name: Tenant_B_OP_Zone - tenant: Tenant_B ip_routing: true -- name: Tenant_B_WAN_Zone tenant: Tenant_B +- name: Tenant_B_WAN_Zone ip_routing: true + tenant: Tenant_B - name: Tenant_C_WAN_Zone - tenant: Tenant_C ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.111/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: null -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-BL1B -ethernet_interfaces: -- name: Ethernet45 - peer: DC1-SPINE1 - peer_interface: Ethernet7 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet7 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.97/31 -- name: Ethernet46 - peer: DC1-SPINE2 - peer_interface: Ethernet7 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet7 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.99/31 -- name: Ethernet47 - peer: DC1-SPINE3 - peer_interface: Ethernet7 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet7 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.101/31 -- name: Ethernet48 - peer: DC1-SPINE4 - peer_interface: Ethernet7 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet7 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.103/31 -- name: Ethernet7 - peer_type: l3_interface - ip_address: 10.10.20.20/24 - mtu: 9000 - shutdown: false - description: test - switchport: - enabled: false - vrf: Tenant_A_WAN_Zone -- name: Ethernet8 - peer_type: l3_interface - ip_address: 10.10.30.10/24 - mtu: 9000 - shutdown: false - description: test - switchport: - enabled: false - vrf: Tenant_L3_VRF_Zone -- name: Ethernet9 - peer_type: l3_interface - ip_address: 10.10.40.20/24 - mtu: 9000 - shutdown: false - description: test - switchport: - enabled: false - vrf: Tenant_L3_VRF_Zone -- name: Ethernet10.100 - peer_type: l3_interface - ip_address: 10.10.31.10/24 - mtu: 9000 - shutdown: false - description: subinterface test - encapsulation_dot1q: - vlan: 100 - vrf: Tenant_L3_VRF_Zone -- name: Ethernet10.200 - peer_type: l3_interface - ip_address: 10.10.41.10/24 - mtu: 9000 - shutdown: false - description: subinterface test with vlan override - encapsulation_dot1q: - vlan: 141 - vrf: Tenant_L3_VRF_Zone -- name: Ethernet10 - switchport: - enabled: false - peer_type: l3_interface - shutdown: false -- name: Ethernet4000 - description: My second test - shutdown: false - mtu: 1500 - ip_address: 10.1.2.3/12 - peer: MY-own-peer - peer_interface: Ethernet123 - peer_type: my_precious - switchport: - enabled: false -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.15/32 -- name: Loopback1 - description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.15/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ip next-hop 123.1.1.1 -- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ipv6 next-hop fd5a:fe45:8831:06c5::1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan350 tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone vxlan_interface: vxlan1: description: DC1-BL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -560,5 +562,3 @@ vxlan_interface: vni: 21 - name: Tenant_C_WAN_Zone vni: 31 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml index b49a927670c..4f63274d150 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,34 +8,64 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF1B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF1B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: CUSTOM_DC1-LEAF2A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: CUSTOM_DC1-LEAF2B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin privilege: 15 @@ -49,38 +75,90 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.112/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF1 + local_interface: Vlan4091 + peer_address: 10.255.247.15 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF1B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: CUSTOM_DC1-LEAF2A_Po7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-124,130-131,160-162 +queue_monitor_length: + enabled: true + log: 5 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: DC1_FABRIC rackE DC1-L2LEAF1A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG + shutdown: false + ip_address: 10.255.247.14/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -117,84 +195,6 @@ vlans: - id: 162 name: Tenant_A_FTP tenant: Tenant_A -vlan_interfaces: -- name: Vlan4091 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.247.14/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF1B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: CUSTOM_DC1-LEAF2A_Po7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-124,130-131,160-162 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF1B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF1B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF1B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF1B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - description: CUSTOM_DC1-LEAF2A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - description: CUSTOM_DC1-LEAF2B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF1 - local_interface: Vlan4091 - peer_address: 10.255.247.15 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1B.yml index a171d0c5608..2fe1f857b52 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,34 +8,64 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF1A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF1A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: CUSTOM_DC1-LEAF2A_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: CUSTOM_DC1-LEAF2B_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF1B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin privilege: 15 @@ -49,38 +75,90 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.115/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF1 + local_interface: Vlan4091 + peer_address: 10.255.247.14 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF1A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: CUSTOM_DC1-LEAF2A_Po7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-124,130-131,160-162 +queue_monitor_length: + enabled: true + log: 5 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: DC1_FABRIC rackE DC1-L2LEAF1B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG + shutdown: false + ip_address: 10.255.247.15/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -117,84 +195,6 @@ vlans: - id: 162 name: Tenant_A_FTP tenant: Tenant_A -vlan_interfaces: -- name: Vlan4091 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.247.15/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF1A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: CUSTOM_DC1-LEAF2A_Po7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-124,130-131,160-162 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF1A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF1A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF1A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF1A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet8 - peer_type: l3leaf - description: CUSTOM_DC1-LEAF2A_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet8 - peer_type: l3leaf - description: CUSTOM_DC1-LEAF2B_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF1 - local_interface: Vlan4091 - peer_address: 10.255.247.14 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml index 5b069109a7c..0671eeed04d 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,34 +8,64 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: CUSTOM_DC1-SVC3A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: CUSTOM_DC1-SVC3B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin privilege: 15 @@ -49,38 +75,94 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.113/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4091 + peer_address: 10.255.249.17 + peer_address_heartbeat: + peer_ip: 192.168.200.114 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF2B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: CUSTOM_DC1-SVC3A_Po7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-124,130-131,140-141,150,160-162,210-211,250,310-311,350 +queue_monitor_length: + enabled: true + log: 5 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: DC1_FABRIC rackE DC1-L2LEAF2A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG + shutdown: false + ip_address: 10.255.249.16/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -144,88 +226,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4091 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.249.16/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF2B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: CUSTOM_DC1-SVC3A_Po7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-124,130-131,140-141,150,160-162,210-211,250,310-311,350 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet7 - peer_type: l3leaf - description: CUSTOM_DC1-SVC3A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet7 - peer_type: l3leaf - description: CUSTOM_DC1-SVC3B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4091 - peer_address: 10.255.249.17 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.200.114 - vrf: MGMT - dual_primary_detection_delay: 5 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml index 46571799155..125c57ee5ef 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,34 +8,64 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: CUSTOM_DC1-SVC3A_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: CUSTOM_DC1-SVC3B_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4091' +is_deployed: true local_users: - name: admin privilege: 15 @@ -49,38 +75,94 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4091 + peer_address: 10.255.249.16 + peer_address_heartbeat: + peer_ip: 192.168.200.113 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF2A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: CUSTOM_DC1-SVC3A_Po7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-124,130-131,140-141,150,160-162,210-211,250,310-311,350 +queue_monitor_length: + enabled: true + log: 5 +service_routing_protocols_model: multi-agent snmp_server: contact: example@example.com location: DC1_FABRIC rackE DC1-L2LEAF2B +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4091' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4091 + description: MLAG + shutdown: false + ip_address: 10.255.249.17/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4091 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -144,88 +226,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4091 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.249.17/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF2A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: CUSTOM_DC1-SVC3A_Po7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-124,130-131,140-141,150,160-162,210-211,250,310-311,350 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet8 - peer_type: l3leaf - description: CUSTOM_DC1-SVC3A_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet8 - peer_type: l3leaf - description: CUSTOM_DC1-SVC3B_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4091 - peer_address: 10.255.249.16 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.200.113 - vrf: MGMT - dual_primary_detection_delay: 5 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF3A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF3A.yml index a19281c0c8b..fb8a1343ca8 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-L2LEAF3A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF3A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,33 +8,46 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 +ethernet_interfaces: +- name: Ethernet1 + description: CUSTOM_DC1-LEAF2A_Ethernet9 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet9 + peer_type: l3leaf +- name: Ethernet2 + description: CUSTOM_DC1-LEAF2B_Ethernet9 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet9 + peer_type: l3leaf +hostname: DC1-L2LEAF3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin privilege: 15 @@ -48,60 +57,59 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.116/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC rackE DC1-L2LEAF3A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet9 - peer_type: l3leaf - description: CUSTOM_DC1-LEAF2A_Ethernet9 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet9 - peer_type: l3leaf - description: CUSTOM_DC1-LEAF2B_Ethernet9 - shutdown: false - channel_group: - id: 1 - mode: active + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: CUSTOM_DC1-LEAF2A_Po9 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-124,130-131,160-162 - shutdown: false +queue_monitor_length: + enabled: true + log: 5 +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC rackE DC1-L2LEAF3A +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -139,14 +147,6 @@ vlans: - id: 162 name: Tenant_A_FTP tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml index 1bb50aa7e95..581583320c2 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml @@ -1,42 +1,200 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.1/31 + peer: DC1-SPINE1 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.3/31 + peer: DC1-SPINE2 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.5/31 + peer: DC1-SPINE3 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.7/31 + peer: DC1-SPINE4 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet6 + description: CUSTOM_server02_SINGLE_NODE_TRUNK_Eth1 + shutdown: false + l2_mtu: 8000 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server02_SINGLE_NODE_TRUNK + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet7 + description: CUSTOM_server02_SINGLE_NODE_Eth1 + shutdown: false + peer: server02_SINGLE_NODE + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 hostname: DC1-LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65101' router_id: 192.168.255.9 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.0 peer_group: UNDERLAY-PEERS @@ -60,32 +218,59 @@ router_bgp: description: DC1-SPINE4_Ethernet1 - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.9:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: '130' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.9:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-124 address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: false window: 180 threshold: 30 - enabled: false + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.9:12 @@ -117,318 +302,135 @@ router_bgp: redistribute: connected: enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.9:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: '130' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.9:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-124 +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC rackA DC1-LEAF1A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC rackA DC1-LEAF1A -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.1/31 -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet1 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.3/31 -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet1 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.5/31 -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet1 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.7/31 -- name: Ethernet6 - peer: server02_SINGLE_NODE_TRUNK - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: CUSTOM_server02_SINGLE_NODE_TRUNK_Eth1 - shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet7 - peer: server02_SINGLE_NODE - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server02_SINGLE_NODE_Eth1 - shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 122 - name: Tenant_a_WEB_DHCP_no_source_int_no_vrf - tenant: Tenant_A -- id: 123 - name: Tenant_a_WEB_DHCP_source_int_no_vrf - tenant: Tenant_A -- id: 124 - name: Tenant_a_WEB_DHCP_vrf_no_source_int - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan120 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - web - - erp1 + - app +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan122 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A tags: - web +- name: Vlan122 description: Tenant_a_WEB_DHCP_no_source_int_no_vrf shutdown: false - ip_address_virtual: 10.1.22.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.22.1/24 ip_helpers: - ip_helper: 1.1.1.1 -- name: Vlan123 tenant: Tenant_A tags: - web +- name: Vlan123 description: Tenant_a_WEB_DHCP_source_int_no_vrf shutdown: false - ip_address_virtual: 10.1.23.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.23.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 -- name: Vlan124 tenant: Tenant_A tags: - web +- name: Vlan124 description: Tenant_a_WEB_DHCP_vrf_no_source_int shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.24.1/24 ip_helpers: - ip_helper: 1.1.1.1 vrf: TEST + tenant: Tenant_A + tags: + - web +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 122 + name: Tenant_a_WEB_DHCP_no_source_int_no_vrf + tenant: Tenant_A +- id: 123 + name: Tenant_a_WEB_DHCP_source_int_no_vrf + tenant: Tenant_A +- id: 124 + name: Tenant_a_WEB_DHCP_vrf_no_source_int + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback0 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -447,6 +449,4 @@ vxlan_interface: vni: 12 - name: Tenant_A_WEB_Zone vni: 11 -metadata: - platform: 7050SX3 tags: no-monitor diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml index 8b41c12fe9a..d6364ee0990 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml @@ -1,525 +1,251 @@ -hostname: DC1-LEAF2A -is_deployed: true -router_bgp: - as: '65102' - router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.255.16 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet2 - - ip_address: 172.31.255.18 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet2 - - ip_address: 172.31.255.20 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet2 - - ip_address: 172.31.255.22 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet2 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: false - vrfs: - - name: Tenant_A_APP_Zone - rd: 192.168.255.10:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_A_DB_Zone - rd: 192.168.255.10:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_A_OP_Zone - rd: 192.168.255.10:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_A_WEB_Zone - rd: 192.168.255.10:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_B_OP_Zone - rd: 192.168.255.10:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.10:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.10:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: '130' - - name: Tenant_A_DB_Zone - rd: 192.168.255.10:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.10:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.10:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-124 - - name: Tenant_A_FTP - tenant: Tenant_A - rd: 192.168.255.10:10162 - route_targets: - both: - - 10162:10162 - redistribute_routes: - - learned - vlan: '162' - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.10:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.10:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.10:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.10:30030 - route_targets: - both: - - 30030:30030 - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - notifying: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC rackC DC1-LEAF2A +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.17/31 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.19/31 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.21/31 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet2 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.23/31 + peer: DC1-SPINE4 + peer_interface: Ethernet2 + peer_type: spine switchport: enabled: false - ip_address: 172.31.255.23/31 - name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf description: CUSTOM_DC1-L2LEAF1A_Ethernet1 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF1B + peer: DC1-L2LEAF1A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet8 description: CUSTOM_DC1-L2LEAF1B_Ethernet1 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet9 - peer: DC1-L2LEAF3A + peer: DC1-L2LEAF1B peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet9 description: CUSTOM_DC1-L2LEAF3A_Ethernet1 shutdown: false channel_group: id: 9 mode: active + peer: DC1-L2LEAF3A + peer_interface: Ethernet1 + peer_type: l2leaf - name: Ethernet10 + description: CUSTOM_server01_MLAG_Eth2 + shutdown: false + channel_group: + id: 10 + mode: active peer: server01_MLAG peer_interface: Eth2 peer_type: server port_profile: TENANT_B - description: CUSTOM_server01_MLAG_Eth2 +- name: Ethernet11 + description: CUSTOM_server01_MTU_PROFILE_MLAG_Eth4 shutdown: false channel_group: - id: 10 + id: 11 mode: active -- name: Ethernet11 peer: server01_MTU_PROFILE_MLAG peer_interface: Eth4 peer_type: server port_profile: TENANT_A_MTU - description: CUSTOM_server01_MTU_PROFILE_MLAG_Eth4 +- name: Ethernet12 + description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth6 shutdown: false channel_group: - id: 11 + id: 12 mode: active -- name: Ethernet12 peer: server01_MTU_ADAPTOR_MLAG peer_interface: Eth6 peer_type: server - description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth6 +- name: Ethernet13 + description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth8 shutdown: false channel_group: id: 12 mode: active -- name: Ethernet13 peer: server01_MTU_ADAPTOR_MLAG peer_interface: Eth8 peer_type: server - description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth8 +- name: Ethernet20 + description: CUSTOM_FIREWALL01_E0 shutdown: false channel_group: - id: 12 + id: 20 mode: active -- name: Ethernet20 peer: FIREWALL01 peer_interface: E0 peer_type: firewall port_profile: TENANT_A_B - description: CUSTOM_FIREWALL01_E0 - shutdown: false - channel_group: - id: 20 - mode: active - name: Ethernet21 + description: CUSTOM_ROUTER01_Eth0 + shutdown: false peer: ROUTER01 peer_interface: Eth0 peer_type: router port_profile: TENANT_A - description: CUSTOM_ROUTER01_Eth0 - shutdown: false switchport: enabled: true mode: access access_vlan: 110 +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G +hostname: DC1-LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.10/32 +- name: Loopback10 + description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.10/32 +- name: Loopback100 + description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.10/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true port_channel_interfaces: - name: Port-Channel7 description: CUSTOM_DC1-L2LEAF1A_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-124,130-131,160-162 shutdown: false evpn_ethernet_segment: identifier: 0000:1234:0808:0707:0606 route_target: 08:08:07:07:06:06 lacp_id: 0808.0707.0606 -- name: Port-Channel9 - description: CUSTOM_DC1-L2LEAF3A_Po1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-124,130-131,160-162 +- name: Port-Channel9 + description: CUSTOM_DC1-L2LEAF3A_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:1234:0606:0707:0808 route_target: 06:06:07:07:08:08 lacp_id: 0606.0707.0808 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-124,130-131,160-162 - name: Port-Channel10 description: CUSTOM_server01_MLAG_PortChanne1 shutdown: false @@ -550,20 +276,6 @@ port_channel_interfaces: mode: trunk trunk: allowed_vlan: 110-111,210-211 -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.10/32 -- name: Loopback10 - description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.10/32 -- name: Loopback100 - description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.10/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -571,6 +283,10 @@ prefix_lists: action: permit 192.168.255.0/24 eq 32 - sequence: 20 action: permit 192.168.254.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 + notifying: true route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -583,220 +299,509 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 122 - name: Tenant_a_WEB_DHCP_no_source_int_no_vrf - tenant: Tenant_A -- id: 123 - name: Tenant_a_WEB_DHCP_source_int_no_vrf - tenant: Tenant_A -- id: 124 - name: Tenant_a_WEB_DHCP_vrf_no_source_int - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 162 - name: Tenant_A_FTP - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65102' + router_id: 192.168.255.10 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.255.16 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet2 + - ip_address: 172.31.255.18 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet2 + - ip_address: 172.31.255.20 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet2 + - ip_address: 172.31.255.22 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet2 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.10:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: '130' + - name: Tenant_A_DB_Zone + rd: 192.168.255.10:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.10:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.10:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-124 + - name: Tenant_A_FTP + tenant: Tenant_A + rd: 192.168.255.10:10162 + route_targets: + both: + - 10162:10162 + redistribute_routes: + - learned + vlan: '162' + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.10:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.10:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.10:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.10:30030 + route_targets: + both: + - 30030:30030 + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: false + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 192.168.255.10:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: 192.168.255.10:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_A_OP_Zone + rd: 192.168.255.10:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 192.168.255.10:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: 192.168.255.10:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true + - name: Tenant_C_OP_Zone + rd: 192.168.255.10:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.10 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC rackC DC1-LEAF2A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.10 vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan140 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - db - - erp1 + - app +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan110 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A tags: - - opzone + - db +- name: Vlan110 description: SVI 110 CUSTOM DESCRIPTION shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 ip_helpers: - ip_helper: 1.2.3.4 -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: SVI 111 CUSTOM DESCRIPTION shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan120 tenant: Tenant_A tags: - - web - - erp1 + - opzone +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan122 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A tags: - web +- name: Vlan122 description: Tenant_a_WEB_DHCP_no_source_int_no_vrf shutdown: false - ip_address_virtual: 10.1.22.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.22.1/24 ip_helpers: - ip_helper: 1.1.1.1 -- name: Vlan123 tenant: Tenant_A tags: - web +- name: Vlan123 description: Tenant_a_WEB_DHCP_source_int_no_vrf shutdown: false - ip_address_virtual: 10.1.23.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.23.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 -- name: Vlan124 tenant: Tenant_A tags: - web +- name: Vlan124 description: Tenant_a_WEB_DHCP_vrf_no_source_int shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.24.1/24 ip_helpers: - ip_helper: 1.1.1.1 vrf: TEST -- name: Vlan210 - tenant: Tenant_B + tenant: Tenant_A tags: - - opzone + - web +- name: Vlan210 description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan310 - tenant: Tenant_C + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B tags: - opzone +- name: Vlan310 description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 122 + name: Tenant_a_WEB_DHCP_no_source_int_no_vrf + tenant: Tenant_A +- id: 123 + name: Tenant_a_WEB_DHCP_source_int_no_vrf + tenant: Tenant_A +- id: 124 + name: Tenant_a_WEB_DHCP_vrf_no_source_int + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 162 + name: Tenant_A_FTP + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback10 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -845,8 +850,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.10 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml index d2d26c0bcf4..41389ddffb4 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml @@ -1,525 +1,251 @@ -hostname: DC1-LEAF2B -is_deployed: true -router_bgp: - as: '65102' - router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 172.31.255.32 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet3 - - ip_address: 172.31.255.34 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet3 - - ip_address: 172.31.255.36 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet3 - - ip_address: 172.31.255.38 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet3 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: false - vrfs: - - name: Tenant_A_APP_Zone - rd: 192.168.255.11:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_A_DB_Zone - rd: 192.168.255.11:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_A_OP_Zone - rd: 192.168.255.11:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_A_WEB_Zone - rd: 192.168.255.11:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_B_OP_Zone - rd: 192.168.255.11:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.11:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.11:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: '130' - - name: Tenant_A_DB_Zone - rd: 192.168.255.11:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.11:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.11:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-124 - - name: Tenant_A_FTP - tenant: Tenant_A - rd: 192.168.255.11:10162 - route_targets: - both: - - 10162:10162 - redistribute_routes: - - learned - vlan: '162' - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.11:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.11:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.11:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.11:30030 - route_targets: - both: - - 30030:30030 - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -hardware: - speed_groups: - - speed_group: '1' - serdes: 10G - - speed_group: '2' - serdes: 25G - - speed_group: '3' - serdes: 25G - - speed_group: '4' - serdes: 10G -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - notifying: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC rackD DC1-LEAF2B +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.33/31 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.35/31 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.37/31 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet3 - speed: forced 100gfull shutdown: false + speed: forced 100gfull mtu: 1500 + ip_address: 172.31.255.39/31 + peer: DC1-SPINE4 + peer_interface: Ethernet3 + peer_type: spine switchport: enabled: false - ip_address: 172.31.255.39/31 - name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf description: CUSTOM_DC1-L2LEAF1A_Ethernet2 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF1B + peer: DC1-L2LEAF1A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet8 description: CUSTOM_DC1-L2LEAF1B_Ethernet2 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet9 - peer: DC1-L2LEAF3A + peer: DC1-L2LEAF1B peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet9 description: CUSTOM_DC1-L2LEAF3A_Ethernet2 shutdown: false channel_group: id: 9 mode: active + peer: DC1-L2LEAF3A + peer_interface: Ethernet2 + peer_type: l2leaf - name: Ethernet10 + description: CUSTOM_server01_MLAG_Eth3 + shutdown: false + channel_group: + id: 10 + mode: active peer: server01_MLAG peer_interface: Eth3 peer_type: server port_profile: TENANT_B - description: CUSTOM_server01_MLAG_Eth3 +- name: Ethernet11 + description: CUSTOM_server01_MTU_PROFILE_MLAG_Eth5 shutdown: false channel_group: - id: 10 + id: 11 mode: active -- name: Ethernet11 peer: server01_MTU_PROFILE_MLAG peer_interface: Eth5 peer_type: server port_profile: TENANT_A_MTU - description: CUSTOM_server01_MTU_PROFILE_MLAG_Eth5 +- name: Ethernet12 + description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth7 shutdown: false channel_group: - id: 11 + id: 12 mode: active -- name: Ethernet12 peer: server01_MTU_ADAPTOR_MLAG peer_interface: Eth7 peer_type: server - description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth7 +- name: Ethernet13 + description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth9 shutdown: false channel_group: id: 12 mode: active -- name: Ethernet13 peer: server01_MTU_ADAPTOR_MLAG peer_interface: Eth9 peer_type: server - description: CUSTOM_server01_MTU_ADAPTOR_MLAG_Eth9 +- name: Ethernet20 + description: CUSTOM_FIREWALL01_E1 shutdown: false channel_group: - id: 12 + id: 20 mode: active -- name: Ethernet20 peer: FIREWALL01 peer_interface: E1 peer_type: firewall port_profile: TENANT_A_B - description: CUSTOM_FIREWALL01_E1 - shutdown: false - channel_group: - id: 20 - mode: active - name: Ethernet21 + description: CUSTOM_ROUTER01_Eth1 + shutdown: false peer: ROUTER01 peer_interface: Eth1 peer_type: router port_profile: TENANT_A - description: CUSTOM_ROUTER01_Eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 110 +hardware: + speed_groups: + - speed_group: '1' + serdes: 10G + - speed_group: '2' + serdes: 25G + - speed_group: '3' + serdes: 25G + - speed_group: '4' + serdes: 10G +hostname: DC1-LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + shutdown: false + ip_address: 192.168.255.11/32 +- name: Loopback10 + description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF + shutdown: false + ip_address: 192.168.254.11/32 +- name: Loopback100 + description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true port_channel_interfaces: - name: Port-Channel7 description: CUSTOM_DC1-L2LEAF1A_Po1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-124,130-131,160-162 shutdown: false evpn_ethernet_segment: identifier: 0000:1234:0808:0707:0606 route_target: 08:08:07:07:06:06 lacp_id: 0808.0707.0606 -- name: Port-Channel9 - description: CUSTOM_DC1-L2LEAF3A_Po1 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-124,130-131,160-162 +- name: Port-Channel9 + description: CUSTOM_DC1-L2LEAF3A_Po1 shutdown: false evpn_ethernet_segment: identifier: 0000:1234:0606:0707:0808 route_target: 06:06:07:07:08:08 lacp_id: 0606.0707.0808 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-124,130-131,160-162 - name: Port-Channel10 description: CUSTOM_server01_MLAG_PortChanne1 shutdown: false @@ -550,20 +276,6 @@ port_channel_interfaces: mode: trunk trunk: allowed_vlan: 110-111,210-211 -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF - shutdown: false - ip_address: 192.168.255.11/32 -- name: Loopback10 - description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF - shutdown: false - ip_address: 192.168.254.11/32 -- name: Loopback100 - description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.11/32 prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -571,6 +283,10 @@ prefix_lists: action: permit 192.168.255.0/24 eq 32 - sequence: 20 action: permit 192.168.254.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 + notifying: true route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -583,220 +299,509 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 122 - name: Tenant_a_WEB_DHCP_no_source_int_no_vrf - tenant: Tenant_A -- id: 123 - name: Tenant_a_WEB_DHCP_source_int_no_vrf - tenant: Tenant_A -- id: 124 - name: Tenant_a_WEB_DHCP_vrf_no_source_int - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 162 - name: Tenant_A_FTP - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65102' + router_id: 192.168.255.11 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 172.31.255.32 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet3 + - ip_address: 172.31.255.34 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet3 + - ip_address: 172.31.255.36 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet3 + - ip_address: 172.31.255.38 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet3 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.11:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: '130' + - name: Tenant_A_DB_Zone + rd: 192.168.255.11:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.11:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.11:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-124 + - name: Tenant_A_FTP + tenant: Tenant_A + rd: 192.168.255.11:10162 + route_targets: + both: + - 10162:10162 + redistribute_routes: + - learned + vlan: '162' + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.11:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.11:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.11:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.11:30030 + route_targets: + both: + - 30030:30030 + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: false + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 192.168.255.11:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_A_DB_Zone + rd: 192.168.255.11:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_A_OP_Zone + rd: 192.168.255.11:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 192.168.255.11:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_B_OP_Zone + rd: 192.168.255.11:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true + - name: Tenant_C_OP_Zone + rd: 192.168.255.11:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.11 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC rackD DC1-LEAF2B +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.11 vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan140 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - db - - erp1 + - app +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan110 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A tags: - - opzone + - db +- name: Vlan110 description: SVI 110 CUSTOM DESCRIPTION shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 ip_helpers: - ip_helper: 1.2.3.4 -- name: Vlan111 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: SVI 111 CUSTOM DESCRIPTION shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan120 tenant: Tenant_A tags: - - web - - erp1 + - opzone +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan122 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A tags: - web +- name: Vlan122 description: Tenant_a_WEB_DHCP_no_source_int_no_vrf shutdown: false - ip_address_virtual: 10.1.22.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.22.1/24 ip_helpers: - ip_helper: 1.1.1.1 -- name: Vlan123 tenant: Tenant_A tags: - web +- name: Vlan123 description: Tenant_a_WEB_DHCP_source_int_no_vrf shutdown: false - ip_address_virtual: 10.1.23.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.23.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 -- name: Vlan124 tenant: Tenant_A tags: - web +- name: Vlan124 description: Tenant_a_WEB_DHCP_vrf_no_source_int shutdown: false - ip_address_virtual: 10.1.24.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.24.1/24 ip_helpers: - ip_helper: 1.1.1.1 vrf: TEST -- name: Vlan210 - tenant: Tenant_B + tenant: Tenant_A tags: - - opzone + - web +- name: Vlan210 description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan310 - tenant: Tenant_C + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B tags: - opzone +- name: Vlan310 description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 122 + name: Tenant_a_WEB_DHCP_no_source_int_no_vrf + tenant: Tenant_A +- id: 123 + name: Tenant_a_WEB_DHCP_source_int_no_vrf + tenant: Tenant_A +- id: 124 + name: Tenant_a_WEB_DHCP_vrf_no_source_int + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 162 + name: Tenant_A_FTP + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback10 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -845,8 +850,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.11 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml index 42c42142be0..70cc03d9284 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml @@ -1,43 +1,188 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.0/31 + peer: DC1-LEAF1A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.16/31 + peer: DC1-LEAF2A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet1 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.32/31 + peer: DC1-LEAF2B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet41 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.48/31 + peer: DC1-SVC3A + peer_interface: Ethernet41 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet41 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.64/31 + peer: DC1-SVC3B + peer_interface: Ethernet41 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet41 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.80/31 + peer: DC1-BL1A + peer_interface: Ethernet41 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet45 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.96/31 + peer: DC1-BL1B + peer_interface: Ethernet45 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE1 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.1 peer_group: UNDERLAY-PEERS @@ -76,214 +221,69 @@ router_bgp: description: DC1-BL1B_Ethernet45 - ip_address: 192.168.255.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65105' - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' - ip_address: 192.168.255.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-SPINE1 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-SPINE1 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.0/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet1 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.16/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet1 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet1 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.32/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet41 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet41 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.48/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet41 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet41 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.64/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet41 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet41 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.80/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet45 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet45 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.96/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.1/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml index 41890b0bb6c..31840edf0ff 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml @@ -1,43 +1,188 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet2 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.2/31 + peer: DC1-LEAF1A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet2 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.18/31 + peer: DC1-LEAF2A + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet2 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.34/31 + peer: DC1-LEAF2B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet42 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.50/31 + peer: DC1-SVC3A + peer_interface: Ethernet42 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet42 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.66/31 + peer: DC1-SVC3B + peer_interface: Ethernet42 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet42 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.82/31 + peer: DC1-BL1A + peer_interface: Ethernet42 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet46 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.98/31 + peer: DC1-BL1B + peer_interface: Ethernet46 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE2 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.3 peer_group: UNDERLAY-PEERS @@ -76,214 +221,69 @@ router_bgp: description: DC1-BL1B_Ethernet46 - ip_address: 192.168.255.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65105' - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' - ip_address: 192.168.255.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-SPINE2 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-SPINE2 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet2 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.2/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet2 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet2 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.18/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet2 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet2 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.34/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet42 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet42 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.50/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet42 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet42 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.66/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet42 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet42 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.82/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet46 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet46 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.98/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.2/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml index 418cc20926c..9e2c8fc4723 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml @@ -1,43 +1,188 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet3 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.4/31 + peer: DC1-LEAF1A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet3 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.20/31 + peer: DC1-LEAF2A + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet3 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.36/31 + peer: DC1-LEAF2B + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet43 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.52/31 + peer: DC1-SVC3A + peer_interface: Ethernet43 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet43 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.68/31 + peer: DC1-SVC3B + peer_interface: Ethernet43 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet43 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.84/31 + peer: DC1-BL1A + peer_interface: Ethernet43 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet47 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.100/31 + peer: DC1-BL1B + peer_interface: Ethernet47 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE3 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.5 peer_group: UNDERLAY-PEERS @@ -76,214 +221,69 @@ router_bgp: description: DC1-BL1B_Ethernet47 - ip_address: 192.168.255.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65105' - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' - ip_address: 192.168.255.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-SPINE3 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-SPINE3 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet3 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.4/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet3 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet3 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.20/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet3 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet3 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.36/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet43 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet43 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.52/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet43 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet43 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.68/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet43 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet43 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.84/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet47 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet47 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.100/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.3/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml index 685081f51f5..f41309f0b87 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml @@ -1,43 +1,188 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet4 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.6/31 + peer: DC1-LEAF1A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet4 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.22/31 + peer: DC1-LEAF2A + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 + description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet4 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.38/31 + peer: DC1-LEAF2B + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet44 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.54/31 + peer: DC1-SVC3A + peer_interface: Ethernet44 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 + description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet44 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.70/31 + peer: DC1-SVC3B + peer_interface: Ethernet44 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 + description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet44 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.86/31 + peer: DC1-BL1A + peer_interface: Ethernet44 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 + description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet48 + shutdown: false + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.102/31 + peer: DC1-BL1B + peer_interface: Ethernet48 + peer_type: l3leaf + switchport: + enabled: false hostname: DC1-SPINE4 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65001' router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY-PEERS type: ipv4 password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn + next_hop_unchanged: true update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false neighbors: - ip_address: 172.31.255.7 peer_group: UNDERLAY-PEERS @@ -76,214 +221,69 @@ router_bgp: description: DC1-BL1B_Ethernet48 - ip_address: 192.168.255.14 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' peer: DC1-BL1A description: DC1-BL1A_Loopback0 - remote_as: '65104' - ip_address: 192.168.255.15 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' peer: DC1-BL1B description: DC1-BL1B_Loopback0 - remote_as: '65105' - ip_address: 192.168.255.9 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' peer: DC1-LEAF1A description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - ip_address: 192.168.255.10 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2A description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.11 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' peer: DC1-LEAF2B description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - ip_address: 192.168.255.12 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3A description: DC1-SVC3A_Loopback0 - remote_as: '65103' - ip_address: 192.168.255.13 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' peer: DC1-SVC3B description: DC1-SVC3B_Loopback0 - remote_as: '65103' + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-SPINE4 +spanning_tree: + mode: none static_routes: - vrf: MGMT destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. vrfs: - name: MGMT ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-SPINE4 -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet4 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF1A_Ethernet4 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.6/31 -- name: Ethernet2 - peer: DC1-LEAF2A - peer_interface: Ethernet4 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2A_Ethernet4 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.22/31 -- name: Ethernet3 - peer: DC1-LEAF2B - peer_interface: Ethernet4 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-LEAF2B_Ethernet4 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.38/31 -- name: Ethernet4 - peer: DC1-SVC3A - peer_interface: Ethernet44 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3A_Ethernet44 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.54/31 -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet44 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-SVC3B_Ethernet44 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.70/31 -- name: Ethernet6 - peer: DC1-BL1A - peer_interface: Ethernet44 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1A_Ethernet44 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.86/31 -- name: Ethernet7 - peer: DC1-BL1B - peer_interface: Ethernet48 - peer_type: l3leaf - description: CUSTOM_P2P_LINK_TO_DC1-BL1B_Ethernet48 - speed: forced 100gfull - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.102/31 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.4/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml index d1cce3d3de3..fba5fc8a324 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml @@ -1,410 +1,6 @@ -hostname: DC1-SVC3A -is_deployed: true -router_bgp: - as: '65103' - router_id: 192.168.255.12 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-PEERS - type: ipv4 - remote_as: '65103' - next_hop_self: true - description: DC1-SVC3B - password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Vlan4092 - - ip_address: 172.31.255.48 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet4 - - ip_address: 172.31.255.50 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet4 - - ip_address: 172.31.255.52 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet4 - - ip_address: 172.31.255.54 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet4 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: false - vrfs: - - name: Tenant_A_APP_Zone - rd: 192.168.255.12:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3011 - updates: - wait_install: true - - name: Tenant_A_DB_Zone - rd: 192.168.255.12:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3012 - updates: - wait_install: true - - name: Tenant_A_OP_Zone - rd: 192.168.255.12:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3009 - updates: - wait_install: true - - name: Tenant_A_WAN_Zone - rd: 192.168.255.12:14 - route_targets: - import: - - address_family: evpn - route_targets: - - '14:14' - - 65000:456 - export: - - address_family: evpn - route_targets: - - '14:14' - - 65000:789 - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - static: - enabled: true - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3013 - updates: - wait_install: true - - name: Tenant_A_WEB_Zone - rd: 192.168.255.12:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3010 - updates: - wait_install: true - - name: Tenant_B_OP_Zone - rd: 192.168.255.12:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3019 - updates: - wait_install: true - - name: Tenant_B_WAN_Zone - rd: 192.168.255.12:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3020 - updates: - wait_install: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.12:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan2 - updates: - wait_install: true - - name: Tenant_C_WAN_Zone - rd: 192.168.255.12:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-PEERS - description: DC1-SVC3B_Vlan3030 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.12:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: '130' - - name: Tenant_A_DB_Zone - rd: 192.168.255.12:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.12:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.12:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.12:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-124 - - name: Tenant_A_FTP - tenant: Tenant_A - rd: 192.168.255.12:10162 - route_targets: - both: - - 10162:10162 - redistribute_routes: - - learned - vlan: '162' - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.12:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.12:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.12:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.12:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: 192.168.255.12:30030 - route_targets: - both: - - 30030:30030 - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.5.0/24 - interface: Null0 - vrf: Tenant_A_WAN_Zone -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -412,499 +8,403 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4092' -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-SVC3A -vlans: -- id: 4092 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_L3_VRF_Tenant_A_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 122 - name: Tenant_a_WEB_DHCP_no_source_int_no_vrf - tenant: Tenant_A -- id: 123 - name: Tenant_a_WEB_DHCP_source_int_no_vrf - tenant: Tenant_A -- id: 124 - name: Tenant_a_WEB_DHCP_vrf_no_source_int - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 162 - name: Tenant_A_FTP - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_Tenant_B_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_L3_VRF_Tenant_C_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -vlan_interfaces: -- name: Vlan4092 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 - description: Tenant_A_APP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.30.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan131 - tenant: Tenant_A - tags: - - app - description: Tenant_A_APP_Zone_2 - shutdown: false - ip_address_virtual: 10.1.31.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_APP_Zone - vrf: Tenant_A_APP_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan140 - tenant: Tenant_A - tags: - - db - - erp1 - description: Tenant_A_DB_BZone_1 +ethernet_interfaces: +- name: Ethernet5 + description: CUSTOM_MLAG_PEER_DC1-SVC3B_Ethernet5 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan141 - tenant: Tenant_A - tags: - - db - description: Tenant_A_DB_Zone_2 + channel_group: + id: 5 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: CUSTOM_MLAG_PEER_DC1-SVC3B_Ethernet6 shutdown: false - ip_address_virtual: 10.1.41.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering + channel_group: + id: 5 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet7 + description: CUSTOM_DC1-L2LEAF2A_Ethernet1 shutdown: false - description: MLAG_L3_VRF_Tenant_A_DB_Zone - vrf: Tenant_A_DB_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: SVI 110 CUSTOM DESCRIPTION + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet8 + description: CUSTOM_DC1-L2LEAF2B_Ethernet1 shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.2.3.4 -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: SVI 111 CUSTOM DESCRIPTION + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet41 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet4 shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: MGMT -- name: Vlan3009 - tenant: Tenant_A - type: underlay_peering + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.49/31 + peer: DC1-SPINE1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet42 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet4 shutdown: false - description: MLAG_L3_VRF_Tenant_A_OP_Zone - vrf: Tenant_A_OP_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 + ip_address: 172.31.255.51/31 + peer: DC1-SPINE2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet43 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet4 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan3013 - tenant: Tenant_A - type: underlay_peering + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.53/31 + peer: DC1-SPINE3 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet44 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet4 shutdown: false - description: MLAG_L3_VRF_Tenant_A_WAN_Zone - vrf: Tenant_A_WAN_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan120 - tenant: Tenant_A - tags: - - web - - erp1 - description: Tenant_A_WEB_Zone_1 + ip_address: 172.31.255.55/31 + peer: DC1-SPINE4 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet10 + description: CUSTOM_server03_ESI_Eth1 shutdown: false - ip_address_virtual: 10.1.20.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan121 - tenant: Tenant_A - tags: - - web - description: Tenant_A_WEBZone_2 - shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 - vrf: Tenant_A_WEB_Zone -- name: Vlan122 - tenant: Tenant_A - tags: - - web - description: Tenant_a_WEB_DHCP_no_source_int_no_vrf + channel_group: + id: 10 + mode: active + peer: server03_ESI + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A_B +- name: Ethernet11 + description: CUSTOM_server04_inherit_all_from_profile_Eth1 shutdown: false - ip_address_virtual: 10.1.22.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 -- name: Vlan123 - tenant: Tenant_A - tags: - - web - description: Tenant_a_WEB_DHCP_source_int_no_vrf + l2_mtu: 8000 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server04_inherit_all_from_profile + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet12 + description: CUSTOM_server05_no_profile_Eth1 shutdown: false - ip_address_virtual: 10.1.23.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 -- name: Vlan124 - tenant: Tenant_A - tags: - - web - description: Tenant_a_WEB_DHCP_vrf_no_source_int + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server05_no_profile + peer_interface: Eth1 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet13 + description: CUSTOM_server06_override_profile_Eth1 shutdown: false - ip_address_virtual: 10.1.24.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - vrf: TEST -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering + l2_mtu: 8000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server06_override_profile + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet14 + description: CUSTOM_server07_inherit_all_from_profile_port_channel_Eth1 shutdown: false - description: MLAG_L3_VRF_Tenant_A_WEB_Zone - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 + channel_group: + id: 14 + mode: active + peer: server07_inherit_all_from_profile_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL +- name: Ethernet15 + description: CUSTOM_server08_no_profile_port_channel_Eth1 shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 + channel_group: + id: 15 + mode: 'on' + peer: server08_no_profile_port_channel + peer_interface: Eth1 + peer_type: server +- name: Ethernet16 + description: CUSTOM_server09_override_profile_no_port_channel_Eth1 shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering + l2_mtu: 8000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server09_override_profile_no_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet17 + description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_Eth1 shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 + channel_group: + id: 17 + mode: active + lacp_port_priority: 8192 + peer: server10_no_profile_port_channel_lacp_fallback + peer_interface: Eth1 + peer_type: server +- name: Ethernet18 + description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_Eth1 shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering + channel_group: + id: 18 + mode: active + lacp_port_priority: 8192 + peer: server11_inherit_profile_port_channel_lacp_fallback + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK +- name: Ethernet19 + description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_Eth1 shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 + channel_group: + id: 19 + mode: active + lacp_port_priority: 8192 + peer: server12_inherit_nested_profile_port_channel_lacp_fallback + peer_interface: Eth1 + peer_type: server + port_profile: NESTED_PORT_PROFILE +- name: Ethernet20 + description: CUSTOM_server13_disabled_interfaces_Eth1 + shutdown: true + peer: server13_disabled_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet21 + description: CUSTOM_server14_explicitly_enabled_interfaces_Eth1 shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 + peer: server14_explicitly_enabled_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet22 + description: CUSTOM_server15_port_channel_disabled_interfaces_Eth1 + shutdown: true + channel_group: + id: 22 + mode: active + peer: server15_port_channel_disabled_interfaces + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A +hostname: DC1-SVC3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering + ip_address: 192.168.255.12/32 +- name: Loopback1 + description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 + ip_address: 192.168.254.12/32 +- name: Loopback100 + description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.12/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4092 + peer_address: 10.255.252.7 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT port_channel_interfaces: - name: Port-Channel5 description: CUSTOM_MLAG_PEER_DC1-SVC3B_Po5 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel7 description: CUSTOM_DC1-L2LEAF2A_Po1 + shutdown: false + mlag: 7 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-124,130-131,140-141,150,160-162,210-211,250,310-311,350 - shutdown: false - mlag: 7 - name: Port-Channel10 description: CUSTOM_server03_ESI_PortChanne1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 evpn_ethernet_segment: identifier: 0000:1234:0303:0202:0101 route_target: 03:03:02:02:01:01 lacp_id: 0303.0202.0101 -- name: Port-Channel14 - description: CUSTOM_server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false switchport: enabled: true mode: trunk trunk: - allowed_vlan: 1-4094 + allowed_vlan: 110-111,210-211 +- name: Port-Channel14 + description: CUSTOM_server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' + mlag: 14 storm_control: all: level: '10' @@ -918,18 +418,18 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 14 -- name: Port-Channel15 - description: CUSTOM_server08_no_profile_port_channel_server08_no_profile_port_channel - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' +- name: Port-Channel15 + description: CUSTOM_server08_no_profile_port_channel_server08_no_profile_port_channel + shutdown: false + mlag: 15 storm_control: all: level: '10' @@ -943,18 +443,20 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 15 -- name: Port-Channel17 - description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' +- name: Port-Channel17 + description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback + shutdown: false + mlag: 17 + lacp_fallback_timeout: 90 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -968,21 +470,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 17 - lacp_fallback_mode: static - lacp_fallback_timeout: 90 -- name: Port-Channel18 - description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel18 + description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' + mlag: 18 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -996,21 +498,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 18 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 -- name: Port-Channel19 - description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel19 + description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' + mlag: 19 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1024,378 +526,881 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 19 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 - name: Port-Channel22 description: CUSTOM_server15_port_channel_disabled_interfaces_ shutdown: false + mlag: 22 switchport: enabled: true mode: access access_vlan: 110 - mlag: 22 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: CUSTOM_MLAG_PEER_DC1-SVC3B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-SVC3B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: CUSTOM_MLAG_PEER_DC1-SVC3B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf - description: CUSTOM_DC1-L2LEAF2A_Ethernet1 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet1 - peer_type: l2leaf - description: CUSTOM_DC1-L2LEAF2B_Ethernet1 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet41 - peer: DC1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet4 - speed: forced 100gfull +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.252.6/31 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65103' + router_id: 192.168.255.12 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-PEERS + type: ipv4 + remote_as: '65103' + description: DC1-SVC3B + next_hop_self: true + password: 15AwQNBEJ1nyF/kBEtoAGw== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + peer: DC1-SVC3B + description: DC1-SVC3B_Vlan4092 + - ip_address: 172.31.255.48 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet4 + - ip_address: 172.31.255.50 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet4 + - ip_address: 172.31.255.52 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet4 + - ip_address: 172.31.255.54 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet4 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.12:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: '130' + - name: Tenant_A_DB_Zone + rd: 192.168.255.12:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.12:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.12:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.12:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-124 + - name: Tenant_A_FTP + tenant: Tenant_A + rd: 192.168.255.12:10162 + route_targets: + both: + - 10162:10162 + redistribute_routes: + - learned + vlan: '162' + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.12:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.12:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.12:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.12:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.12:30030 + route_targets: + both: + - 30030:30030 + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: false + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 192.168.255.12:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_DB_Zone + rd: 192.168.255.12:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_OP_Zone + rd: 192.168.255.12:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_WAN_Zone + rd: 192.168.255.12:14 + route_targets: + import: + - address_family: evpn + route_targets: + - '14:14' + - 65000:456 + export: + - address_family: evpn + route_targets: + - '14:14' + - 65000:789 + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3013 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + static: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 192.168.255.12:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_B_OP_Zone + rd: 192.168.255.12:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_B_WAN_Zone + rd: 192.168.255.12:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3020 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_OP_Zone + rd: 192.168.255.12:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: 192.168.255.12:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.12 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-PEERS + description: DC1-SVC3B_Vlan3030 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-SVC3A +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4092' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.5.0/24 + interface: Null0 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.12 +vlan_interfaces: +- name: Vlan4092 + description: MLAG shutdown: false + ip_address: 10.255.252.6/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.49/31 -- name: Ethernet42 - peer: DC1-SPINE2 - peer_interface: Ethernet4 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet4 - speed: forced 100gfull + no_autostate: true +- name: Vlan130 + description: Tenant_A_APP_Zone_1 shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.51/31 -- name: Ethernet43 - peer: DC1-SPINE3 - peer_interface: Ethernet4 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet4 - speed: forced 100gfull + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.30.1/24 + tenant: Tenant_A + tags: + - app + - erp1 +- name: Vlan131 + description: Tenant_A_APP_Zone_2 shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.53/31 -- name: Ethernet44 - peer: DC1-SPINE4 - peer_interface: Ethernet4 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet4 - speed: forced 100gfull + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 + tenant: Tenant_A + tags: + - app +- name: Vlan3011 + description: MLAG_L3_VRF_Tenant_A_APP_Zone shutdown: false + vrf: Tenant_A_APP_Zone + ip_address: 10.255.252.6/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.55/31 -- name: Ethernet10 - peer: server03_ESI - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A_B - description: CUSTOM_server03_ESI_Eth1 - shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet11 - peer: server04_inherit_all_from_profile - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: CUSTOM_server04_inherit_all_from_profile_Eth1 - shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet12 - peer: server05_no_profile - peer_interface: Eth1 - peer_type: server - description: CUSTOM_server05_no_profile_Eth1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet13 - peer: server06_override_profile - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: CUSTOM_server06_override_profile_Eth1 + tenant: Tenant_A + type: underlay_peering +- name: Vlan140 + description: Tenant_A_DB_BZone_1 shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet14 - peer: server07_inherit_all_from_profile_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: CUSTOM_server07_inherit_all_from_profile_port_channel_Eth1 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - db + - erp1 +- name: Vlan141 + description: Tenant_A_DB_Zone_2 shutdown: false - channel_group: - id: 14 - mode: active -- name: Ethernet15 - peer: server08_no_profile_port_channel - peer_interface: Eth1 - peer_type: server - description: CUSTOM_server08_no_profile_port_channel_Eth1 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.41.1/24 + tenant: Tenant_A + tags: + - db +- name: Vlan3012 + description: MLAG_L3_VRF_Tenant_A_DB_Zone shutdown: false - channel_group: - id: 15 - mode: 'on' -- name: Ethernet16 - peer: server09_override_profile_no_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: CUSTOM_server09_override_profile_no_port_channel_Eth1 + vrf: Tenant_A_DB_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan110 + description: SVI 110 CUSTOM DESCRIPTION shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet17 - peer: server10_no_profile_port_channel_lacp_fallback - peer_interface: Eth1 - peer_type: server - description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_Eth1 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 + ip_helpers: + - ip_helper: 1.2.3.4 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: SVI 111 CUSTOM DESCRIPTION shutdown: false - channel_group: - id: 17 - mode: active - lacp_port_priority: 8192 -- name: Ethernet18 - peer: server11_inherit_profile_port_channel_lacp_fallback - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK - description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_Eth1 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: MGMT + tenant: Tenant_A + tags: + - opzone +- name: Vlan3009 + description: MLAG_L3_VRF_Tenant_A_OP_Zone shutdown: false - channel_group: - id: 18 - mode: active - lacp_port_priority: 8192 -- name: Ethernet19 - peer: server12_inherit_nested_profile_port_channel_lacp_fallback - peer_interface: Eth1 - peer_type: server - port_profile: NESTED_PORT_PROFILE - description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_Eth1 + vrf: Tenant_A_OP_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - channel_group: - id: 19 - mode: active - lacp_port_priority: 8192 -- name: Ethernet20 - peer: server13_disabled_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server13_disabled_interfaces_Eth1 - shutdown: true - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet21 - peer: server14_explicitly_enabled_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server14_explicitly_enabled_interfaces_Eth1 + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan3013 + description: MLAG_L3_VRF_Tenant_A_WAN_Zone shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet22 - peer: server15_port_channel_disabled_interfaces - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server15_port_channel_disabled_interfaces_Eth1 + vrf: Tenant_A_WAN_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan120 + description: Tenant_A_WEB_Zone_1 + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - web + - erp1 +- name: Vlan121 + description: Tenant_A_WEBZone_2 shutdown: true - channel_group: - id: 22 - mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4092 - peer_address: 10.255.252.7 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +- name: Vlan122 + description: Tenant_a_WEB_DHCP_no_source_int_no_vrf + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.22.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + tenant: Tenant_A + tags: + - web +- name: Vlan123 + description: Tenant_a_WEB_DHCP_source_int_no_vrf + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.23.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + tenant: Tenant_A + tags: + - web +- name: Vlan124 + description: Tenant_a_WEB_DHCP_vrf_no_source_int + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.24.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + vrf: TEST + tenant: Tenant_A + tags: + - web +- name: Vlan3010 + description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone shutdown: false - ip_address: 192.168.255.12/32 -- name: Loopback1 - description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF + vrf: Tenant_B_OP_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.12/32 -- name: Loopback100 - description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.12/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.252.6/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_L3_VRF_Tenant_A_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 122 + name: Tenant_a_WEB_DHCP_no_source_int_no_vrf + tenant: Tenant_A +- id: 123 + name: Tenant_a_WEB_DHCP_source_int_no_vrf + tenant: Tenant_A +- id: 124 + name: Tenant_a_WEB_DHCP_vrf_no_source_int + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 162 + name: Tenant_A_FTP + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_Tenant_B_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_L3_VRF_Tenant_C_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1455,8 +1460,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.12 -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml index 9438a8c4027..412d5e907e8 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ebgp_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml @@ -1,410 +1,6 @@ -hostname: DC1-SVC3B -is_deployed: true -router_bgp: - as: '65103' - router_id: 192.168.255.13 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: MLAG-PEERS - type: ipv4 - remote_as: '65103' - next_hop_self: true - description: DC1-SVC3A - password: 15AwQNBEJ1nyF/kBEtoAGw== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - - name: UNDERLAY-PEERS - type: ipv4 - password: 0nsCUm70mvSTxVO0ldytrg== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG-PEERS - activate: true - - name: UNDERLAY-PEERS - activate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Vlan4092 - - ip_address: 172.31.255.64 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet5 - - ip_address: 172.31.255.66 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet5 - - ip_address: 172.31.255.68 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet5 - - ip_address: 172.31.255.70 - peer_group: UNDERLAY-PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet5 - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: false - vrfs: - - name: Tenant_A_APP_Zone - rd: 192.168.255.13:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3011 - updates: - wait_install: true - - name: Tenant_A_DB_Zone - rd: 192.168.255.13:13 - route_targets: - import: - - address_family: evpn - route_targets: - - '13:13' - export: - - address_family: evpn - route_targets: - - '13:13' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3012 - updates: - wait_install: true - - name: Tenant_A_OP_Zone - rd: 192.168.255.13:10 - route_targets: - import: - - address_family: evpn - route_targets: - - '10:10' - export: - - address_family: evpn - route_targets: - - '10:10' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3009 - updates: - wait_install: true - - name: Tenant_A_WAN_Zone - rd: 192.168.255.13:14 - route_targets: - import: - - address_family: evpn - route_targets: - - '14:14' - - 65000:456 - export: - - address_family: evpn - route_targets: - - '14:14' - - 65000:789 - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - static: - enabled: true - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3013 - updates: - wait_install: true - - name: Tenant_A_WEB_Zone - rd: 192.168.255.13:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3010 - updates: - wait_install: true - - name: Tenant_B_OP_Zone - rd: 192.168.255.13:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3019 - updates: - wait_install: true - - name: Tenant_B_WAN_Zone - rd: 192.168.255.13:21 - route_targets: - import: - - address_family: evpn - route_targets: - - '21:21' - export: - - address_family: evpn - route_targets: - - '21:21' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3020 - updates: - wait_install: true - - name: Tenant_C_OP_Zone - rd: 192.168.255.13:30 - route_targets: - import: - - address_family: evpn - route_targets: - - '30:30' - export: - - address_family: evpn - route_targets: - - '30:30' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan2 - updates: - wait_install: true - - name: Tenant_C_WAN_Zone - rd: 192.168.255.13:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-PEERS - description: DC1-SVC3A_Vlan3030 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.13:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: '130' - - name: Tenant_A_DB_Zone - rd: 192.168.255.13:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.13:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.13:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.13:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-124 - - name: Tenant_A_FTP - tenant: Tenant_A - rd: 192.168.255.13:10162 - route_targets: - both: - - 10162:10162 - redistribute_routes: - - learned - vlan: '162' - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.13:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.13:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.13:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.13:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: 192.168.255.13:30030 - route_targets: - both: - - 30030:30030 - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.5.0/24 - interface: Null0 - vrf: Tenant_A_WAN_Zone -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -412,499 +8,403 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -queue_monitor_length: - enabled: true - log: 5 -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - root_super: true - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4092' -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -snmp_server: - contact: example@example.com - location: DC1_FABRIC DC1-SVC3B -vlans: -- id: 4092 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_L3_VRF_Tenant_A_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 122 - name: Tenant_a_WEB_DHCP_no_source_int_no_vrf - tenant: Tenant_A -- id: 123 - name: Tenant_a_WEB_DHCP_source_int_no_vrf - tenant: Tenant_A -- id: 124 - name: Tenant_a_WEB_DHCP_vrf_no_source_int - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 162 - name: Tenant_A_FTP - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_Tenant_B_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_L3_VRF_Tenant_C_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -vlan_interfaces: -- name: Vlan4092 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 - description: Tenant_A_APP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.30.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan131 - tenant: Tenant_A - tags: - - app - description: Tenant_A_APP_Zone_2 - shutdown: false - ip_address_virtual: 10.1.31.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_APP_Zone - vrf: Tenant_A_APP_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan140 - tenant: Tenant_A - tags: - - db - - erp1 - description: Tenant_A_DB_BZone_1 +ethernet_interfaces: +- name: Ethernet5 + description: CUSTOM_MLAG_PEER_DC1-SVC3A_Ethernet5 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan141 - tenant: Tenant_A - tags: - - db - description: Tenant_A_DB_Zone_2 + channel_group: + id: 5 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: CUSTOM_MLAG_PEER_DC1-SVC3A_Ethernet6 shutdown: false - ip_address_virtual: 10.1.41.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering + channel_group: + id: 5 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet7 + description: CUSTOM_DC1-L2LEAF2A_Ethernet2 shutdown: false - description: MLAG_L3_VRF_Tenant_A_DB_Zone - vrf: Tenant_A_DB_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: SVI 110 CUSTOM DESCRIPTION + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet8 + description: CUSTOM_DC1-L2LEAF2B_Ethernet2 shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.2.3.4 -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: SVI 111 CUSTOM DESCRIPTION + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet41 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet5 shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: MGMT -- name: Vlan3009 - tenant: Tenant_A - type: underlay_peering + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.65/31 + peer: DC1-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet42 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet5 shutdown: false - description: MLAG_L3_VRF_Tenant_A_OP_Zone - vrf: Tenant_A_OP_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 + ip_address: 172.31.255.67/31 + peer: DC1-SPINE2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet43 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet5 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan3013 - tenant: Tenant_A - type: underlay_peering + speed: forced 100gfull + mtu: 1500 + ip_address: 172.31.255.69/31 + peer: DC1-SPINE3 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet44 + description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet5 shutdown: false - description: MLAG_L3_VRF_Tenant_A_WAN_Zone - vrf: Tenant_A_WAN_Zone + speed: forced 100gfull mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan120 - tenant: Tenant_A - tags: - - web - - erp1 - description: Tenant_A_WEB_Zone_1 + ip_address: 172.31.255.71/31 + peer: DC1-SPINE4 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet10 + description: CUSTOM_server03_ESI_Eth2 shutdown: false - ip_address_virtual: 10.1.20.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan121 - tenant: Tenant_A - tags: - - web - description: Tenant_A_WEBZone_2 - shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 - vrf: Tenant_A_WEB_Zone -- name: Vlan122 - tenant: Tenant_A - tags: - - web - description: Tenant_a_WEB_DHCP_no_source_int_no_vrf + channel_group: + id: 10 + mode: active + peer: server03_ESI + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A_B +- name: Ethernet11 + description: CUSTOM_server04_inherit_all_from_profile_Eth2 shutdown: false - ip_address_virtual: 10.1.22.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 -- name: Vlan123 - tenant: Tenant_A - tags: - - web - description: Tenant_a_WEB_DHCP_source_int_no_vrf + l2_mtu: 8000 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server04_inherit_all_from_profile + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet12 + description: CUSTOM_server05_no_profile_Eth2 shutdown: false - ip_address_virtual: 10.1.23.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 -- name: Vlan124 - tenant: Tenant_A - tags: - - web - description: Tenant_a_WEB_DHCP_vrf_no_source_int + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server05_no_profile + peer_interface: Eth2 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet13 + description: CUSTOM_server06_override_profile_Eth2 shutdown: false - ip_address_virtual: 10.1.24.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - vrf: TEST -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering + l2_mtu: 8000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server06_override_profile + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet14 + description: CUSTOM_server07_inherit_all_from_profile_port_channel_Eth2 shutdown: false - description: MLAG_L3_VRF_Tenant_A_WEB_Zone - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 + channel_group: + id: 14 + mode: active + peer: server07_inherit_all_from_profile_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL +- name: Ethernet15 + description: CUSTOM_server08_no_profile_port_channel_Eth2 shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 + channel_group: + id: 15 + mode: 'on' + peer: server08_no_profile_port_channel + peer_interface: Eth2 + peer_type: server +- name: Ethernet16 + description: CUSTOM_server09_override_profile_no_port_channel_Eth2 shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering + l2_mtu: 8000 + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server09_override_profile_no_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet17 + description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_Eth2 shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 + channel_group: + id: 17 + mode: active + lacp_port_priority: 32768 + peer: server10_no_profile_port_channel_lacp_fallback + peer_interface: Eth2 + peer_type: server +- name: Ethernet18 + description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_Eth2 shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering + channel_group: + id: 18 + mode: active + lacp_port_priority: 32768 + peer: server11_inherit_profile_port_channel_lacp_fallback + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK +- name: Ethernet19 + description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_Eth2 shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 + channel_group: + id: 19 + mode: active + lacp_port_priority: 32768 + peer: server12_inherit_nested_profile_port_channel_lacp_fallback + peer_interface: Eth2 + peer_type: server + port_profile: NESTED_PORT_PROFILE +- name: Ethernet20 + description: CUSTOM_server13_disabled_interfaces_Eth2 + shutdown: true + peer: server13_disabled_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet21 + description: CUSTOM_server14_explicitly_enabled_interfaces_Eth2 shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 + peer: server14_explicitly_enabled_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Ethernet22 + description: CUSTOM_server15_port_channel_disabled_interfaces_Eth2 + shutdown: true + channel_group: + id: 22 + mode: active + peer: server15_port_channel_disabled_interfaces + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_A +hostname: DC1-SVC3B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false + - id: 160 + enabled: true + - id: 161 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: CUSTOM_EVPN_Overlay_Peering_L3LEAF shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering + ip_address: 192.168.255.13/32 +- name: Loopback1 + description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 + ip_address: 192.168.254.12/32 +- name: Loopback100 + description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.13/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050SX3 +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4092 + peer_address: 10.255.252.6 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT port_channel_interfaces: - name: Port-Channel5 description: CUSTOM_MLAG_PEER_DC1-SVC3A_Po5 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel7 description: CUSTOM_DC1-L2LEAF2A_Po1 + shutdown: false + mlag: 7 switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-124,130-131,140-141,150,160-162,210-211,250,310-311,350 - shutdown: false - mlag: 7 - name: Port-Channel10 description: CUSTOM_server03_ESI_PortChanne1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 evpn_ethernet_segment: identifier: 0000:1234:0303:0202:0101 route_target: 03:03:02:02:01:01 lacp_id: 0303.0202.0101 -- name: Port-Channel14 - description: CUSTOM_server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false switchport: enabled: true mode: trunk trunk: - allowed_vlan: 1-4094 + allowed_vlan: 110-111,210-211 +- name: Port-Channel14 + description: CUSTOM_server07_inherit_all_from_profile_port_channel_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' + mlag: 14 storm_control: all: level: '10' @@ -918,18 +418,18 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 14 -- name: Port-Channel15 - description: CUSTOM_server08_no_profile_port_channel_server08_no_profile_port_channel - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' +- name: Port-Channel15 + description: CUSTOM_server08_no_profile_port_channel_server08_no_profile_port_channel + shutdown: false + mlag: 15 storm_control: all: level: '10' @@ -943,18 +443,20 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 15 -- name: Port-Channel17 - description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' +- name: Port-Channel17 + description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_server10_no_profile_port_channel_lacp_fallback + shutdown: false + mlag: 17 + lacp_fallback_timeout: 90 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -968,21 +470,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 17 - lacp_fallback_mode: static - lacp_fallback_timeout: 90 -- name: Port-Channel18 - description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel18 + description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' + mlag: 18 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -996,21 +498,21 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 18 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 -- name: Port-Channel19 - description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge switchport: enabled: true mode: trunk trunk: allowed_vlan: 1-4094 +- name: Port-Channel19 + description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_NESTED_ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false l2_mtu: 8000 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' + mlag: 19 + lacp_fallback_timeout: 10 + lacp_fallback_mode: static storm_control: all: level: '10' @@ -1024,378 +526,881 @@ port_channel_interfaces: unknown_unicast: level: '2' unit: percent - mlag: 19 - lacp_fallback_mode: static - lacp_fallback_timeout: 10 + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 - name: Port-Channel22 description: CUSTOM_server15_port_channel_disabled_interfaces_ shutdown: false + mlag: 22 switchport: enabled: true mode: access access_vlan: 110 - mlag: 22 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-SVC3A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: CUSTOM_MLAG_PEER_DC1-SVC3A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-SVC3A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: CUSTOM_MLAG_PEER_DC1-SVC3A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf - description: CUSTOM_DC1-L2LEAF2A_Ethernet2 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet2 - peer_type: l2leaf - description: CUSTOM_DC1-L2LEAF2B_Ethernet2 - shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet41 - peer: DC1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE1_Ethernet5 - speed: forced 100gfull +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.252.6/31 +queue_monitor_length: + enabled: true + log: 5 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65103' + router_id: 192.168.255.13 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: MLAG-PEERS + type: ipv4 + remote_as: '65103' + description: DC1-SVC3A + next_hop_self: true + password: 15AwQNBEJ1nyF/kBEtoAGw== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + - name: UNDERLAY-PEERS + type: ipv4 + password: 0nsCUm70mvSTxVO0ldytrg== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + peer: DC1-SVC3A + description: DC1-SVC3A_Vlan4092 + - ip_address: 172.31.255.64 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Ethernet5 + - ip_address: 172.31.255.66 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Ethernet5 + - ip_address: 172.31.255.68 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Ethernet5 + - ip_address: 172.31.255.70 + peer_group: UNDERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Ethernet5 + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.13:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: '130' + - name: Tenant_A_DB_Zone + rd: 192.168.255.13:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.13:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.13:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.13:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-124 + - name: Tenant_A_FTP + tenant: Tenant_A + rd: 192.168.255.13:10162 + route_targets: + both: + - 10162:10162 + redistribute_routes: + - learned + vlan: '162' + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.13:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.13:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.13:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.13:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.13:30030 + route_targets: + both: + - 30030:30030 + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: false + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: MLAG-PEERS + activate: true + - name: UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 192.168.255.13:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_DB_Zone + rd: 192.168.255.13:13 + route_targets: + import: + - address_family: evpn + route_targets: + - '13:13' + export: + - address_family: evpn + route_targets: + - '13:13' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_OP_Zone + rd: 192.168.255.13:10 + route_targets: + import: + - address_family: evpn + route_targets: + - '10:10' + export: + - address_family: evpn + route_targets: + - '10:10' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_A_WAN_Zone + rd: 192.168.255.13:14 + route_targets: + import: + - address_family: evpn + route_targets: + - '14:14' + - 65000:456 + export: + - address_family: evpn + route_targets: + - '14:14' + - 65000:789 + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3013 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + static: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 192.168.255.13:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_B_OP_Zone + rd: 192.168.255.13:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_B_WAN_Zone + rd: 192.168.255.13:21 + route_targets: + import: + - address_family: evpn + route_targets: + - '21:21' + export: + - address_family: evpn + route_targets: + - '21:21' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3020 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_OP_Zone + rd: 192.168.255.13:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: 192.168.255.13:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.13 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-PEERS + description: DC1-SVC3A_Vlan3030 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +snmp_server: + contact: example@example.com + location: DC1_FABRIC DC1-SVC3B +spanning_tree: + root_super: true + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4092' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.5.0/24 + interface: Null0 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.13 +vlan_interfaces: +- name: Vlan4092 + description: MLAG shutdown: false + ip_address: 10.255.252.7/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.65/31 -- name: Ethernet42 - peer: DC1-SPINE2 - peer_interface: Ethernet5 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE2_Ethernet5 - speed: forced 100gfull + no_autostate: true +- name: Vlan130 + description: Tenant_A_APP_Zone_1 shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.67/31 -- name: Ethernet43 - peer: DC1-SPINE3 - peer_interface: Ethernet5 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE3_Ethernet5 - speed: forced 100gfull + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.30.1/24 + tenant: Tenant_A + tags: + - app + - erp1 +- name: Vlan131 + description: Tenant_A_APP_Zone_2 shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.69/31 -- name: Ethernet44 - peer: DC1-SPINE4 - peer_interface: Ethernet5 - peer_type: spine - description: CUSTOM_P2P_LINK_TO_DC1-SPINE4_Ethernet5 - speed: forced 100gfull + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 + tenant: Tenant_A + tags: + - app +- name: Vlan3011 + description: MLAG_L3_VRF_Tenant_A_APP_Zone shutdown: false + vrf: Tenant_A_APP_Zone + ip_address: 10.255.252.7/31 mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.71/31 -- name: Ethernet10 - peer: server03_ESI - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A_B - description: CUSTOM_server03_ESI_Eth2 - shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet11 - peer: server04_inherit_all_from_profile - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: CUSTOM_server04_inherit_all_from_profile_Eth2 - shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet12 - peer: server05_no_profile - peer_interface: Eth2 - peer_type: server - description: CUSTOM_server05_no_profile_Eth2 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet13 - peer: server06_override_profile - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: CUSTOM_server06_override_profile_Eth2 + tenant: Tenant_A + type: underlay_peering +- name: Vlan140 + description: Tenant_A_DB_BZone_1 shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet14 - peer: server07_inherit_all_from_profile_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: CUSTOM_server07_inherit_all_from_profile_port_channel_Eth2 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - db + - erp1 +- name: Vlan141 + description: Tenant_A_DB_Zone_2 shutdown: false - channel_group: - id: 14 - mode: active -- name: Ethernet15 - peer: server08_no_profile_port_channel - peer_interface: Eth2 - peer_type: server - description: CUSTOM_server08_no_profile_port_channel_Eth2 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.41.1/24 + tenant: Tenant_A + tags: + - db +- name: Vlan3012 + description: MLAG_L3_VRF_Tenant_A_DB_Zone shutdown: false - channel_group: - id: 15 - mode: 'on' -- name: Ethernet16 - peer: server09_override_profile_no_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: CUSTOM_server09_override_profile_no_port_channel_Eth2 + vrf: Tenant_A_DB_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan110 + description: SVI 110 CUSTOM DESCRIPTION shutdown: false - l2_mtu: 8000 - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet17 - peer: server10_no_profile_port_channel_lacp_fallback - peer_interface: Eth2 - peer_type: server - description: CUSTOM_server10_no_profile_port_channel_lacp_fallback_Eth2 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 + ip_helpers: + - ip_helper: 1.2.3.4 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: SVI 111 CUSTOM DESCRIPTION shutdown: false - channel_group: - id: 17 - mode: active - lacp_port_priority: 32768 -- name: Ethernet18 - peer: server11_inherit_profile_port_channel_lacp_fallback - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL_LACP_FALLBACK - description: CUSTOM_server11_inherit_profile_port_channel_lacp_fallback_Eth2 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: MGMT + tenant: Tenant_A + tags: + - opzone +- name: Vlan3009 + description: MLAG_L3_VRF_Tenant_A_OP_Zone shutdown: false - channel_group: - id: 18 - mode: active - lacp_port_priority: 32768 -- name: Ethernet19 - peer: server12_inherit_nested_profile_port_channel_lacp_fallback - peer_interface: Eth2 - peer_type: server - port_profile: NESTED_PORT_PROFILE - description: CUSTOM_server12_inherit_nested_profile_port_channel_lacp_fallback_Eth2 + vrf: Tenant_A_OP_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - channel_group: - id: 19 - mode: active - lacp_port_priority: 32768 -- name: Ethernet20 - peer: server13_disabled_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server13_disabled_interfaces_Eth2 - shutdown: true - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet21 - peer: server14_explicitly_enabled_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server14_explicitly_enabled_interfaces_Eth2 + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan3013 + description: MLAG_L3_VRF_Tenant_A_WAN_Zone shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 110 -- name: Ethernet22 - peer: server15_port_channel_disabled_interfaces - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_A - description: CUSTOM_server15_port_channel_disabled_interfaces_Eth2 + vrf: Tenant_A_WAN_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan120 + description: Tenant_A_WEB_Zone_1 + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - web + - erp1 +- name: Vlan121 + description: Tenant_A_WEBZone_2 shutdown: true - channel_group: - id: 22 - mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4092 - peer_address: 10.255.252.6 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: CUSTOM_EVPN_Overlay_Peering_L3LEAF + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +- name: Vlan122 + description: Tenant_a_WEB_DHCP_no_source_int_no_vrf + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.22.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + tenant: Tenant_A + tags: + - web +- name: Vlan123 + description: Tenant_a_WEB_DHCP_source_int_no_vrf + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.23.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + tenant: Tenant_A + tags: + - web +- name: Vlan124 + description: Tenant_a_WEB_DHCP_vrf_no_source_int + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.24.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + vrf: TEST + tenant: Tenant_A + tags: + - web +- name: Vlan3010 + description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false + vrf: Tenant_A_WEB_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone shutdown: false - ip_address: 192.168.255.13/32 -- name: Loopback1 - description: CUSTOM_VTEP_VXLAN_Tunnel_Source_L3LEAF + vrf: Tenant_B_OP_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.12/32 -- name: Loopback100 - description: CUSTOM_VTEP_DIAGNOSTICS_LOOPBACK_DESC + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.252.6/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false - - id: 160 - enabled: true - - id: 161 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_B_WAN_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone + shutdown: false + vrf: Tenant_C_WAN_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4092 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_L3_VRF_Tenant_A_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 122 + name: Tenant_a_WEB_DHCP_no_source_int_no_vrf + tenant: Tenant_A +- id: 123 + name: Tenant_a_WEB_DHCP_source_int_no_vrf + tenant: Tenant_A +- id: 124 + name: Tenant_a_WEB_DHCP_vrf_no_source_int + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 162 + name: Tenant_A_FTP + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_Tenant_B_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_L3_VRF_Tenant_C_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1455,8 +1460,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.13 -metadata: - platform: 7050SX3 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1A.yml index ca1806b386e..e523a7736c9 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1A.yml @@ -1,52 +1,6 @@ -hostname: DC1-BL1A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,185 +8,92 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.10/31 - isis_enable: EVPN_UNDERLAY - isis_bfd: true - isis_metric: 50 - isis_network_point_to_point: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.10/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-BL1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet5 - peer: DC1-BL1B - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-BL1B_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-BL1B - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-BL1B_Ethernet6 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet1 - peer: DC1-SPINE1 + peer: DC1-BL1B peer_interface: Ethernet6 - peer_type: spine + peer_type: mlag_peer +- name: Ethernet1 description: P2P_DC1-SPINE1_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.41/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet6 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.43/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet6 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.45/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet6 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.47/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet8 - peer: ROUTERX - peer_interface: Ethernet8 - peer_type: other + peer: DC1-SPINE4 + peer_interface: Ethernet6 + peer_type: spine switchport: enabled: false +- name: Ethernet8 + description: P2P_ROUTERX_Ethernet8 shutdown: false mtu: 1500 ip_address: 100.64.0.0/31 @@ -240,16 +101,38 @@ ethernet_interfaces: isis_bfd: true isis_metric: 50 isis_network_point_to_point: true - isis_hello_padding: true isis_circuit_type: level-2 - description: P2P_ROUTERX_Ethernet8 -mlag_configuration: - domain_id: DC1_BL1 - local_interface: Vlan4094 - peer_address: 10.255.252.11 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + isis_hello_padding: true + peer: ROUTERX + peer_interface: Ethernet8 + peer_type: other + switchport: + enabled: false +hostname: DC1-BL1A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.10:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -263,25 +146,45 @@ loopback_interfaces: ip_address: 192.168.254.10/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5010.00 - router_id: 192.168.255.10 - is_type: level-2 - address_family_ipv4: +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_BL1 + local_interface: Vlan4094 + peer_address: 10.255.252.11 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-BL1B_Port-Channel5 + shutdown: false + switchport: enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.10:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + mode: trunk + trunk: + groups: + - MLAG route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -297,15 +200,112 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.10:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.10 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5010.00 + router_id: 192.168.255.10 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.10/31 + isis_enable: EVPN_UNDERLAY + isis_bfd: true + isis_metric: 50 + isis_network_point_to_point: true + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.10/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-BL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1B.yml index 6e24423e9ac..62b0ae5182b 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-BL1B.yml @@ -1,52 +1,6 @@ -hostname: DC1-BL1B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,186 +8,115 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.111/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.11/31 - isis_enable: EVPN_UNDERLAY - isis_bfd: true - isis_metric: 50 - isis_network_point_to_point: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.11/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-BL1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet5 - peer: DC1-BL1A - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-BL1A_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-BL1A - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-BL1A_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-BL1A + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet7 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.49/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.51/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.53/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.55/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -mlag_configuration: - domain_id: DC1_BL1 - local_interface: Vlan4094 - peer_address: 10.255.252.10 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-SPINE4 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +hostname: DC1-BL1B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.10:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -247,25 +130,45 @@ loopback_interfaces: ip_address: 192.168.254.10/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5011.00 - router_id: 192.168.255.11 - is_type: level-2 - address_family_ipv4: +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.111/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_BL1 + local_interface: Vlan4094 + peer_address: 10.255.252.10 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-BL1A_Port-Channel5 + shutdown: false + switchport: enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.10:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + mode: trunk + trunk: + groups: + - MLAG route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -281,15 +184,112 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.10:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.11 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5011.00 + router_id: 192.168.255.11 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.11/31 + isis_enable: EVPN_UNDERLAY + isis_bfd: true + isis_metric: 50 + isis_network_point_to_point: true + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.11/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-BL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF1A.yml index 00851d8c87e..3725b0a4431 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,30 +8,39 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC1-LEAF2A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-LEAF2B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin privilege: 15 @@ -45,58 +50,53 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.112/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_LEAF2_Port-Channel7 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: none - shutdown: false -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2A.yml index 3b263399e02..67dfccb7215 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,57 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,106 +68,84 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.113/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.17 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.16/31 + vrf: MGMT port_channel_interfaces: - name: Port-Channel3 description: MLAG_DC1-L2LEAF2B_Port-Channel3 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.17 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + ip_address: 10.255.252.16/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2B.yml index d80ded8068c..54d94191125 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-L2LEAF2B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,57 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,106 +68,84 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.16 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.17/31 + vrf: MGMT port_channel_interfaces: - name: Port-Channel3 description: MLAG_DC1-L2LEAF2A_Port-Channel3 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: none +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.16 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + ip_address: 10.255.252.17/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF1A.yml index 4569987eb14..029b2dacf4f 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF1A.yml @@ -1,52 +1,6 @@ -hostname: DC1-LEAF1A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,123 +8,97 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.1/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.3/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.5/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.7/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-SPINE4 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +hostname: DC1-LEAF1A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.5:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -178,25 +106,28 @@ loopback_interfaces: ip_address: 192.168.255.5/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5005.00 - router_id: 192.168.255.5 - is_type: level-2 - address_family_ipv4: - enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.5:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -212,14 +143,83 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.5:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5005.00 + router_id: 192.168.255.5 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback0 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2A.yml index 618b3dcbe7c..b7949b08ee9 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2A.yml @@ -1,52 +1,6 @@ -hostname: DC1-LEAF2A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.6 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,204 +8,124 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.2/31 - isis_enable: EVPN_UNDERLAY - isis_bfd: true - isis_metric: 50 - isis_network_point_to_point: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.2/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 7 ethernet_interfaces: - name: Ethernet5 - peer: DC1-LEAF2B - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-LEAF2B_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-LEAF2B - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-LEAF2B_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.9/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.11/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.13/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet2 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.15/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-SPINE4 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false - name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_DC1-L2LEAF1A_Ethernet1 shutdown: false channel_group: id: 7 mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.3 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: DC1-LEAF2A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.6:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -265,25 +139,54 @@ loopback_interfaces: ip_address: 192.168.254.6/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5006.00 - router_id: 192.168.255.6 - is_type: level-2 - address_family_ipv4: +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.3 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2B_Port-Channel5 + shutdown: false + switchport: enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.6:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -299,15 +202,112 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.6:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.6 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5006.00 + router_id: 192.168.255.6 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.2/31 + isis_enable: EVPN_UNDERLAY + isis_bfd: true + isis_metric: 50 + isis_network_point_to_point: true + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.2/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback10 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2B.yml index a5e8f5faf22..ea929b2bc16 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-LEAF2B.yml @@ -1,52 +1,6 @@ -hostname: DC1-LEAF2B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.7 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,204 +8,124 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.3/31 - isis_enable: EVPN_UNDERLAY - isis_bfd: true - isis_metric: 50 - isis_network_point_to_point: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.3/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 7 ethernet_interfaces: - name: Ethernet5 - peer: DC1-LEAF2A - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-LEAF2A_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-LEAF2A - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-LEAF2A_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.17/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.19/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.21/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet3 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.23/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-SPINE4 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false - name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_DC1-L2LEAF1A_Ethernet2 shutdown: false channel_group: id: 7 mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-L2LEAF1A + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: DC1-LEAF2B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.6:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -265,25 +139,54 @@ loopback_interfaces: ip_address: 192.168.254.6/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5007.00 - router_id: 192.168.255.7 - is_type: level-2 - address_family_ipv4: +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2A_Port-Channel5 + shutdown: false + switchport: enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.6:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -299,15 +202,112 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.6:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.7 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5007.00 + router_id: 192.168.255.7 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.3/31 + isis_enable: EVPN_UNDERLAY + isis_bfd: true + isis_metric: 50 + isis_network_point_to_point: true + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.3/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback10 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE1.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE1.yml index 2e5fa28852a..a201968e083 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE1.yml @@ -1,72 +1,6 @@ -hostname: DC1-SPINE1 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - bgp_cluster_id: 192.168.255.1 - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - route_reflector_client: true - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.10 - peer_group: OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - - ip_address: 192.168.255.11 - peer_group: OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - - ip_address: 192.168.255.5 - peer_group: OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - - ip_address: 192.168.255.6 - peer_group: OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - - ip_address: 192.168.255.7 - peer_group: OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - - ip_address: 192.168.255.8 - peer_group: OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - - ip_address: 192.168.255.9 - peer_group: OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -74,165 +8,134 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.0/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.8/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.16/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.24/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.32/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.40/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.48/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-BL1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE1 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -240,19 +143,116 @@ loopback_interfaces: ip_address: 192.168.255.1/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_cluster_id: 192.168.255.1 + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + route_reflector_client: true + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: OVERLAY-PEERS + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: OVERLAY-PEERS + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: OVERLAY-PEERS + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: OVERLAY-PEERS + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: OVERLAY-PEERS + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: OVERLAY-PEERS + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: OVERLAY-PEERS + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5001.00 router_id: 192.168.255.1 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE2.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE2.yml index 2c5f317c99f..114643db42f 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE2.yml @@ -1,11 +1,6 @@ -hostname: DC1-SPINE2 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -13,165 +8,134 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.2/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.10/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.18/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.26/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.34/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.42/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.50/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-BL1B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE2 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -179,14 +143,50 @@ loopback_interfaces: ip_address: 192.168.255.2/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5002.00 router_id: 192.168.255.2 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE3.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE3.yml index 92fa04a8a85..1f9431cab2d 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE3.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE3.yml @@ -1,11 +1,6 @@ -hostname: DC1-SPINE3 -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -13,165 +8,134 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.4/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.12/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.20/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.28/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.36/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.44/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.52/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-BL1B + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE3 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -179,14 +143,50 @@ loopback_interfaces: ip_address: 192.168.255.3/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5003.00 router_id: 192.168.255.3 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE4.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE4.yml index 7ac2d81f7a5..15ddb03b32f 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE4.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SPINE4.yml @@ -1,72 +1,6 @@ -hostname: DC1-SPINE4 -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - bgp_cluster_id: 192.168.255.4 - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - route_reflector_client: true - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.10 - peer_group: OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - - ip_address: 192.168.255.11 - peer_group: OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - - ip_address: 192.168.255.5 - peer_group: OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - - ip_address: 192.168.255.6 - peer_group: OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - - ip_address: 192.168.255.7 - peer_group: OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - - ip_address: 192.168.255.8 - peer_group: OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - - ip_address: 192.168.255.9 - peer_group: OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -74,165 +8,134 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet4 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.6/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.14/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.22/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.30/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.38/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.46/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.54/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-BL1B + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE4 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -240,19 +143,116 @@ loopback_interfaces: ip_address: 192.168.255.4/32 isis_enable: EVPN_UNDERLAY isis_passive: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_cluster_id: 192.168.255.4 + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + route_reflector_client: true + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: OVERLAY-PEERS + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: OVERLAY-PEERS + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: OVERLAY-PEERS + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: OVERLAY-PEERS + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: OVERLAY-PEERS + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: OVERLAY-PEERS + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: OVERLAY-PEERS + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false router_isis: instance: EVPN_UNDERLAY - log_adjacency_changes: true net: 49.0001.1921.6825.5004.00 router_id: 192.168.255.4 is_type: level-2 + log_adjacency_changes: true address_family_ipv4: enabled: true maximum_paths: 4 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3A.yml index 7afa574edcf..92694df5776 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3A.yml @@ -1,52 +1,6 @@ -hostname: DC1-SVC3A -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.8 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,203 +8,133 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.6/31 - isis_enable: EVPN_UNDERLAY - isis_bfd: true - isis_metric: 50 - isis_network_point_to_point: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 7 ethernet_interfaces: - name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-SVC3B_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-SVC3B - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-SVC3B_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-SVC3B + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.25/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.27/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.29/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.31/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-SPINE4 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false - name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_DC1-L2LEAF2A_Ethernet1 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B + peer: DC1-L2LEAF2A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet8 description: L2_DC1-L2LEAF2B_Ethernet1 shutdown: false channel_group: id: 7 mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.7 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: DC1-SVC3A +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.8:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -264,25 +148,54 @@ loopback_interfaces: ip_address: 192.168.254.8/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5008.00 - router_id: 192.168.255.8 - is_type: level-2 - address_family_ipv4: +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.7 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3B_Port-Channel5 + shutdown: false + switchport: enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.8:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -298,15 +211,102 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.8:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.8 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5008.00 + router_id: 192.168.255.8 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.6/31 + isis_enable: EVPN_UNDERLAY + isis_bfd: true + isis_metric: 50 + isis_network_point_to_point: true + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-SVC3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3B.yml index 3291d6c5bd0..2fbeffec3a9 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_isis_overlay_ibgp/intended/structured_configs/DC1-SVC3B.yml @@ -1,52 +1,6 @@ -hostname: DC1-SVC3B -is_deployed: true -router_bgp: - as: '65000' - router_id: 192.168.255.9 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - updates: - wait_install: true - peer_groups: - - name: OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: 64fqSH5CFUNLRHErezMrRg== - send_community: all - maximum_routes: 0 - remote_as: '65000' - address_family_evpn: - peer_groups: - - name: OVERLAY-PEERS - activate: true - route_map_in: RM-EVPN-SOO-IN - route_map_out: RM-EVPN-SOO-OUT - address_family_ipv4: - peer_groups: - - name: OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - - ip_address: 192.168.255.4 - peer_group: OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -54,203 +8,133 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: true -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.7/31 - isis_enable: EVPN_UNDERLAY - isis_bfd: true - isis_metric: 50 - isis_network_point_to_point: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: none - shutdown: false - mlag: 7 ethernet_interfaces: - name: Ethernet5 - peer: DC1-SVC3A - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-SVC3A_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-SVC3A - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-SVC3A_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-SVC3A + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.33/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.35/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.37/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.39/31 isis_enable: EVPN_UNDERLAY isis_bfd: true isis_metric: 50 isis_network_point_to_point: true isis_circuit_type: level-2 + peer: DC1-SPINE4 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false - name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_DC1-L2LEAF2A_Ethernet2 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B + peer: DC1-L2LEAF2A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet8 description: L2_DC1-L2LEAF2B_Ethernet2 shutdown: false channel_group: id: 7 mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.6 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: DC1-SVC3B +ip_extcommunity_lists: +- name: ECL-EVPN-SOO + entries: + - type: permit + extcommunities: soo 192.168.254.8:1 +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -264,25 +148,54 @@ loopback_interfaces: ip_address: 192.168.254.8/32 isis_enable: EVPN_UNDERLAY isis_passive: true -router_isis: - instance: EVPN_UNDERLAY - log_adjacency_changes: true - net: 49.0001.1921.6825.5009.00 - router_id: 192.168.255.9 - is_type: level-2 - address_family_ipv4: +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.6 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3A_Port-Channel5 + shutdown: false + switchport: enabled: true - maximum_paths: 4 -ip_extcommunity_lists: -- name: ECL-EVPN-SOO - entries: - - type: permit - extcommunities: soo 192.168.254.8:1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: none route_maps: - name: RM-EVPN-SOO-IN sequence_numbers: @@ -298,15 +211,102 @@ route_maps: type: permit set: - extcommunity soo 192.168.254.8:1 additive -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65000' + router_id: 192.168.255.9 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: OVERLAY-PEERS + type: evpn + remote_as: '65000' + update_source: Loopback0 + bfd: true + password: 64fqSH5CFUNLRHErezMrRg== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.4 + peer_group: OVERLAY-PEERS + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: OVERLAY-PEERS + activate: true + route_map_in: RM-EVPN-SOO-IN + route_map_out: RM-EVPN-SOO-OUT + address_family_ipv4: + peer_groups: + - name: OVERLAY-PEERS + activate: false +router_isis: + instance: EVPN_UNDERLAY + net: 49.0001.1921.6825.5009.00 + router_id: 192.168.255.9 + is_type: level-2 + log_adjacency_changes: true + address_family_ipv4: + enabled: true + maximum_paths: 4 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.7/31 + isis_enable: EVPN_UNDERLAY + isis_bfd: true + isis_metric: 50 + isis_network_point_to_point: true + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-SVC3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml index 312d5c7a6c9..23969e19c51 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml @@ -1,66 +1,6 @@ -hostname: DC1-BL1A -is_deployed: true -router_bgp: - as: '65104' - router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -68,126 +8,34 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.10/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.10/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-BL1B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet5 - peer: DC1-BL1B - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-BL1B_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-BL1B - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-BL1B_Ethernet6 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet1 - peer: DC1-SPINE1 + peer: DC1-BL1B peer_interface: Ethernet6 - peer_type: spine + peer_type: mlag_peer +- name: Ethernet1 description: P2P_DC1-SPINE1_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.41/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -196,15 +44,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet6 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.43/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -213,15 +61,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet6 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.45/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -230,15 +78,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet6 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet6 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.47/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -247,13 +95,31 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -mlag_configuration: - domain_id: DC1_BL1 - local_interface: Vlan4094 - peer_address: 10.255.252.11 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-SPINE4 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +hostname: DC1-BL1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -265,33 +131,167 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.10/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_BL1 + local_interface: Vlan4094 + peer_address: 10.255.252.11 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-BL1B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65104' + router_id: 192.168.255.10 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.10 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 - Ethernet3 - Ethernet4 - Vlan4093 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.10/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.10/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-BL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml index bd85365be9d..d12369e1621 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml @@ -1,66 +1,6 @@ -hostname: DC1-BL1B -is_deployed: true -router_bgp: - as: '65104' - router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -68,126 +8,34 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.111/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ip_address: 10.255.251.11/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.11/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-BL1A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false ethernet_interfaces: - name: Ethernet5 - peer: DC1-BL1A - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-BL1A_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-BL1A - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-BL1A_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-BL1A + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet7 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.49/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -196,15 +44,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.51/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -213,15 +61,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.53/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -230,15 +78,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet7 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet7 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.55/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -247,13 +95,31 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -mlag_configuration: - domain_id: DC1_BL1 - local_interface: Vlan4094 - peer_address: 10.255.252.10 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-SPINE4 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +hostname: DC1-BL1B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -265,33 +131,167 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.10/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.111/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_BL1 + local_interface: Vlan4094 + peer_address: 10.255.252.10 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-BL1A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65104' + router_id: 192.168.255.11 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.11 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 - Ethernet3 - Ethernet4 - Vlan4093 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 + shutdown: false + ip_address: 10.255.251.11/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 1500 +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.11/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-BL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml index ab5992e4e38..b2f3aa05195 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,30 +8,39 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC1-LEAF2A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-LEAF2B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin privilege: 15 @@ -45,62 +50,57 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.112/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_LEAF2_Port-Channel7 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: '210' - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 210 name: Tenant_B_OP_Zone_1 tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml index d603ec66730..4a32cce8520 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,57 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,109 +68,87 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.113/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.17 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_A -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.16/31 + vrf: MGMT port_channel_interfaces: - name: Port-Channel3 description: MLAG_DC1-L2LEAF2B_Port-Channel3 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: '210' +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.17 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + ip_address: 10.255.252.16/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml index 8d27e5c4516..799f90dd712 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,57 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,109 +68,87 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.16 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_A -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.17/31 + vrf: MGMT port_channel_interfaces: - name: Port-Channel3 description: MLAG_DC1-L2LEAF2A_Port-Channel3 + shutdown: false switchport: enabled: true mode: trunk trunk: groups: - MLAG - shutdown: false - name: Port-Channel1 description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 switchport: enabled: true mode: trunk trunk: allowed_vlan: '210' +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.16 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -ip_igmp_snooping: - globally_enabled: true -metadata: - platform: vEOS-LAB + ip_address: 10.255.252.17/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml index 64c166380ad..ac7219cab70 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml @@ -1,66 +1,6 @@ -hostname: DC1-LEAF1A -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -68,72 +8,16 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.1/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -142,15 +26,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.3/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -159,15 +43,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.5/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -176,15 +60,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.7/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -193,6 +77,31 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk + peer: DC1-SPINE4 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +hostname: DC1-LEAF1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -204,31 +113,122 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.5/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65101' + router_id: 192.168.255.5 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.5 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 - Ethernet3 - Ethernet4 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false vxlan_interface: vxlan1: description: DC1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 -metadata: - platform: vEOS-LAB + udp_port: 4789 diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml index 790bbffa52c..5c87da9ef3b 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml @@ -1,77 +1,300 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF2B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF2B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.9/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ + peer: DC1-SPINE1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.11/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y + peer: DC1-SPINE2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.13/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y + peer: DC1-SPINE3 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet2 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.15/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk + peer: DC1-SPINE4 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf hostname: DC1-LEAF2A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 + ospf_area: 0.0.0.0 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 + ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.3 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '210' +prefix_lists: +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.2/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.6 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 10 ecmp: 10 updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: DC1-LEAF2B + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true neighbors: - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' - vrfs: + vlan_aware_bundles: - name: Tenant_B_OP_Zone rd: 192.168.255.6:20 route_targets: - import: - - address_family: evpn + both: + - '20:20' + redistribute_routes: + - learned + vlan: '210' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + vrfs: + - name: Tenant_B_OP_Zone + rd: 192.168.255.6:20 + route_targets: + import: + - address_family: evpn route_targets: - '20:20' export: @@ -79,328 +302,107 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2B_Vlan3019 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_B_OP_Zone - rd: 192.168.255.6:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '210' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_ospf: + process_ids: + - id: 101 + passive_interface_default: true + router_id: 192.168.255.6 + bfd_enable: true + no_passive_interfaces: + - Ethernet1 + - Ethernet2 + - Ethernet3 + - Ethernet4 + - Vlan4093 + max_lsa: 12000 service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_B_OP_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_A -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.255.251.2/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.2/31 + mtu: 1500 + no_autostate: true - name: Vlan210 - tenant: Tenant_A - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '210' - shutdown: false - mlag: 7 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF2B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF2B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.9/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.11/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet2 - shutdown: false mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.13/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.15/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF1A_Ethernet1 - shutdown: false - channel_group: - id: 7 - mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.3 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 - ospf_area: 0.0.0.0 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.6/32 - ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 101 - passive_interface_default: true - router_id: 192.168.255.6 - max_lsa: 12000 - no_passive_interfaces: - - Ethernet1 - - Ethernet2 - - Ethernet3 - - Ethernet4 - - Vlan4093 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -prefix_lists: -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.2/31 + tenant: Tenant_A + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_A +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 210 @@ -408,5 +410,3 @@ vxlan_interface: vrfs: - name: Tenant_B_OP_Zone vni: 20 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml index aff2722b2d8..a73d750644d 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml @@ -1,77 +1,300 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF2A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF2A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.17/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ + peer: DC1-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.19/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y + peer: DC1-SPINE2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.21/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y + peer: DC1-SPINE3 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet3 + shutdown: false + mtu: 1500 + ip_address: 172.31.255.23/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + ospf_authentication: message-digest + ospf_message_digest_keys: + - id: 1 + hash_algorithm: sha256 + key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk + peer: DC1-SPINE4 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF1A_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet2 + peer_type: l2leaf hostname: DC1-LEAF2B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.7/32 + ospf_area: 0.0.0.0 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 + ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.2 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '210' +prefix_lists: +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.2/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.7 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 10 ecmp: 10 updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - name: MLAG-IPv4-UNDERLAY-PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: DC1-LEAF2A + next_hop_self: true password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true neighbors: - ip_address: 192.168.255.1 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE1 description: DC1-SPINE1_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.2 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE2 description: DC1-SPINE2_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.3 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE3 description: DC1-SPINE3_Loopback0 - remote_as: '65001' - ip_address: 192.168.255.4 peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' peer: DC1-SPINE4 description: DC1-SPINE4_Loopback0 - remote_as: '65001' - vrfs: + vlan_aware_bundles: - name: Tenant_B_OP_Zone rd: 192.168.255.7:20 route_targets: - import: - - address_family: evpn + both: + - '20:20' + redistribute_routes: + - learned + vlan: '210' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + vrfs: + - name: Tenant_B_OP_Zone + rd: 192.168.255.7:20 + route_targets: + import: + - address_family: evpn route_targets: - '20:20' export: @@ -79,328 +302,107 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG-IPv4-UNDERLAY-PEER description: DC1-LEAF2A_Vlan3019 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_B_OP_Zone - rd: 192.168.255.7:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '210' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_ospf: + process_ids: + - id: 101 + passive_interface_default: true + router_id: 192.168.255.7 + bfd_enable: true + no_passive_interfaces: + - Ethernet1 + - Ethernet2 + - Ethernet3 + - Ethernet4 + - Vlan4093 + max_lsa: 12000 service_routing_protocols_model: multi-agent -ip_routing: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_B_OP_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_A -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ip_address: 10.255.251.3/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.3/31 + mtu: 1500 + no_autostate: true - name: Vlan210 - tenant: Tenant_A - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '210' - shutdown: false - mlag: 7 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF2A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF2A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.17/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.19/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet3 - shutdown: false mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.21/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ip_address: 172.31.255.23/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 - ospf_authentication: message-digest - ospf_message_digest_keys: - - id: 1 - hash_algorithm: sha256 - key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF1A_Ethernet2 - shutdown: false - channel_group: - id: 7 - mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.2 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.7/32 - ospf_area: 0.0.0.0 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.6/32 - ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 101 - passive_interface_default: true - router_id: 192.168.255.7 - max_lsa: 12000 - no_passive_interfaces: - - Ethernet1 - - Ethernet2 - - Ethernet3 - - Ethernet4 - - Vlan4093 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -prefix_lists: -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.2/31 + tenant: Tenant_A + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_A +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 210 @@ -408,5 +410,3 @@ vxlan_interface: vrfs: - name: Tenant_B_OP_Zone vni: 20 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml index cb1ff35ccc0..b9ee630b11c 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml @@ -1,78 +1,6 @@ -hostname: DC1-SPINE1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -80,69 +8,16 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.0/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -151,15 +26,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.8/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -168,15 +43,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.16/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -185,15 +60,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.24/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -202,15 +77,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.32/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -219,15 +94,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.40/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -236,15 +111,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.48/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -253,18 +128,134 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP + peer: DC1-BL1B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE1 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.1/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65001' + router_id: 192.168.255.1 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.1 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 @@ -273,11 +264,20 @@ router_ospf: - Ethernet5 - Ethernet6 - Ethernet7 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml index 4854bc2118c..3c71089c2ce 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml @@ -1,78 +1,6 @@ -hostname: DC1-SPINE2 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -80,69 +8,16 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.2/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -151,15 +26,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.10/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -168,15 +43,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.18/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -185,15 +60,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.26/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -202,15 +77,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.34/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -219,15 +94,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.42/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -236,15 +111,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.50/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -253,18 +128,134 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP + peer: DC1-BL1B + peer_interface: Ethernet2 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE2 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.2/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65001' + router_id: 192.168.255.2 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.2 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 @@ -273,11 +264,20 @@ router_ospf: - Ethernet5 - Ethernet6 - Ethernet7 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml index 532d6bb0720..1bb65a47e7e 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml @@ -1,78 +1,6 @@ -hostname: DC1-SPINE3 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -80,69 +8,16 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.4/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -151,15 +26,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.12/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -168,15 +43,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.20/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -185,15 +60,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.28/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -202,15 +77,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.36/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -219,15 +94,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.44/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -236,15 +111,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.52/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -253,18 +128,134 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP + peer: DC1-BL1B + peer_interface: Ethernet3 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE3 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.3/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65001' + router_id: 192.168.255.3 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.3 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 @@ -273,11 +264,20 @@ router_ospf: - Ethernet5 - Ethernet6 - Ethernet7 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml index 912236aff1e..ac04f6c8d85 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml @@ -1,78 +1,6 @@ -hostname: DC1-SPINE4 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -80,69 +8,16 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet4 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.6/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -151,15 +26,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.14/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -168,15 +43,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.22/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -185,15 +60,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.30/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -202,15 +77,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.38/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -219,15 +94,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.46/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -236,15 +111,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.54/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -253,18 +128,134 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: kguPGHyy/wCN0mKibi4dLRL4PmsrU4UP + peer: DC1-BL1B + peer_interface: Ethernet4 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE4 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.4/32 ospf_area: 0.0.0.0 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65001' + router_id: 192.168.255.4 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false router_ospf: process_ids: - id: 101 passive_interface_default: true router_id: 192.168.255.4 - max_lsa: 12000 + bfd_enable: true no_passive_interfaces: - Ethernet1 - Ethernet2 @@ -273,11 +264,20 @@ router_ospf: - Ethernet5 - Ethernet6 - Ethernet7 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -metadata: - platform: vEOS-LAB + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml index 5e0917fda7e..74d380f47e2 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml @@ -1,109 +1,6 @@ -hostname: DC1-SVC3A -is_deployed: true -router_bgp: - as: '65103' - router_id: 192.168.255.8 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65103' - next_hop_self: true - description: DC1-SVC3B - password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - vrfs: - - name: Tenant_B_OP_Zone - rd: 192.168.255.8:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.7 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: DC1-SVC3B_Vlan3019 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_B_OP_Zone - rd: 192.168.255.8:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '210' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -111,152 +8,34 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_B_OP_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_A -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.6/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 -- name: Vlan210 - tenant: Tenant_A - tags: - - opzone - description: Tenant_B_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.252.6/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '210' - shutdown: false - mlag: 7 ethernet_interfaces: - name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-SVC3B_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-SVC3B - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-SVC3B_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-SVC3B + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.25/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -265,15 +44,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.27/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -282,15 +61,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.29/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -299,15 +78,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet4 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.31/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -316,31 +95,49 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk + peer: DC1-SPINE4 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false - name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf description: L2_DC1-L2LEAF2A_Ethernet1 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B + peer: DC1-L2LEAF2A peer_interface: Ethernet1 peer_type: l2leaf +- name: Ethernet8 description: L2_DC1-L2LEAF2B_Ethernet1 shutdown: false channel_group: id: 7 mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.7 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +hostname: DC1-SVC3A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -352,35 +149,67 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.8/32 ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 101 - passive_interface_default: true - router_id: 192.168.255.8 - max_lsa: 12000 - no_passive_interfaces: - - Ethernet1 - - Ethernet2 - - Ethernet3 - - Ethernet4 - - Vlan4094 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.7 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '210' +prefix_lists: +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.252.6/31 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP-VRFS sequence_numbers: - sequence: 10 @@ -389,17 +218,190 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -prefix_lists: -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.252.6/31 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65103' + router_id: 192.168.255.8 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65103' + description: DC1-SVC3B + next_hop_self: true + password: vnEaG8gMeQf3d3cN6PktXQ== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + vlan_aware_bundles: + - name: Tenant_B_OP_Zone + rd: 192.168.255.8:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: '210' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + vrfs: + - name: Tenant_B_OP_Zone + rd: 192.168.255.8:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.8 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.7 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: DC1-SVC3B_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_ospf: + process_ids: + - id: 101 + passive_interface_default: true + router_id: 192.168.255.8 + bfd_enable: true + no_passive_interfaces: + - Ethernet1 + - Ethernet2 + - Ethernet3 + - Ethernet4 + - Vlan4094 + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.6/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 1500 + no_autostate: true +- name: Vlan210 + description: Tenant_B_OP_Zone_1 + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address: 10.255.252.6/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_A +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-SVC3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 210 @@ -407,5 +409,3 @@ vxlan_interface: vrfs: - name: Tenant_B_OP_Zone vni: 20 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml index 4b77d9d548f..a29b662b6ea 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_ospf_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml @@ -1,109 +1,6 @@ -hostname: DC1-SVC3B -is_deployed: true -router_bgp: - as: '65103' - router_id: 192.168.255.9 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 10 - ecmp: 10 - updates: - wait_install: true - peer_groups: - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - - name: MLAG-IPv4-UNDERLAY-PEER - type: ipv4 - remote_as: '65103' - next_hop_self: true - description: DC1-SVC3A - password: vnEaG8gMeQf3d3cN6PktXQ== - maximum_routes: 12000 - send_community: all - route_map_in: RM-MLAG-PEER-IN - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 180 - threshold: 30 - enabled: true - address_family_ipv4: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: false - - name: MLAG-IPv4-UNDERLAY-PEER - activate: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - vrfs: - - name: Tenant_B_OP_Zone - rd: 192.168.255.9:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbors: - - ip_address: 10.255.252.6 - peer_group: MLAG-IPv4-UNDERLAY-PEER - description: DC1-SVC3A_Vlan3019 - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_B_OP_Zone - rd: 192.168.255.9:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: '210' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ip_routing: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -111,152 +8,34 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: '4094' -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_B_OP_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_A -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.7/31 - ospf_network_point_to_point: true - ospf_area: 0.0.0.0 -- name: Vlan210 - tenant: Tenant_A - tags: - - opzone - description: Tenant_B_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.252.7/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: '210' - shutdown: false - mlag: 7 ethernet_interfaces: - name: Ethernet5 - peer: DC1-SVC3A - peer_interface: Ethernet5 - peer_type: mlag_peer description: MLAG_DC1-SVC3A_Ethernet5 shutdown: false channel_group: id: 5 mode: active -- name: Ethernet6 peer: DC1-SVC3A - peer_interface: Ethernet6 + peer_interface: Ethernet5 peer_type: mlag_peer +- name: Ethernet6 description: MLAG_DC1-SVC3A_Ethernet6 shutdown: false channel_group: id: 5 mode: active + peer: DC1-SVC3A + peer_interface: Ethernet6 + peer_type: mlag_peer - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.33/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -265,15 +44,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: /wCirdje6f59x/1Ev+Oe6xok2+5jD3M/ -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.35/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -282,15 +61,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.37/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -299,15 +78,15 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: 1/hPOHp0a3PkQCWZMV0yGy6bP8mYwQ5y -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet5 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet5 shutdown: false mtu: 1500 - switchport: - enabled: false ip_address: 172.31.255.39/31 ospf_network_point_to_point: true ospf_area: 0.0.0.0 @@ -316,31 +95,49 @@ ethernet_interfaces: - id: 1 hash_algorithm: sha256 key: QB0XEg/PJV6Y5HtvjDdiafrPx/g+JRKk + peer: DC1-SPINE4 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false - name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf description: L2_DC1-L2LEAF2A_Ethernet2 shutdown: false channel_group: id: 7 mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B + peer: DC1-L2LEAF2A peer_interface: Ethernet2 peer_type: l2leaf +- name: Ethernet8 description: L2_DC1-L2LEAF2B_Ethernet2 shutdown: false channel_group: id: 7 mode: active -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.6 - peer_link: Port-Channel5 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' + peer: DC1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf +hostname: DC1-SVC3B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -352,35 +149,67 @@ loopback_interfaces: shutdown: false ip_address: 192.168.254.8/32 ospf_area: 0.0.0.0 -router_ospf: - process_ids: - - id: 101 - passive_interface_default: true - router_id: 192.168.255.9 - max_lsa: 12000 - no_passive_interfaces: - - Ethernet1 - - Ethernet2 - - Ethernet3 - - Ethernet4 - - Vlan4094 - bfd_enable: true -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.6 + peer_link: Port-Channel5 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: '210' +prefix_lists: +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.252.6/31 route_maps: - name: RM-MLAG-PEER-IN sequence_numbers: - sequence: 10 type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing set: - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing - name: RM-CONN-2-BGP-VRFS sequence_numbers: - sequence: 10 @@ -389,17 +218,190 @@ route_maps: - ip address prefix-list PL-MLAG-PEER-VRFS - sequence: 20 type: permit -prefix_lists: -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.252.6/31 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 +router_bgp: + as: '65103' + router_id: 192.168.255.9 + maximum_paths: + paths: 10 + ecmp: 10 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + - name: MLAG-IPv4-UNDERLAY-PEER + type: ipv4 + remote_as: '65103' + description: DC1-SVC3A + next_hop_self: true + password: vnEaG8gMeQf3d3cN6PktXQ== + send_community: all + maximum_routes: 12000 + route_map_in: RM-MLAG-PEER-IN + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + vlan_aware_bundles: + - name: Tenant_B_OP_Zone + rd: 192.168.255.9:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: '210' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 180 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: false + - name: MLAG-IPv4-UNDERLAY-PEER + activate: true + vrfs: + - name: Tenant_B_OP_Zone + rd: 192.168.255.9:20 + route_targets: + import: + - address_family: evpn + route_targets: + - '20:20' + export: + - address_family: evpn + route_targets: + - '20:20' + router_id: 192.168.255.9 + updates: + wait_install: true + neighbors: + - ip_address: 10.255.252.6 + peer_group: MLAG-IPv4-UNDERLAY-PEER + description: DC1-SVC3A_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +router_ospf: + process_ids: + - id: 101 + passive_interface_default: true + router_id: 192.168.255.9 + bfd_enable: true + no_passive_interfaces: + - Ethernet1 + - Ethernet2 + - Ethernet3 + - Ethernet4 + - Vlan4094 + max_lsa: 12000 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.7/31 + ospf_network_point_to_point: true + ospf_area: 0.0.0.0 + mtu: 1500 + no_autostate: true +- name: Vlan210 + description: Tenant_B_OP_Zone_1 + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false + vrf: Tenant_B_OP_Zone + ip_address: 10.255.252.7/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_A +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-SVC3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 210 @@ -407,5 +409,3 @@ vxlan_interface: vrfs: - name: Tenant_B_OP_Zone vni: 20 -metadata: - platform: vEOS-LAB diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml index f2a778ab621..e809d60376c 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1A.yml @@ -1,111 +1,317 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet6 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE1 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet6 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE2 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet6 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE3 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet6 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet6 + peer_type: spine + switchport: + enabled: false +- name: Ethernet9 + description: P2P_DC1-BL1B_Ethernet9 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-BL1B + peer_interface: Ethernet9 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet10 + description: P2P_DC1-BL1B_Ethernet10 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-BL1B + peer_interface: Ethernet10 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet11 + description: P2P_outside-r1_other1 + shutdown: false + mtu: 1500 + ip_address: 10.23.23.1/30 + peer: outside-r1 + peer_interface: other1 + peer_type: other + switchport: + enabled: false +- name: Ethernet4000 + description: My test + shutdown: false + mtu: 1500 + ip_address: 10.1.2.3/12 + peer: MY-own-peer + peer_interface: Ethernet123 + peer_type: my_precious + switchport: + enabled: false hostname: DC1-BL1A +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.10/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.10/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.110/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ip next-hop 123.1.1.1 +- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ipv6 next-hop fd5a:fe45:8831:06c5::1 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65104' router_id: 192.168.255.10 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + - ip_address: 10.23.23.2 + peer_group: UNDERLAY_PEERS + remote_as: '64900' + peer: outside-r1 + description: outside-r1 neighbor_interfaces: - name: Ethernet1 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS description: DC1-SPINE1_Ethernet6 - name: Ethernet2 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS description: DC1-SPINE2_Ethernet6 - name: Ethernet3 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS description: DC1-SPINE3_Ethernet6 - name: Ethernet4 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS description: DC1-SPINE4_Ethernet6 - name: Ethernet9 remote_as: '65105' peer: DC1-BL1B - description: DC1-BL1B peer_group: UNDERLAY_PEERS + description: DC1-BL1B - name: Ethernet10 remote_as: '65105' peer: DC1-BL1B - description: DC1-BL1B peer_group: UNDERLAY_PEERS - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 + description: DC1-BL1B + redistribute: + connected: enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - - ip_address: 10.23.23.2 - remote_as: '64900' - peer: outside-r1 - description: outside-r1 - peer_group: UNDERLAY_PEERS + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.10:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.10:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.255.10:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_WAN_Zone rd: 192.168.255.10:14 @@ -119,41 +325,41 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.10 - redistribute: - connected: - enabled: true - static: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 123.1.1.10 - activate: true + updates: + wait_install: true neighbors: - ip_address: 123.1.1.10 remote_as: '1234' + local_as: '123' description: External IPv4 BGP peer + ebgp_multihop: 3 send_community: standard extended maximum_routes: 0 default_originate: always: false route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT update_source: Loopback123 - ebgp_multihop: 3 - local_as: '123' route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - ip_address: fd5a:fe45:8831:06c5::a remote_as: '12345' route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - ip_address: fd5a:fe45:8831:06c5::b remote_as: '12345' + redistribute: + connected: + enabled: true + static: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 123.1.1.10 + activate: true address_family_ipv6: neighbors: - ip_address: fd5a:fe45:8831:06c5::a activate: true - ip_address: fd5a:fe45:8831:06c5::b activate: true - updates: - wait_install: true - name: Tenant_B_WAN_Zone rd: 192.168.255.10:21 route_targets: @@ -184,240 +390,60 @@ router_bgp: redistribute: connected: enabled: true - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.10:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.10:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.255.10:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.4.0/24 - gateway: 1.2.3.4 - vrf: Tenant_A_WAN_Zone +router_general: + vrfs: + - name: Tenant_B_OP_Zone + leak_routes: + - source_vrf: Tenant_A_OP_Zone + subscribe_policy: RM-CONN-2-BGP + - source_vrf: Tenant_C_OP_Zone + subscribe_policy: RM-CONN-2-BGP service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.110/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.4.0/24 + gateway: 1.2.3.4 tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet6 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet6 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet9 - peer: DC1-BL1B - peer_interface: Ethernet9 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ipv6_enable: true - description: P2P_DC1-BL1B_Ethernet9 -- name: Ethernet10 - peer: DC1-BL1B - peer_interface: Ethernet10 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ipv6_enable: true - description: P2P_DC1-BL1B_Ethernet10 -- name: Ethernet11 - peer: outside-r1 - peer_interface: other1 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.23.23.1/30 - description: P2P_outside-r1_other1 -- name: Ethernet4000 - description: My test +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - mtu: 1500 - ip_address: 10.1.2.3/12 - peer: MY-own-peer - peer_interface: Ethernet123 - peer_type: my_precious - switchport: - enabled: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address: 192.168.255.10/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.10/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ip next-hop 123.1.1.1 -- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ipv6 next-hop fd5a:fe45:8831:06c5::1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 150 name: Tenant_A_WAN_Zone_1 @@ -428,40 +454,24 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan150 +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_WAN_Zone + ip_routing: true tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan250 +- name: Tenant_B_WAN_Zone + ip_routing: true tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan350 +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone vxlan_interface: vxlan1: description: DC1-BL1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -476,13 +486,3 @@ vxlan_interface: vni: 21 - name: Tenant_C_WAN_Zone vni: 31 -metadata: - platform: 7280R -router_general: - vrfs: - - name: Tenant_B_OP_Zone - leak_routes: - - source_vrf: Tenant_A_OP_Zone - subscribe_policy: RM-CONN-2-BGP - - source_vrf: Tenant_C_OP_Zone - subscribe_policy: RM-CONN-2-BGP diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml index fb10bce51b7..4a2b6584e28 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-BL1B.yml @@ -1,111 +1,318 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet7 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE1 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet7 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE2 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet7 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE3 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet7 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet7 + peer_type: spine + switchport: + enabled: false +- name: Ethernet9 + description: P2P_DC1-BL1A_Ethernet9 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-BL1A + peer_interface: Ethernet9 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet10 + description: P2P_DC1-BL1A_Ethernet10 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-BL1A + peer_interface: Ethernet10 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet11 + description: P2P_outside-r1_other2 + shutdown: false + mtu: 1500 + ip_address: 10.23.23.5/30 + ipv6_enable: true + peer: outside-r1 + peer_interface: other2 + peer_type: other + switchport: + enabled: false +- name: Ethernet4000 + description: My test + shutdown: false + mtu: 1500 + ip_address: 10.1.2.3/12 + peer: MY-own-peer + peer_interface: Ethernet123 + peer_type: my_precious + switchport: + enabled: false hostname: DC1-BL1B +ip_igmp_snooping: + globally_enabled: true +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.11/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.11/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.111/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ip next-hop 123.1.1.1 +- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT + sequence_numbers: + - sequence: 10 + type: permit + set: + - ipv6 next-hop fd5a:fe45:8831:06c5::1 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65105' router_id: 192.168.255.11 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + - ip_address: 10.23.23.6 + peer_group: UNDERLAY_PEERS + remote_as: '64900' + peer: outside-r1 + description: outside-r1 neighbor_interfaces: - name: Ethernet1 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS description: DC1-SPINE1_Ethernet7 - name: Ethernet2 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS description: DC1-SPINE2_Ethernet7 - name: Ethernet3 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS description: DC1-SPINE3_Ethernet7 - name: Ethernet4 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS description: DC1-SPINE4_Ethernet7 - name: Ethernet9 remote_as: '65104' peer: DC1-BL1A - description: DC1-BL1A peer_group: UNDERLAY_PEERS + description: DC1-BL1A - name: Ethernet10 remote_as: '65104' peer: DC1-BL1A - description: DC1-BL1A - peer_group: UNDERLAY_PEERS - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - - ip_address: 10.23.23.6 - remote_as: '64900' - peer: outside-r1 - description: outside-r1 peer_group: UNDERLAY_PEERS + description: DC1-BL1A + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_WAN_Zone + rd: 192.168.255.11:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_B_WAN_Zone + rd: 192.168.255.11:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_WAN_Zone + rd: 192.168.255.11:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_WAN_Zone rd: 192.168.255.11:14 @@ -119,41 +326,41 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.11 - redistribute: - connected: - enabled: true - static: - enabled: true - address_family_ipv4: - neighbors: - - ip_address: 123.1.1.10 - activate: true + updates: + wait_install: true neighbors: - ip_address: 123.1.1.10 remote_as: '1234' + local_as: '123' description: External IPv4 BGP peer + ebgp_multihop: 3 send_community: standard extended maximum_routes: 0 default_originate: always: false route_map: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT update_source: Loopback123 - ebgp_multihop: 3 - local_as: '123' route_map_out: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - ip_address: fd5a:fe45:8831:06c5::a remote_as: '12345' route_map_out: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - ip_address: fd5a:fe45:8831:06c5::b remote_as: '12345' + redistribute: + connected: + enabled: true + static: + enabled: true + address_family_ipv4: + neighbors: + - ip_address: 123.1.1.10 + activate: true address_family_ipv6: neighbors: - ip_address: fd5a:fe45:8831:06c5::a activate: true - ip_address: fd5a:fe45:8831:06c5::b activate: true - updates: - wait_install: true - name: Tenant_B_WAN_Zone rd: 192.168.255.11:21 route_targets: @@ -184,241 +391,52 @@ router_bgp: redistribute: connected: enabled: true - vlan_aware_bundles: - - name: Tenant_A_WAN_Zone - rd: 192.168.255.11:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_B_WAN_Zone - rd: 192.168.255.11:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_WAN_Zone - rd: 192.168.255.11:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -- destination_address_prefix: 10.3.4.0/24 - gateway: 1.2.3.4 - vrf: Tenant_A_WAN_Zone service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.111/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob +- vrf: Tenant_A_WAN_Zone + destination_address_prefix: 10.3.4.0/24 + gateway: 1.2.3.4 tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet7 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet7 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet9 - peer: DC1-BL1A - peer_interface: Ethernet9 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ipv6_enable: true - description: P2P_DC1-BL1A_Ethernet9 -- name: Ethernet10 - peer: DC1-BL1A - peer_interface: Ethernet10 - peer_type: l3leaf - switchport: - enabled: false - shutdown: false - mtu: 1500 - ipv6_enable: true - description: P2P_DC1-BL1A_Ethernet10 -- name: Ethernet11 - peer: outside-r1 - peer_interface: other2 - peer_type: other - switchport: - enabled: false - shutdown: false - mtu: 1500 - ip_address: 10.23.23.5/30 - ipv6_enable: true - description: P2P_outside-r1_other2 -- name: Ethernet4000 - description: My test +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - mtu: 1500 - ip_address: 10.1.2.3/12 - peer: MY-own-peer - peer_interface: Ethernet123 - peer_type: my_precious - switchport: - enabled: false -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - ip_address: 192.168.255.11/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.11/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -route_maps: -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-Tenant_A_WAN_Zone-123.1.1.10-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ip next-hop 123.1.1.1 -- name: RM-Tenant_A_WAN_Zone-fd5a:fe45:8831:06c5::a-SET-NEXT-HOP-OUT - sequence_numbers: - - sequence: 10 - type: permit - set: - - ipv6 next-hop fd5a:fe45:8831:06c5::1 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 150 name: Tenant_A_WAN_Zone_1 @@ -429,40 +447,24 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -ip_igmp_snooping: - globally_enabled: true -ip_virtual_router_mac_address: 00:dc:00:00:00:0a -vlan_interfaces: -- name: Vlan150 +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_WAN_Zone + ip_routing: true tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan250 +- name: Tenant_B_WAN_Zone + ip_routing: true tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan350 +- name: Tenant_C_WAN_Zone + ip_routing: true tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone vxlan_interface: vxlan1: description: DC1-BL1B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 150 vni: 10150 @@ -477,5 +479,3 @@ vxlan_interface: vni: 21 - name: Tenant_C_WAN_Zone vni: 31 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml index 33379232e46..adbe77efe50 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF1A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF1A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,30 +8,42 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: L2_DC1-LEAF2A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-LEAF2B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 +is_deployed: true local_users: - name: admin privilege: 15 @@ -45,57 +53,53 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.112/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF2A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-LEAF2B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-LEAF2B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active + vrf: MGMT port_channel_interfaces: - name: Port-Channel1 description: L2_DC1_LEAF2_Port-Channel7 + shutdown: false switchport: enabled: true mode: trunk trunk: allowed_vlan: 110-111,120-121,130-131,160-161 - shutdown: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 130 name: Tenant_A_APP_Zone_1 @@ -121,10 +125,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml index 1489f116b9f..d778f7704d8 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2A.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2A -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,60 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2B_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2B_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet7 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet7 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet7 + peer_type: l3leaf +hostname: DC1-L2LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,35 +71,88 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.113/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.17 + peer_address_heartbeat: + peer_ip: 192.168.200.114 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF2B_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.16/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -126,84 +204,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.16/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF2B_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_DC1_SVC3_Port-Channel7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2B - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2B - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2B_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet7 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet7 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.17 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.200.114 - vrf: MGMT - dual_primary_detection_delay: 5 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml index 903f43c86f7..6ea528d03ac 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-L2LEAF2B.yml @@ -1,10 +1,6 @@ -hostname: DC1-L2LEAF2B -is_deployed: true -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -12,31 +8,60 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet3 + description: MLAG_DC1-L2LEAF2A_Ethernet3 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet3 + peer_type: mlag_peer +- name: Ethernet4 + description: MLAG_DC1-L2LEAF2A_Ethernet4 + shutdown: false + channel_group: + id: 3 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet4 + peer_type: mlag_peer +- name: Ethernet1 + description: L2_DC1-SVC3A_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet8 + peer_type: l3leaf +- name: Ethernet2 + description: L2_DC1-SVC3B_Ethernet8 + shutdown: false + channel_group: + id: 1 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet8 + peer_type: l3leaf +hostname: DC1-L2LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 16384 - no_spanning_tree_vlan: '4094' +is_deployed: true local_users: - name: admin privilege: 15 @@ -46,35 +71,88 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.114/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: vEOS-LAB +mlag_configuration: + domain_id: DC1_L2LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.16 + peer_address_heartbeat: + peer_ip: 192.168.200.113 + vrf: MGMT + dual_primary_detection_delay: 5 + peer_link: Port-Channel3 + reload_delay_mlag: '300' + reload_delay_non_mlag: '330' ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true + vrf: MGMT +port_channel_interfaces: +- name: Port-Channel3 + description: MLAG_DC1-L2LEAF2A_Port-Channel3 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel1 + description: L2_DC1_SVC3_Port-Channel7 + shutdown: false + mlag: 1 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 16384 + no_spanning_tree_vlan: '4094' +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_interfaces: +- name: Vlan4094 + description: MLAG + shutdown: false + ip_address: 10.255.252.17/31 + mtu: 1500 + no_autostate: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 vlans: - id: 4094 - tenant: system name: MLAG trunk_groups: - MLAG + tenant: system - id: 130 name: Tenant_A_APP_Zone_1 tenant: Tenant_A @@ -126,84 +204,6 @@ vlans: - id: 350 name: Tenant_C_WAN_Zone_1 tenant: Tenant_C -vlan_interfaces: -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.17/31 -port_channel_interfaces: -- name: Port-Channel3 - description: MLAG_DC1-L2LEAF2A_Port-Channel3 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel1 - description: L2_DC1_SVC3_Port-Channel7 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 1 -ethernet_interfaces: -- name: Ethernet3 - peer: DC1-L2LEAF2A - peer_interface: Ethernet3 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet3 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet4 - peer: DC1-L2LEAF2A - peer_interface: Ethernet4 - peer_type: mlag_peer - description: MLAG_DC1-L2LEAF2A_Ethernet4 - shutdown: false - channel_group: - id: 3 - mode: active -- name: Ethernet1 - peer: DC1-SVC3A - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3A_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -- name: Ethernet2 - peer: DC1-SVC3B - peer_interface: Ethernet8 - peer_type: l3leaf - description: L2_DC1-SVC3B_Ethernet8 - shutdown: false - channel_group: - id: 1 - mode: active -mlag_configuration: - domain_id: DC1_L2LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.16 - peer_link: Port-Channel3 - reload_delay_mlag: '300' - reload_delay_non_mlag: '330' - peer_address_heartbeat: - peer_ip: 192.168.200.113 - vrf: MGMT - dual_primary_detection_delay: 5 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -metadata: - platform: vEOS-LAB +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml index b6470b16e8e..38e722c15b2 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF1A.yml @@ -1,151 +1,6 @@ -hostname: DC1-LEAF1A -is_deployed: true -router_bgp: - as: '65101' - router_id: 192.168.255.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE1 - description: DC1-SPINE1_Ethernet1 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE2 - description: DC1-SPINE2_Ethernet1 - - name: Ethernet3 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE3 - description: DC1-SPINE3_Ethernet1 - - name: Ethernet4 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE4 - description: DC1-SPINE4_Ethernet1 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' - vrfs: - - name: Tenant_A_APP_Zone - rd: 192.168.255.5:12 - route_targets: - import: - - address_family: evpn - route_targets: - - '12:12' - export: - - address_family: evpn - route_targets: - - '12:12' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - - name: Tenant_A_WEB_Zone - rd: 192.168.255.5:11 - route_targets: - import: - - address_family: evpn - route_targets: - - '11:11' - export: - - address_family: evpn - route_targets: - - '11:11' - router_id: 192.168.255.5 - redistribute: - connected: - enabled: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.5:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.5:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -153,130 +8,55 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet1 - peer_type: spine description: P2P_DC1-SPINE1_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 + peer: DC1-SPINE1 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-SPINE2_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 + peer: DC1-SPINE2 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-SPINE3_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 + peer: DC1-SPINE3 peer_interface: Ethernet1 peer_type: spine + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SPINE4_Ethernet1 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet1 + peer_type: spine switchport: enabled: false - ipv6_enable: true - name: Ethernet6 - peer: server02_SINGLE_NODE_TRUNK - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY description: SERVER_server02_SINGLE_NODE_TRUNK_Eth1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' storm_control: all: level: '10' @@ -290,17 +70,53 @@ ethernet_interfaces: unknown_unicast: level: '2' unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server02_SINGLE_NODE_TRUNK + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 - name: Ethernet7 + description: SERVER_server02_SINGLE_NODE_Eth1 + shutdown: false peer: server02_SINGLE_NODE peer_interface: Eth1 peer_type: server port_profile: TENANT_A - description: SERVER_server02_SINGLE_NODE_Eth1 - shutdown: false switchport: enabled: true mode: access access_vlan: 110 +hostname: DC1-LEAF1A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID @@ -310,6 +126,32 @@ loopback_interfaces: description: VXLAN_TUNNEL_SOURCE shutdown: false ip_address: 192.168.254.5/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -329,71 +171,231 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -vlans: -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a +router_bgp: + as: '65101' + router_id: 192.168.255.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65001' + peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE1_Ethernet1 + - name: Ethernet2 + remote_as: '65001' + peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE2_Ethernet1 + - name: Ethernet3 + remote_as: '65001' + peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE3_Ethernet1 + - name: Ethernet4 + remote_as: '65001' + peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE4_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.5:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.5:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false + vrfs: + - name: Tenant_A_APP_Zone + rd: 192.168.255.5:12 + route_targets: + import: + - address_family: evpn + route_targets: + - '12:12' + export: + - address_family: evpn + route_targets: + - '12:12' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true + - name: Tenant_A_WEB_Zone + rd: 192.168.255.5:11 + route_targets: + import: + - address_family: evpn + route_targets: + - '11:11' + export: + - address_family: evpn + route_targets: + - '11:11' + router_id: 192.168.255.5 + redistribute: + connected: + enabled: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true vlan_interfaces: - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan120 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - web - - erp1 + - app +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A vxlan_interface: vxlan1: description: DC1-LEAF1A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 vlans: - id: 130 vni: 10130 @@ -408,5 +410,3 @@ vxlan_interface: vni: 12 - name: Tenant_A_WEB_Zone vni: 11 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml index 6ba483aba93..3177aedf2df 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2A.yml @@ -1,116 +1,446 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF2B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF2B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet2 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE1 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet2 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE2 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet2 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE3 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet2 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF1A_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet10 + description: SERVER_server01_MLAG_Eth2 + shutdown: false + channel_group: + id: 10 + mode: active + peer: server01_MLAG + peer_interface: Eth2 + peer_type: server + port_profile: TENANT_B +- name: Ethernet11 + description: SERVER_server01_MTU_PROFILE_MLAG_Eth4 + shutdown: false + channel_group: + id: 11 + mode: active + peer: server01_MTU_PROFILE_MLAG + peer_interface: Eth4 + peer_type: server + port_profile: TENANT_A_MTU +- name: Ethernet12 + description: SERVER_server01_MTU_ADAPTOR_MLAG_Eth6 + shutdown: false + channel_group: + id: 12 + mode: active + peer: server01_MTU_ADAPTOR_MLAG + peer_interface: Eth6 + peer_type: server hostname: DC1-LEAF2A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.6/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.3 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,160-161 +- name: Port-Channel10 + description: PortChanne1 + shutdown: false + mlag: 10 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 210-211 +- name: Port-Channel11 + description: PortChanne1 + shutdown: false + mtu: 1600 + mlag: 11 + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Port-Channel12 + description: PortChanne1 + shutdown: false + mtu: 1601 + mlag: 12 + switchport: + enabled: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.2/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.6 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: DC1-LEAF2B + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG_PEER - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 neighbor_interfaces: - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-LEAF2B remote_as: '65102' + peer: DC1-LEAF2B + peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan4093 - name: Ethernet1 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS description: DC1-SPINE1_Ethernet2 - name: Ethernet2 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS description: DC1-SPINE2_Ethernet2 - name: Ethernet3 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS description: DC1-SPINE3_Ethernet2 - name: Ethernet4 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS description: DC1-SPINE4_Ethernet2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.6:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.6:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.6:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.6:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.6:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.6:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.6:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.6:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 20 threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' + address_family_ipv4: + peer_groups: + - name: MLAG_PEER + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.6:12 @@ -124,22 +454,22 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.3 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_A_DB_Zone rd: 192.168.255.6:13 route_targets: @@ -152,22 +482,22 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.3 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_A_OP_Zone rd: 192.168.255.6:10 route_targets: @@ -180,22 +510,22 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.3 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_A_WEB_Zone rd: 192.168.255.6:11 route_targets: @@ -208,22 +538,22 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.3 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_B_OP_Zone rd: 192.168.255.6:20 route_targets: @@ -236,22 +566,22 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.3 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_C_OP_Zone rd: 192.168.255.6:30 route_targets: @@ -264,647 +594,322 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.6 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.3 peer_group: MLAG_PEER description: DC1-LEAF2B_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.3 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.6:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.6:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.6:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.6:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.6:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.6:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.6:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.6:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.6 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.2/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.2/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_WEB_Zone - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ip_address: 10.255.251.2/31 -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.251.2/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.2/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,160-161 - shutdown: false - mlag: 7 -- name: Port-Channel10 - description: PortChanne1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 210-211 - mlag: 10 -- name: Port-Channel11 - description: PortChanne1 - shutdown: false - mtu: 1600 - switchport: - enabled: true - mode: access - access_vlan: 110 - mlag: 11 -- name: Port-Channel12 - description: PortChanne1 - shutdown: false - mtu: 1601 - switchport: - enabled: true - mlag: 12 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF2B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF2B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet2 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF1A_Ethernet1 + - web +- name: Vlan3010 + description: MLAG_L3_VRF_Tenant_A_WEB_Zone shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet10 - peer: server01_MLAG - peer_interface: Eth2 - peer_type: server - port_profile: TENANT_B - description: SERVER_server01_MLAG_Eth2 + vrf: Tenant_A_WEB_Zone + ip_address: 10.255.251.2/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet11 - peer: server01_MTU_PROFILE_MLAG - peer_interface: Eth4 - peer_type: server - port_profile: TENANT_A_MTU - description: SERVER_server01_MTU_PROFILE_MLAG_Eth4 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 shutdown: false - channel_group: - id: 11 - mode: active -- name: Ethernet12 - peer: server01_MTU_ADAPTOR_MLAG - peer_interface: Eth6 - peer_type: server - description: SERVER_server01_MTU_ADAPTOR_MLAG_Eth6 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone shutdown: false - channel_group: - id: 12 - mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.3 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_B_OP_Zone + ip_address: 10.255.251.2/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 shutdown: false - ip_address: 192.168.255.6/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - ip_address: 192.168.254.6/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: MLAG_L3_VRF_Tenant_C_OP_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.6/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.2/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.2/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF2A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -948,8 +953,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.6 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml index 2ae9db4a3cc..4053e17158b 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF2B.yml @@ -1,116 +1,446 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF2A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF2A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF2A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet3 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE1 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet3 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE2 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet3 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE3 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet3 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF1A_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF1A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet10 + description: SERVER_server01_MLAG_Eth3 + shutdown: false + channel_group: + id: 10 + mode: active + peer: server01_MLAG + peer_interface: Eth3 + peer_type: server + port_profile: TENANT_B +- name: Ethernet11 + description: SERVER_server01_MTU_PROFILE_MLAG_Eth5 + shutdown: false + channel_group: + id: 11 + mode: active + peer: server01_MTU_PROFILE_MLAG + peer_interface: Eth5 + peer_type: server + port_profile: TENANT_A_MTU +- name: Ethernet12 + description: SERVER_server01_MTU_ADAPTOR_MLAG_Eth7 + shutdown: false + channel_group: + id: 12 + mode: active + peer: server01_MTU_ADAPTOR_MLAG + peer_interface: Eth7 + peer_type: server hostname: DC1-LEAF2B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.7/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.6/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.7/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_LEAF2 + local_interface: Vlan4094 + peer_address: 10.255.252.2 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF2A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1-L2LEAF1A_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,160-161 +- name: Port-Channel10 + description: PortChanne1 + shutdown: false + mlag: 10 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 210-211 +- name: Port-Channel11 + description: PortChanne1 + shutdown: false + mtu: 1600 + mlag: 11 + switchport: + enabled: true + mode: access + access_vlan: 110 +- name: Port-Channel12 + description: PortChanne1 + shutdown: false + mtu: 1601 + mlag: 12 + switchport: + enabled: true +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +- name: PL-MLAG-PEER-VRFS + sequence_numbers: + - sequence: 10 + action: permit 10.255.251.2/31 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +- name: RM-CONN-2-BGP-VRFS + sequence_numbers: + - sequence: 10 + type: deny + match: + - ip address prefix-list PL-MLAG-PEER-VRFS + - sequence: 20 + type: permit +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65102' router_id: 192.168.255.7 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65102' - next_hop_self: true description: DC1-LEAF2A + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG_PEER - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 neighbor_interfaces: - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-LEAF2A remote_as: '65102' + peer: DC1-LEAF2A + peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan4093 - name: Ethernet1 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS description: DC1-SPINE1_Ethernet3 - name: Ethernet2 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS description: DC1-SPINE2_Ethernet3 - name: Ethernet3 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS description: DC1-SPINE3_Ethernet3 - name: Ethernet4 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS description: DC1-SPINE4_Ethernet3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.7:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.7:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.7:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.7:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.7:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.7:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.7:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.7:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 20 threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' + address_family_ipv4: + peer_groups: + - name: MLAG_PEER + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.7:12 @@ -124,22 +454,22 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.2 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_A_DB_Zone rd: 192.168.255.7:13 route_targets: @@ -152,22 +482,22 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.2 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_A_OP_Zone rd: 192.168.255.7:10 route_targets: @@ -180,22 +510,22 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.2 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_A_WEB_Zone rd: 192.168.255.7:11 route_targets: @@ -208,22 +538,22 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.2 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_B_OP_Zone rd: 192.168.255.7:20 route_targets: @@ -236,22 +566,22 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.2 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - name: Tenant_C_OP_Zone rd: 192.168.255.7:30 route_targets: @@ -264,647 +594,322 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.7 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS + updates: + wait_install: true neighbors: - ip_address: 10.255.251.2 peer_group: MLAG_PEER description: DC1-LEAF2A_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS address_family_ipv4: neighbors: - ip_address: 10.255.251.2 next_hop: address_family_ipv6: enabled: false - updates: - wait_install: true - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.7:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.7:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.7:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.7:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.7:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.7:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.7:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.7:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 - gateway: 192.168.200.5 - type: oob -tcam_profile: - system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +tcam_profile: + system: vxlan-routing +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.7 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.3/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ip_address: 10.255.251.3/31 -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_WEB_Zone - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ip_address: 10.255.251.3/31 -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 - ip_address: 10.255.251.3/31 -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ip_address: 10.255.251.3/31 -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF2A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1-L2LEAF1A_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,160-161 - shutdown: false - mlag: 7 -- name: Port-Channel10 - description: PortChanne1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 210-211 - mlag: 10 -- name: Port-Channel11 - description: PortChanne1 - shutdown: false - mtu: 1600 - switchport: - enabled: true - mode: access - access_vlan: 110 - mlag: 11 -- name: Port-Channel12 - description: PortChanne1 - shutdown: false - mtu: 1601 - switchport: - enabled: true - mlag: 12 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF2A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF2A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF2A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet3 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet7 - peer: DC1-L2LEAF1A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF1A_Ethernet2 + - web +- name: Vlan3010 + description: MLAG_L3_VRF_Tenant_A_WEB_Zone shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet10 - peer: server01_MLAG - peer_interface: Eth3 - peer_type: server - port_profile: TENANT_B - description: SERVER_server01_MLAG_Eth3 + vrf: Tenant_A_WEB_Zone + ip_address: 10.255.251.3/31 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet11 - peer: server01_MTU_PROFILE_MLAG - peer_interface: Eth5 - peer_type: server - port_profile: TENANT_A_MTU - description: SERVER_server01_MTU_PROFILE_MLAG_Eth5 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 shutdown: false - channel_group: - id: 11 - mode: active -- name: Ethernet12 - peer: server01_MTU_ADAPTOR_MLAG - peer_interface: Eth7 - peer_type: server - description: SERVER_server01_MTU_ADAPTOR_MLAG_Eth7 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone shutdown: false - channel_group: - id: 12 - mode: active -mlag_configuration: - domain_id: DC1_LEAF2 - local_interface: Vlan4094 - peer_address: 10.255.252.2 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -- name: RM-CONN-2-BGP-VRFS - sequence_numbers: - - sequence: 10 - type: deny - match: - - ip address prefix-list PL-MLAG-PEER-VRFS - - sequence: 20 - type: permit -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_B_OP_Zone + ip_address: 10.255.251.3/31 + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 shutdown: false - ip_address: 192.168.255.7/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - ip_address: 192.168.254.6/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: MLAG_L3_VRF_Tenant_C_OP_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.7/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -- name: PL-MLAG-PEER-VRFS - sequence_numbers: - - sequence: 10 - action: permit 10.255.251.2/31 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_OP_Zone + ip_address: 10.255.251.3/31 + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ip_routing: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ip_routing: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ip_routing: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF2B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -948,8 +953,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.7 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3A.yml index 2b96fe10ced..7852b243542 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3A.yml @@ -1,51 +1,311 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF3B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF3B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF3B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF3B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE5_Ethernet1 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE5 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE5_Ethernet3 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE5 + peer_interface: Ethernet3 + peer_type: spine + switchport: + enabled: false hostname: DC1-LEAF3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2001:1::/64 eq 128 +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.12/32 + ipv6_address: 2001:1::c/128 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.12/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.12/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_LEAF3 + local_interface: Vlan4094 + peer_address: 10.255.252.15 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF3B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 30 + type: permit + match: + - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65106' router_id: 192.168.255.12 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65106' - next_hop_self: true description: DC1-LEAF3B + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv6: - peer_groups: - - name: MLAG_PEER - activate: true - - name: UNDERLAY_PEERS + neighbors: + - ip_address: 2001:1::5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE5 + description: DC1-SPINE5_Loopback0 + neighbor_interfaces: + - name: Vlan4093 + remote_as: '65106' + peer: DC1-LEAF3B + peer_group: MLAG_PEER + description: DC1-LEAF3B_Vlan4093 + - name: Ethernet1 + remote_as: '65001' + peer: DC1-SPINE5 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE5_Ethernet1 + - name: Ethernet2 + remote_as: '65001' + peer: DC1-SPINE5 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE5_Ethernet3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.12:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.12:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.12:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.12:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.12:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.12:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.12:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.12:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 address_family_ipv4: peer_groups: - name: MLAG_PEER @@ -62,36 +322,12 @@ router_bgp: originate: true - name: EVPN-OVERLAY-PEERS activate: false - neighbor_interfaces: - - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-LEAF3B - remote_as: '65106' - description: DC1-LEAF3B_Vlan4093 - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE5 - description: DC1-SPINE5_Ethernet1 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE5 - description: DC1-SPINE5_Ethernet3 - address_family_evpn: + address_family_ipv6: peer_groups: - - name: EVPN-OVERLAY-PEERS + - name: MLAG_PEER + activate: true + - name: UNDERLAY_PEERS activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 - enabled: true - neighbors: - - ip_address: 2001:1::5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE5 - description: DC1-SPINE5_Loopback0 - remote_as: '65001' vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.12:12 @@ -105,15 +341,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3011 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3B_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.12:13 route_targets: @@ -126,15 +362,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3012 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3B_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.12:10 route_targets: @@ -147,15 +383,15 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3009 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3B_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.12:11 route_targets: @@ -168,594 +404,363 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3010 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3B_Vlan3010 - - name: Tenant_B_OP_Zone - rd: 192.168.255.12:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.12 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan3019 - peer_group: MLAG_PEER - remote_as: '65106' - description: DC1-LEAF3B_Vlan3019 - - name: Tenant_C_OP_Zone - rd: 192.168.255.12:30 + - name: Tenant_B_OP_Zone + rd: 192.168.255.12:20 route_targets: import: - address_family: evpn route_targets: - - '30:30' + - '20:20' export: - address_family: evpn route_targets: - - '30:30' - router_id: 192.168.255.12 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan2 - peer_group: MLAG_PEER - remote_as: '65106' - description: DC1-LEAF3B_Vlan2 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.12:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.12:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.12:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.12:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.12:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.12:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.12:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.12:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 + - '20:20' + router_id: 192.168.255.12 + neighbor_interfaces: + - name: Vlan3019 + remote_as: '65106' + peer_group: MLAG_PEER + description: DC1-LEAF3B_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_OP_Zone + rd: 192.168.255.12:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.12 + neighbor_interfaces: + - name: Vlan2 + remote_as: '65106' + peer_group: MLAG_PEER + description: DC1-LEAF3B_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.12 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.14/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan310 - tenant: Tenant_C - tags: - - opzone description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan2 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan2 description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ipv6_enable: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF3B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF3B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF3B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF3B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF3B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE5 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC1-SPINE5_Ethernet1 shutdown: false - mtu: 1500 - switchport: - enabled: false + vrf: Tenant_C_OP_Zone ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE5 - peer_interface: Ethernet3 - peer_type: spine - description: P2P_DC1-SPINE5_Ethernet3 - shutdown: false mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -mlag_configuration: - domain_id: DC1_LEAF3 - local_interface: Vlan4094 - peer_address: 10.255.252.15 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 30 - type: permit - match: - - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.12/32 - ipv6_address: 2001:1::c/128 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.12/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.12/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2001:1::/64 eq 128 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -799,8 +804,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.12 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3B.yml index d597c26610f..92c75a16599 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF3B.yml @@ -1,51 +1,311 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF3A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF3A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF3A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF3A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE5_Ethernet2 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE5 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE5_Ethernet4 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE5 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false hostname: DC1-LEAF3B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2001:1::/64 eq 128 +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.13/32 + ipv6_address: 2001:1::d/128 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.12/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.13/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_LEAF3 + local_interface: Vlan4094 + peer_address: 10.255.252.14 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF3A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 30 + type: permit + match: + - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65106' router_id: 192.168.255.13 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65106' - next_hop_self: true description: DC1-LEAF3A + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv6: - peer_groups: - - name: MLAG_PEER - activate: true - - name: UNDERLAY_PEERS + neighbors: + - ip_address: 2001:1::5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE5 + description: DC1-SPINE5_Loopback0 + neighbor_interfaces: + - name: Vlan4093 + remote_as: '65106' + peer: DC1-LEAF3A + peer_group: MLAG_PEER + description: DC1-LEAF3A_Vlan4093 + - name: Ethernet1 + remote_as: '65001' + peer: DC1-SPINE5 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE5_Ethernet2 + - name: Ethernet2 + remote_as: '65001' + peer: DC1-SPINE5 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE5_Ethernet4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.13:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.13:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.13:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.13:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.13:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.13:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.13:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.13:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 address_family_ipv4: peer_groups: - name: MLAG_PEER @@ -62,36 +322,12 @@ router_bgp: originate: true - name: EVPN-OVERLAY-PEERS activate: false - neighbor_interfaces: - - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-LEAF3A - remote_as: '65106' - description: DC1-LEAF3A_Vlan4093 - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE5 - description: DC1-SPINE5_Ethernet2 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE5 - description: DC1-SPINE5_Ethernet4 - address_family_evpn: + address_family_ipv6: peer_groups: - - name: EVPN-OVERLAY-PEERS + - name: MLAG_PEER + activate: true + - name: UNDERLAY_PEERS activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 - enabled: true - neighbors: - - ip_address: 2001:1::5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE5 - description: DC1-SPINE5_Loopback0 - remote_as: '65001' vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.13:12 @@ -105,15 +341,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3011 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3A_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.13:13 route_targets: @@ -126,15 +362,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3012 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3A_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.13:10 route_targets: @@ -147,15 +383,15 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3009 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3A_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.13:11 route_targets: @@ -168,594 +404,363 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3010 - peer_group: MLAG_PEER remote_as: '65106' + peer_group: MLAG_PEER description: DC1-LEAF3A_Vlan3010 - - name: Tenant_B_OP_Zone - rd: 192.168.255.13:20 - route_targets: - import: - - address_family: evpn - route_targets: - - '20:20' - export: - - address_family: evpn - route_targets: - - '20:20' - router_id: 192.168.255.13 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan3019 - peer_group: MLAG_PEER - remote_as: '65106' - description: DC1-LEAF3A_Vlan3019 - - name: Tenant_C_OP_Zone - rd: 192.168.255.13:30 + - name: Tenant_B_OP_Zone + rd: 192.168.255.13:20 route_targets: import: - address_family: evpn route_targets: - - '30:30' + - '20:20' export: - address_family: evpn route_targets: - - '30:30' - router_id: 192.168.255.13 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan2 - peer_group: MLAG_PEER - remote_as: '65106' - description: DC1-LEAF3A_Vlan2 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.13:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.13:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.13:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.13:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.13:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.13:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.13:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.13:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 + - '20:20' + router_id: 192.168.255.13 + neighbor_interfaces: + - name: Vlan3019 + remote_as: '65106' + peer_group: MLAG_PEER + description: DC1-LEAF3A_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_OP_Zone + rd: 192.168.255.13:30 + route_targets: + import: + - address_family: evpn + route_targets: + - '30:30' + export: + - address_family: evpn + route_targets: + - '30:30' + router_id: 192.168.255.13 + neighbor_interfaces: + - name: Vlan2 + remote_as: '65106' + peer_group: MLAG_PEER + description: DC1-LEAF3A_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.13 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.15/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan310 - tenant: Tenant_C - tags: - - opzone description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan2 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan2 description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ipv6_enable: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF3A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF3A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF3A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF3A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF3A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE5 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE5_Ethernet2 shutdown: false - mtu: 1500 - switchport: - enabled: false + vrf: Tenant_C_OP_Zone ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE5 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE5_Ethernet4 - shutdown: false mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -mlag_configuration: - domain_id: DC1_LEAF3 - local_interface: Vlan4094 - peer_address: 10.255.252.14 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 30 - type: permit - match: - - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.13/32 - ipv6_address: 2001:1::d/128 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.12/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.13/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2001:1::/64 eq 128 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -799,8 +804,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.13 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4A.yml index 15a26fbf37e..672f4e41b9d 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4A.yml @@ -1,51 +1,296 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF4B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF4B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF4B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF4B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE6_Ethernet1 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE6 + peer_interface: Ethernet1 + peer_type: spine + switchport: + enabled: false hostname: DC1-LEAF4A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2001:1::/64 eq 128 +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.14/32 + ipv6_address: 2001:1::e/128 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.14/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.14/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.106/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_LEAF4 + local_interface: Vlan4094 + peer_address: 10.255.252.19 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF4B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 30 + type: permit + match: + - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65107' router_id: 192.168.255.14 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65107' - next_hop_self: true description: DC1-LEAF4B + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv6: + neighbors: + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE6 + description: DC1-SPINE6_Loopback0 + neighbor_interfaces: + - name: Vlan4093 + remote_as: '65107' + peer: DC1-LEAF4B + peer_group: MLAG_PEER + description: DC1-LEAF4B_Vlan4093 + - name: Ethernet1 + remote_as: '65001' + peer: DC1-SPINE6 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE6_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.14:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.14:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.14:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.14:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.14:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.14:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.14:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.14:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: peer_groups: - - name: MLAG_PEER - activate: true - - name: UNDERLAY_PEERS + - name: EVPN-OVERLAY-PEERS activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 address_family_ipv4: peer_groups: - name: MLAG_PEER @@ -62,31 +307,12 @@ router_bgp: originate: true - name: EVPN-OVERLAY-PEERS activate: false - neighbor_interfaces: - - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-LEAF4B - remote_as: '65107' - description: DC1-LEAF4B_Vlan4093 - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE6 - description: DC1-SPINE6_Ethernet1 - address_family_evpn: + address_family_ipv6: peer_groups: - - name: EVPN-OVERLAY-PEERS + - name: MLAG_PEER + activate: true + - name: UNDERLAY_PEERS activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE6 - description: DC1-SPINE6_Loopback0 - remote_as: '65001' vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.14:12 @@ -100,15 +326,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3011 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4B_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.14:13 route_targets: @@ -121,15 +347,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3012 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4B_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.14:10 route_targets: @@ -142,15 +368,15 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3009 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4B_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.14:11 route_targets: @@ -163,15 +389,15 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3010 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4B_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.14:20 route_targets: @@ -184,15 +410,15 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3019 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4B_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.14:30 route_targets: @@ -205,542 +431,321 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.14 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan2 - peer_group: MLAG_PEER remote_as: '65107' - description: DC1-LEAF4B_Vlan2 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.14:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.14:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.14:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.14:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.14:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.14:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.14:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.14:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT + peer_group: MLAG_PEER + description: DC1-LEAF4B_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.106/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.14 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.18/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan310 - tenant: Tenant_C - tags: - - opzone description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan2 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan2 description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false vrf: Tenant_C_OP_Zone - mtu: 1500 ipv6_enable: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF4B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF4B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF4B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF4B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF4B_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE6 - peer_interface: Ethernet1 - peer_type: spine - description: P2P_DC1-SPINE6_Ethernet1 - shutdown: false mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -mlag_configuration: - domain_id: DC1_LEAF4 - local_interface: Vlan4094 - peer_address: 10.255.252.19 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 30 - type: permit - match: - - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.14/32 - ipv6_address: 2001:1::e/128 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.14/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.14/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2001:1::/64 eq 128 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF4A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -784,8 +789,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.14 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4B.yml index 299d28b219d..f7528b28b87 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-LEAF4B.yml @@ -1,51 +1,296 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-LEAF4A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF4A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-LEAF4A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-LEAF4A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE6_Ethernet2 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE6 + peer_interface: Ethernet2 + peer_type: spine + switchport: + enabled: false hostname: DC1-LEAF4B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2001:1::/64 eq 128 +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.15/32 + ipv6_address: 2001:1::f/128 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.14/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.15/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.107/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_LEAF4 + local_interface: Vlan4094 + peer_address: 10.255.252.18 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-LEAF4A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY + - sequence: 30 + type: permit + match: + - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65107' router_id: 192.168.255.15 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65107' - next_hop_self: true description: DC1-LEAF4A + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv6: + neighbors: + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE6 + description: DC1-SPINE6_Loopback0 + neighbor_interfaces: + - name: Vlan4093 + remote_as: '65107' + peer: DC1-LEAF4A + peer_group: MLAG_PEER + description: DC1-LEAF4A_Vlan4093 + - name: Ethernet1 + remote_as: '65001' + peer: DC1-SPINE6 + peer_group: UNDERLAY_PEERS + description: DC1-SPINE6_Ethernet2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.15:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.15:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.15:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WEB_Zone + rd: 192.168.255.15:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.15:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.15:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.15:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_C_OP_Zone + rd: 192.168.255.15:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + address_family_evpn: peer_groups: - - name: MLAG_PEER - activate: true - - name: UNDERLAY_PEERS + - name: EVPN-OVERLAY-PEERS activate: true + evpn_hostflap_detection: + enabled: true + window: 20 + threshold: 30 address_family_ipv4: peer_groups: - name: MLAG_PEER @@ -62,31 +307,12 @@ router_bgp: originate: true - name: EVPN-OVERLAY-PEERS activate: false - neighbor_interfaces: - - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-LEAF4A - remote_as: '65107' - description: DC1-LEAF4A_Vlan4093 - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65001' - peer: DC1-SPINE6 - description: DC1-SPINE6_Ethernet2 - address_family_evpn: + address_family_ipv6: peer_groups: - - name: EVPN-OVERLAY-PEERS + - name: MLAG_PEER + activate: true + - name: UNDERLAY_PEERS activate: true - evpn_hostflap_detection: - window: 20 - threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE6 - description: DC1-SPINE6_Loopback0 - remote_as: '65001' vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.15:12 @@ -100,15 +326,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3011 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4A_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.15:13 route_targets: @@ -121,15 +347,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3012 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4A_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.15:10 route_targets: @@ -142,15 +368,15 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3009 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4A_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.15:11 route_targets: @@ -163,15 +389,15 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3010 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4A_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.15:20 route_targets: @@ -184,15 +410,15 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3019 - peer_group: MLAG_PEER remote_as: '65107' + peer_group: MLAG_PEER description: DC1-LEAF4A_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.15:30 route_targets: @@ -205,542 +431,321 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.15 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan2 - peer_group: MLAG_PEER remote_as: '65107' - description: DC1-LEAF4A_Vlan2 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.15:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.15:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.15:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WEB_Zone - rd: 192.168.255.15:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.15:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.15:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.15:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_C_OP_Zone - rd: 192.168.255.15:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT + peer_group: MLAG_PEER + description: DC1-LEAF4A_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.107/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.15 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 ip_address: 10.255.252.19/31 + mtu: 1500 + no_autostate: true - name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.30.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan131 + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - app + - erp1 +- name: Vlan131 description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.31.1/24 vrf: Tenant_A_APP_Zone -- name: Vlan3011 + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - app +- name: Vlan3011 description: MLAG_L3_VRF_Tenant_A_APP_Zone + shutdown: false vrf: Tenant_A_APP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan140 + mtu: 1500 tenant: Tenant_A - tags: - - db - - erp1 + type: underlay_peering +- name: Vlan140 description: Tenant_A_DB_BZone_1 shutdown: false - ip_address_virtual: 10.1.40.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan141 + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - db + - erp1 +- name: Vlan141 description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.41.1/24 vrf: Tenant_A_DB_Zone -- name: Vlan3012 + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - db +- name: Vlan3012 description: MLAG_L3_VRF_Tenant_A_DB_Zone + shutdown: false vrf: Tenant_A_DB_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan110 + mtu: 1500 tenant: Tenant_A - tags: - - opzone + type: underlay_peering +- name: Vlan110 description: Tenant_A_OP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 vrf: Tenant_A_OP_Zone -- name: Vlan111 + ip_address_virtual: 10.1.10.1/24 tenant: Tenant_A tags: - opzone +- name: Vlan111 description: Tenant_A_OP_Zone_2 shutdown: false - ip_address_virtual: 10.1.11.1/24 vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: MGMT -- name: Vlan3009 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3009 description: MLAG_L3_VRF_Tenant_A_OP_Zone + shutdown: false vrf: Tenant_A_OP_Zone - mtu: 1500 ipv6_enable: true -- name: Vlan120 + mtu: 1500 tenant: Tenant_A - tags: - - web - - erp1 + type: underlay_peering +- name: Vlan120 description: Tenant_A_WEB_Zone_1 shutdown: false - ip_address_virtual: 10.1.20.1/24 vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 ip_helpers: - ip_helper: 1.1.1.1 source_interface: lo100 vrf: TEST -- name: Vlan121 tenant: Tenant_A tags: - web + - erp1 +- name: Vlan121 description: Tenant_A_WEBZone_2 shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 tenant: Tenant_A - type: underlay_peering - shutdown: false + tags: + - web +- name: Vlan3010 description: MLAG_L3_VRF_Tenant_A_WEB_Zone + shutdown: false vrf: Tenant_A_WEB_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_A + type: underlay_peering - name: Vlan210 - tenant: Tenant_B - tags: - - opzone description: Tenant_B_OP_Zone_1 shutdown: false - ip_address_virtual: 10.2.10.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan211 + ip_address_virtual: 10.2.10.1/24 tenant: Tenant_B tags: - opzone +- name: Vlan211 description: Tenant_B_OP_Zone_2 shutdown: false - ip_address_virtual: 10.2.11.1/24 vrf: Tenant_B_OP_Zone -- name: Vlan3019 + ip_address_virtual: 10.2.11.1/24 tenant: Tenant_B - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan3019 description: MLAG_L3_VRF_Tenant_B_OP_Zone + shutdown: false vrf: Tenant_B_OP_Zone - mtu: 1500 ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering - name: Vlan310 - tenant: Tenant_C - tags: - - opzone description: Tenant_C_OP_Zone_1 shutdown: false - ip_address_virtual: 10.3.10.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan311 + ip_address_virtual: 10.3.10.1/24 tenant: Tenant_C tags: - opzone +- name: Vlan311 description: Tenant_C_OP_Zone_2 shutdown: false - ip_address_virtual: 10.3.11.1/24 vrf: Tenant_C_OP_Zone -- name: Vlan2 + ip_address_virtual: 10.3.11.1/24 tenant: Tenant_C - type: underlay_peering - shutdown: false + tags: + - opzone +- name: Vlan2 description: MLAG_L3_VRF_Tenant_C_OP_Zone + shutdown: false vrf: Tenant_C_OP_Zone - mtu: 1500 ipv6_enable: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-LEAF4A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-LEAF4A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-LEAF4A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-LEAF4A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-LEAF4A_Ethernet6 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE6 - peer_interface: Ethernet2 - peer_type: spine - description: P2P_DC1-SPINE6_Ethernet2 - shutdown: false mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -mlag_configuration: - domain_id: DC1_LEAF4 - local_interface: Vlan4094 - peer_address: 10.255.252.18 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY - - sequence: 30 - type: permit - match: - - ipv6 address prefix-list PL-LOOPBACKS-EVPN-OVERLAY-V6 -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.15/32 - ipv6_address: 2001:1::f/128 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE - shutdown: false - ip_address: 192.168.254.14/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone - shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.15/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2001:1::/64 eq 128 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-LEAF4B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -784,8 +789,3 @@ vxlan_interface: vni: 20 - name: Tenant_C_OP_Zone vni: 30 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.15 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml index 85af7625f65..b81f8fa0e4e 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE1.yml @@ -1,130 +1,6 @@ -hostname: DC1-SPINE1 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.1 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet1 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet1 - - name: Ethernet3 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet1 - - name: Ethernet4 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet1 - - name: Ethernet5 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet1 - - name: Ethernet6 - peer_group: UNDERLAY_PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet1 - - name: Ethernet7 - peer_group: UNDERLAY_PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet1 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65105' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -132,135 +8,127 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.101/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet1 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-BL1B + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ipv6_enable: true +hostname: DC1-SPINE1 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ipv6_unicast_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.1/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.101/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050X3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -278,5 +146,137 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050X3 +router_bgp: + as: '65001' + router_id: 192.168.255.1 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65101' + peer: DC1-LEAF1A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF1A_Ethernet1 + - name: Ethernet2 + remote_as: '65102' + peer: DC1-LEAF2A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2A_Ethernet1 + - name: Ethernet3 + remote_as: '65102' + peer: DC1-LEAF2B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2B_Ethernet1 + - name: Ethernet4 + remote_as: '65103' + peer: DC1-SVC3A + peer_group: UNDERLAY_PEERS + description: DC1-SVC3A_Ethernet1 + - name: Ethernet5 + remote_as: '65103' + peer: DC1-SVC3B + peer_group: UNDERLAY_PEERS + description: DC1-SVC3B_Ethernet1 + - name: Ethernet6 + remote_as: '65104' + peer: DC1-BL1A + peer_group: UNDERLAY_PEERS + description: DC1-BL1A_Ethernet1 + - name: Ethernet7 + remote_as: '65105' + peer: DC1-BL1B + peer_group: UNDERLAY_PEERS + description: DC1-BL1B_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml index 3ae6d7dd31a..0b75d0ca3d2 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE2.yml @@ -1,130 +1,6 @@ -hostname: DC1-SPINE2 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.2 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet2 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet2 - - name: Ethernet3 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet2 - - name: Ethernet4 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet2 - - name: Ethernet5 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet2 - - name: Ethernet6 - peer_group: UNDERLAY_PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet2 - - name: Ethernet7 - peer_group: UNDERLAY_PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet2 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65105' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -132,135 +8,127 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.102/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet2 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-BL1B + peer_interface: Ethernet2 + peer_type: l3leaf switchport: enabled: false - ipv6_enable: true +hostname: DC1-SPINE2 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ipv6_unicast_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.2/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.102/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050X3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -278,5 +146,137 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050X3 +router_bgp: + as: '65001' + router_id: 192.168.255.2 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65101' + peer: DC1-LEAF1A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF1A_Ethernet2 + - name: Ethernet2 + remote_as: '65102' + peer: DC1-LEAF2A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2A_Ethernet2 + - name: Ethernet3 + remote_as: '65102' + peer: DC1-LEAF2B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2B_Ethernet2 + - name: Ethernet4 + remote_as: '65103' + peer: DC1-SVC3A + peer_group: UNDERLAY_PEERS + description: DC1-SVC3A_Ethernet2 + - name: Ethernet5 + remote_as: '65103' + peer: DC1-SVC3B + peer_group: UNDERLAY_PEERS + description: DC1-SVC3B_Ethernet2 + - name: Ethernet6 + remote_as: '65104' + peer: DC1-BL1A + peer_group: UNDERLAY_PEERS + description: DC1-BL1A_Ethernet2 + - name: Ethernet7 + remote_as: '65105' + peer: DC1-BL1B + peer_group: UNDERLAY_PEERS + description: DC1-BL1B_Ethernet2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml index 41f67018978..c0e13bb19fe 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE3.yml @@ -1,130 +1,6 @@ -hostname: DC1-SPINE3 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.3 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet3 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet3 - - name: Ethernet3 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet3 - - name: Ethernet4 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet3 - - name: Ethernet5 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet3 - - name: Ethernet6 - peer_group: UNDERLAY_PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet3 - - name: Ethernet7 - peer_group: UNDERLAY_PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet3 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65105' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -132,135 +8,127 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.103/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet3 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet3 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet3 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet3 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-BL1B + peer_interface: Ethernet3 + peer_type: l3leaf switchport: enabled: false - ipv6_enable: true +hostname: DC1-SPINE3 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ipv6_unicast_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.3/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.103/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050X3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -278,5 +146,137 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050X3 +router_bgp: + as: '65001' + router_id: 192.168.255.3 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65101' + peer: DC1-LEAF1A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF1A_Ethernet3 + - name: Ethernet2 + remote_as: '65102' + peer: DC1-LEAF2A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2A_Ethernet3 + - name: Ethernet3 + remote_as: '65102' + peer: DC1-LEAF2B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2B_Ethernet3 + - name: Ethernet4 + remote_as: '65103' + peer: DC1-SVC3A + peer_group: UNDERLAY_PEERS + description: DC1-SVC3A_Ethernet3 + - name: Ethernet5 + remote_as: '65103' + peer: DC1-SVC3B + peer_group: UNDERLAY_PEERS + description: DC1-SVC3B_Ethernet3 + - name: Ethernet6 + remote_as: '65104' + peer: DC1-BL1A + peer_group: UNDERLAY_PEERS + description: DC1-BL1A_Ethernet3 + - name: Ethernet7 + remote_as: '65105' + peer: DC1-BL1B + peer_group: UNDERLAY_PEERS + description: DC1-BL1B_Ethernet3 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml index fdc54f90089..dcadf06fd60 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE4.yml @@ -1,130 +1,6 @@ -hostname: DC1-SPINE4 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.4 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65101' - peer: DC1-LEAF1A - description: DC1-LEAF1A_Ethernet4 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2A - description: DC1-LEAF2A_Ethernet4 - - name: Ethernet3 - peer_group: UNDERLAY_PEERS - remote_as: '65102' - peer: DC1-LEAF2B - description: DC1-LEAF2B_Ethernet4 - - name: Ethernet4 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3A - description: DC1-SVC3A_Ethernet4 - - name: Ethernet5 - peer_group: UNDERLAY_PEERS - remote_as: '65103' - peer: DC1-SVC3B - description: DC1-SVC3B_Ethernet4 - - name: Ethernet6 - peer_group: UNDERLAY_PEERS - remote_as: '65104' - peer: DC1-BL1A - description: DC1-BL1A_Ethernet4 - - name: Ethernet7 - peer_group: UNDERLAY_PEERS - remote_as: '65105' - peer: DC1-BL1B - description: DC1-BL1B_Ethernet4 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.255.10 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1A - description: DC1-BL1A_Loopback0 - remote_as: '65104' - - ip_address: 192.168.255.11 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-BL1B - description: DC1-BL1B_Loopback0 - remote_as: '65105' - - ip_address: 192.168.255.5 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF1A - description: DC1-LEAF1A_Loopback0 - remote_as: '65101' - - ip_address: 192.168.255.6 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2A - description: DC1-LEAF2A_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.7 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF2B - description: DC1-LEAF2B_Loopback0 - remote_as: '65102' - - ip_address: 192.168.255.8 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3A - description: DC1-SVC3A_Loopback0 - remote_as: '65103' - - ip_address: 192.168.255.9 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SVC3B - description: DC1-SVC3B_Loopback0 - remote_as: '65103' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -132,135 +8,127 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.104/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF1A - peer_interface: Ethernet4 - peer_type: l3leaf description: P2P_DC1-LEAF1A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet2 - peer: DC1-LEAF2A + peer: DC1-LEAF1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF2A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet3 - peer: DC1-LEAF2B + peer: DC1-LEAF2A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet3 description: P2P_DC1-LEAF2B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet4 - peer: DC1-SVC3A + peer: DC1-LEAF2B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-SVC3A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet5 - peer: DC1-SVC3B + peer: DC1-SVC3A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet5 description: P2P_DC1-SVC3B_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet6 - peer: DC1-BL1A + peer: DC1-SVC3B peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet6 description: P2P_DC1-BL1A_Ethernet4 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet7 - peer: DC1-BL1B + peer: DC1-BL1A peer_interface: Ethernet4 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet7 description: P2P_DC1-BL1B_Ethernet4 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-BL1B + peer_interface: Ethernet4 + peer_type: l3leaf switchport: enabled: false - ipv6_enable: true +hostname: DC1-SPINE4 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ipv6_unicast_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.4/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.104/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050X3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: @@ -278,5 +146,137 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050X3 +router_bgp: + as: '65001' + router_id: 192.168.255.4 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.10 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65104' + peer: DC1-BL1A + description: DC1-BL1A_Loopback0 + - ip_address: 192.168.255.11 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65105' + peer: DC1-BL1B + description: DC1-BL1B_Loopback0 + - ip_address: 192.168.255.5 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65101' + peer: DC1-LEAF1A + description: DC1-LEAF1A_Loopback0 + - ip_address: 192.168.255.6 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2A + description: DC1-LEAF2A_Loopback0 + - ip_address: 192.168.255.7 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65102' + peer: DC1-LEAF2B + description: DC1-LEAF2B_Loopback0 + - ip_address: 192.168.255.8 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3A + description: DC1-SVC3A_Loopback0 + - ip_address: 192.168.255.9 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65103' + peer: DC1-SVC3B + description: DC1-SVC3B_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65101' + peer: DC1-LEAF1A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF1A_Ethernet4 + - name: Ethernet2 + remote_as: '65102' + peer: DC1-LEAF2A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2A_Ethernet4 + - name: Ethernet3 + remote_as: '65102' + peer: DC1-LEAF2B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF2B_Ethernet4 + - name: Ethernet4 + remote_as: '65103' + peer: DC1-SVC3A + peer_group: UNDERLAY_PEERS + description: DC1-SVC3A_Ethernet4 + - name: Ethernet5 + remote_as: '65103' + peer: DC1-SVC3B + peer_group: UNDERLAY_PEERS + description: DC1-SVC3B_Ethernet4 + - name: Ethernet6 + remote_as: '65104' + peer: DC1-BL1A + peer_group: UNDERLAY_PEERS + description: DC1-BL1A_Ethernet4 + - name: Ethernet7 + remote_as: '65105' + peer: DC1-BL1B + peer_group: UNDERLAY_PEERS + description: DC1-BL1B_Ethernet4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE5.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE5.yml index 28a06da6cc6..cc2f9b6a953 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE5.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE5.yml @@ -1,94 +1,6 @@ -hostname: DC1-SPINE5 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.5 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_ipv6: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65106' - peer: DC1-LEAF3A - description: DC1-LEAF3A_Ethernet1 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65106' - peer: DC1-LEAF3B - description: DC1-LEAF3B_Ethernet1 - - name: Ethernet3 - peer_group: UNDERLAY_PEERS - remote_as: '65106' - peer: DC1-LEAF3A - description: DC1-LEAF3A_Ethernet2 - - name: Ethernet4 - peer_group: UNDERLAY_PEERS - remote_as: '65106' - peer: DC1-LEAF3B - description: DC1-LEAF3B_Ethernet2 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 2001:1::c - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF3A - description: DC1-LEAF3A_Loopback0 - remote_as: '65106' - - ip_address: 2001:1::d - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF3B - description: DC1-LEAF3B_Loopback0 - remote_as: '65106' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -96,116 +8,108 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: none -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 - type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true ethernet_interfaces: - name: Ethernet1 - peer: DC1-LEAF3A - peer_interface: Ethernet1 - peer_type: l3leaf description: P2P_DC1-LEAF3A_Ethernet1 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet2 - peer: DC1-LEAF3B + peer: DC1-LEAF3A peer_interface: Ethernet1 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 description: P2P_DC1-LEAF3B_Ethernet1 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-LEAF3B + peer_interface: Ethernet1 + peer_type: l3leaf switchport: enabled: false - ipv6_enable: true - name: Ethernet3 - peer: DC1-LEAF3A - peer_interface: Ethernet2 - peer_type: l3leaf description: P2P_DC1-LEAF3A_Ethernet2 shutdown: false mtu: 1500 - switchport: - enabled: false ipv6_enable: true -- name: Ethernet4 - peer: DC1-LEAF3B + peer: DC1-LEAF3A peer_interface: Ethernet2 peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet4 description: P2P_DC1-LEAF3B_Ethernet2 shutdown: false mtu: 1500 + ipv6_enable: true + peer: DC1-LEAF3B + peer_interface: Ethernet2 + peer_type: l3leaf switchport: enabled: false - ipv6_enable: true +hostname: DC1-SPINE5 +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2001:1::/64 eq 128 +ipv6_unicast_routing: true +is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. loopback_interfaces: - name: Loopback0 description: ROUTER_ID shutdown: false ip_address: 192.168.255.5/32 ipv6_address: 2001:1::5/128 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.105/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7050X3 +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: - sequence: 10 action: permit 192.168.255.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2001:1::/64 eq 128 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -222,5 +126,101 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050X3 +router_bgp: + as: '65001' + router_id: 192.168.255.5 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 2001:1::c + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' + peer: DC1-LEAF3A + description: DC1-LEAF3A_Loopback0 + - ip_address: 2001:1::d + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65106' + peer: DC1-LEAF3B + description: DC1-LEAF3B_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65106' + peer: DC1-LEAF3A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF3A_Ethernet1 + - name: Ethernet2 + remote_as: '65106' + peer: DC1-LEAF3B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF3B_Ethernet1 + - name: Ethernet3 + remote_as: '65106' + peer: DC1-LEAF3A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF3A_Ethernet2 + - name: Ethernet4 + remote_as: '65106' + peer: DC1-LEAF3B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF3B_Ethernet2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false + address_family_ipv6: + peer_groups: + - name: UNDERLAY_PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE6.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE6.yml index 84c45722ec7..b21aede4771 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE6.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SPINE6.yml @@ -1,84 +1,6 @@ -hostname: DC1-SPINE6 -is_deployed: true -router_bgp: - as: '65001' - router_id: 192.168.255.6 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false - maximum_paths: - paths: 4 - ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP - updates: - wait_install: true - peer_groups: - - name: UNDERLAY_PEERS - type: ipv4 - password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 - send_community: all - - name: EVPN-OVERLAY-PEERS - type: evpn - update_source: Loopback0 - bfd: true - password: q+VNViP5i4rVjW1cxFv2wA== - send_community: all - maximum_routes: 0 - ebgp_multihop: 3 - next_hop_unchanged: true - address_family_ipv4: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false - address_family_ipv6: - peer_groups: - - name: UNDERLAY_PEERS - activate: true - neighbor_interfaces: - - name: Ethernet1 - peer_group: UNDERLAY_PEERS - remote_as: '65107' - peer: DC1-LEAF4A - description: DC1-LEAF4A_Ethernet1 - - name: Ethernet2 - peer_group: UNDERLAY_PEERS - remote_as: '65107' - peer: DC1-LEAF4B - description: DC1-LEAF4B_Ethernet1 - address_family_evpn: - peer_groups: - - name: EVPN-OVERLAY-PEERS - activate: true - neighbors: - - ip_address: 192.168.255.14 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF4A - description: DC1-LEAF4A_Loopback0 - remote_as: '65107' - - ip_address: 192.168.255.15 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-LEAF4B - description: DC1-LEAF4B_Loopback0 - remote_as: '65107' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true +aaa_root: + disabled: true +config_end: true daemon_terminattr: cvaddrs: - 192.168.200.11:9910 @@ -86,27 +8,46 @@ daemon_terminattr: method: key key: telarista cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata enable_password: disabled: true -transceiver_qsfp_default_mode_4x10: true +ethernet_interfaces: +- name: Ethernet1 + description: P2P_DC1-LEAF4A_Ethernet1 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-LEAF4A + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-LEAF4B_Ethernet1 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-LEAF4B + peer_interface: Ethernet1 + peer_type: l3leaf + switchport: + enabled: false +hostname: DC1-SPINE6 ip_name_servers: - ip_address: 192.168.200.5 vrf: MGMT - ip_address: 8.8.8.8 vrf: MGMT -spanning_tree: - mode: none +ip_routing_ipv6_interfaces: true +ipv6_prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 + sequence_numbers: + - sequence: 10 + action: permit 2001:1::/64 eq 128 +ipv6_unicast_routing: true +is_deployed: true local_users: - name: admin privilege: 15 @@ -116,66 +57,39 @@ local_users: privilege: 15 role: network-admin sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.6/32 + ipv6_address: 2001:1::6/128 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT management_interfaces: - name: Management1 description: OOB_MANAGEMENT shutdown: false vrf: MGMT ip_address: 192.168.200.105/24 - gateway: 192.168.200.5 type: oob -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true + gateway: 192.168.200.5 +metadata: + platform: 7050X3 ntp: local_interface: name: Management1 vrf: MGMT servers: - name: 192.168.200.5 - vrf: MGMT preferred: true -ethernet_interfaces: -- name: Ethernet1 - peer: DC1-LEAF4A - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-LEAF4A_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet2 - peer: DC1-LEAF4B - peer_interface: Ethernet1 - peer_type: l3leaf - description: P2P_DC1-LEAF4B_Ethernet1 - shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID - shutdown: false - ip_address: 192.168.255.6/32 - ipv6_address: 2001:1::6/128 + vrf: MGMT prefix_lists: - name: PL-LOOPBACKS-EVPN-OVERLAY sequence_numbers: - sequence: 10 action: permit 192.168.255.0/24 eq 32 -ipv6_prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY-V6 - sequence_numbers: - - sequence: 10 - action: permit 2001:1::/64 eq 128 route_maps: - name: RM-CONN-2-BGP sequence_numbers: @@ -192,5 +106,91 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -metadata: - platform: 7050X3 +router_bgp: + as: '65001' + router_id: 192.168.255.6 + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false + peer_groups: + - name: UNDERLAY_PEERS + type: ipv4 + password: af6F4WLl4wUrWRZcwbEwkQ== + send_community: all + maximum_routes: 12000 + - name: EVPN-OVERLAY-PEERS + type: evpn + next_hop_unchanged: true + update_source: Loopback0 + bfd: true + ebgp_multihop: 3 + password: q+VNViP5i4rVjW1cxFv2wA== + send_community: all + maximum_routes: 0 + neighbors: + - ip_address: 192.168.255.14 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65107' + peer: DC1-LEAF4A + description: DC1-LEAF4A_Loopback0 + - ip_address: 192.168.255.15 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65107' + peer: DC1-LEAF4B + description: DC1-LEAF4B_Loopback0 + neighbor_interfaces: + - name: Ethernet1 + remote_as: '65107' + peer: DC1-LEAF4A + peer_group: UNDERLAY_PEERS + description: DC1-LEAF4A_Ethernet1 + - name: Ethernet2 + remote_as: '65107' + peer: DC1-LEAF4B + peer_group: UNDERLAY_PEERS + description: DC1-LEAF4B_Ethernet1 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true + address_family_ipv4: + peer_groups: + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false + address_family_ipv6: + peer_groups: + - name: UNDERLAY_PEERS + activate: true +service_routing_protocols_model: multi-agent +spanning_tree: + mode: none +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 + gateway: 192.168.200.5 +transceiver_qsfp_default_mode_4x10: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml index c3fa250848c..d74dad299ba 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3A.yml @@ -1,116 +1,613 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-SVC3B_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-SVC3B_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3B + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet4 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE1 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet4 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE2 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet4 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE3 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet4 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet4 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF2A_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet8 + description: L2_DC1-L2LEAF2B_Ethernet1 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet1 + peer_type: l2leaf +- name: Ethernet10 + description: SERVER_server03_ESI_Eth1 + shutdown: false + channel_group: + id: 10 + mode: active + peer: server03_ESI + peer_interface: Eth1 + peer_type: server + port_profile: TENANT_A_B +- name: Ethernet11 + description: SERVER_server04_inherit_all_from_profile_Eth1 + shutdown: false + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server04_inherit_all_from_profile + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet12 + description: SERVER_server05_no_profile_Eth1 + shutdown: false + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server05_no_profile + peer_interface: Eth1 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet13 + description: SERVER_server06_override_profile_Eth1 + shutdown: false + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server06_override_profile + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet14 + description: SERVER_server07_inherit_all_from_profile_port_channel_Eth1 + shutdown: false + channel_group: + id: 14 + mode: active + peer: server07_inherit_all_from_profile_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL +- name: Ethernet15 + description: SERVER_server08_no_profile_port_channel_Eth1 + shutdown: false + channel_group: + id: 15 + mode: 'on' + peer: server08_no_profile_port_channel + peer_interface: Eth1 + peer_type: server +- name: Ethernet16 + description: SERVER_server09_override_profile_no_port_channel_Eth1 + shutdown: false + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server09_override_profile_no_port_channel + peer_interface: Eth1 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL + switchport: + enabled: true + mode: access + access_vlan: 210 hostname: DC1-SVC3A +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.8/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.8/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.8/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.108/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.7 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3B_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 +- name: Port-Channel10 + description: PortChanne1 + shutdown: false + evpn_ethernet_segment: + identifier: 0000:0000:0303:0202:0101 + route_target: 03:03:02:02:01:01 + lacp_id: 0303.0202.0101 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,210-211 +- name: Port-Channel14 + description: ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false + mlag: 14 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Port-Channel15 + description: server08_no_profile_port_channel + shutdown: false + mlag: 15 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.8 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65103' - next_hop_self: true description: DC1-SVC3B + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG_PEER - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 neighbor_interfaces: - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-SVC3B remote_as: '65103' + peer: DC1-SVC3B + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan4093 - name: Ethernet1 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS description: DC1-SPINE1_Ethernet4 - name: Ethernet2 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS description: DC1-SPINE2_Ethernet4 - name: Ethernet3 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS description: DC1-SPINE3_Ethernet4 - name: Ethernet4 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS description: DC1-SPINE4_Ethernet4 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.8:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.8:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.8:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.8:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.8:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.8:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.8:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.8:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.8:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.8:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: 192.168.255.8:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 20 threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' + address_family_ipv4: + peer_groups: + - name: MLAG_PEER + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.8:12 @@ -124,15 +621,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3011 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.8:13 route_targets: @@ -145,15 +642,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3012 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.8:10 route_targets: @@ -166,15 +663,15 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.8 + neighbor_interfaces: + - name: Vlan3009 + remote_as: '65103' + peer_group: MLAG_PEER + description: DC1-SVC3B_Vlan3009 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan3009 - peer_group: MLAG_PEER - remote_as: '65103' - description: DC1-SVC3B_Vlan3009 - name: Tenant_A_WAN_Zone rd: 192.168.255.8:14 route_targets: @@ -187,15 +684,15 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3013 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan3013 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.8:11 route_targets: @@ -208,15 +705,15 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3010 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.8:20 route_targets: @@ -229,15 +726,15 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3019 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.8:21 route_targets: @@ -250,15 +747,15 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3020 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3B_Vlan3020 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.8:30 route_targets: @@ -271,918 +768,426 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan2 - peer_group: MLAG_PEER remote_as: '65103' - description: DC1-SVC3B_Vlan2 - - name: Tenant_C_WAN_Zone - rd: 192.168.255.8:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.8 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan3030 peer_group: MLAG_PEER - remote_as: '65103' - description: DC1-SVC3B_Vlan3030 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.8:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.8:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.8:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.8:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.8:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.8:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.8:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.8:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.8:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: 192.168.255.8:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - - name: Tenant_C_WAN_Zone - rd: 192.168.255.8:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT -spanning_tree: - mode: mstp - mst_instances: - - id: '0' - priority: 4096 - no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.108/24 + description: DC1-SVC3B_Vlan2 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS + - name: Tenant_C_WAN_Zone + rd: 192.168.255.8:31 + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.8 + neighbor_interfaces: + - name: Vlan3030 + remote_as: '65103' + peer_group: MLAG_PEER + description: DC1-SVC3B_Vlan3030 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent +spanning_tree: + mode: mstp + mst_instances: + - id: '0' + priority: 4096 + no_spanning_tree_vlan: 4093-4094 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_L3_VRF_Tenant_A_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_Tenant_B_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_L3_VRF_Tenant_C_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -vlan_interfaces: -- name: Vlan4093 - description: MLAG_L3 - shutdown: false - mtu: 1500 - ipv6_enable: true -- name: Vlan4094 - description: MLAG - shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.6/31 -- name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 - description: Tenant_A_APP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.30.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan131 - tenant: Tenant_A - tags: - - app - description: Tenant_A_APP_Zone_2 - shutdown: false - ip_address_virtual: 10.1.31.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_APP_Zone - vrf: Tenant_A_APP_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan140 - tenant: Tenant_A - tags: - - db - - erp1 - description: Tenant_A_DB_BZone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan141 - tenant: Tenant_A - tags: - - db - description: Tenant_A_DB_Zone_2 - shutdown: false - ip_address_virtual: 10.1.41.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_DB_Zone - vrf: Tenant_A_DB_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: MGMT -- name: Vlan3009 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_OP_Zone - vrf: Tenant_A_OP_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan150 - tenant: Tenant_A - tags: - - wan - description: Tenant_A_WAN_Zone_1 +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.8 +vlan_interfaces: +- name: Vlan4093 + description: MLAG_L3 shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan3013 - tenant: Tenant_A - type: underlay_peering + ipv6_enable: true + mtu: 1500 +- name: Vlan4094 + description: MLAG shutdown: false - description: MLAG_L3_VRF_Tenant_A_WAN_Zone - vrf: Tenant_A_WAN_Zone + ip_address: 10.255.252.6/31 mtu: 1500 - ipv6_enable: true -- name: Vlan120 + no_autostate: true +- name: Vlan130 + description: Tenant_A_APP_Zone_1 + shutdown: false + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - - web + - app - erp1 - description: Tenant_A_WEB_Zone_1 +- name: Vlan131 + description: Tenant_A_APP_Zone_2 shutdown: false - ip_address_virtual: 10.1.20.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan121 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - web - description: Tenant_A_WEBZone_2 - shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 - vrf: Tenant_A_WEB_Zone -- name: Vlan3010 - tenant: Tenant_A - type: underlay_peering + - app +- name: Vlan3011 + description: MLAG_L3_VRF_Tenant_A_APP_Zone shutdown: false - description: MLAG_L3_VRF_Tenant_A_WEB_Zone - vrf: Tenant_A_WEB_Zone - mtu: 1500 + vrf: Tenant_A_APP_Zone ipv6_enable: true -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone mtu: 1500 - ipv6_enable: true -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 - tenant: Tenant_B + tenant: Tenant_A type: underlay_peering +- name: Vlan140 + description: Tenant_A_DB_BZone_1 shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan310 - tenant: Tenant_C + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A tags: - - opzone - description: Tenant_C_OP_Zone_1 + - db + - erp1 +- name: Vlan141 + description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.41.1/24 + tenant: Tenant_A tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C - type: underlay_peering + - db +- name: Vlan3012 + description: MLAG_L3_VRF_Tenant_A_DB_Zone shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 + vrf: Tenant_A_DB_Zone ipv6_enable: true -- name: Vlan350 - tenant: Tenant_C - tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone mtu: 1500 - ipv6_enable: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3B_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 7 -- name: Port-Channel10 - description: PortChanne1 - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,210-211 - evpn_ethernet_segment: - identifier: 0000:0000:0303:0202:0101 - route_target: 03:03:02:02:01:01 - lacp_id: 0303.0202.0101 -- name: Port-Channel14 - description: ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent - mlag: 14 -- name: Port-Channel15 - description: server08_no_profile_port_channel - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent - mlag: 15 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-SVC3B - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-SVC3B_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-SVC3B - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-SVC3B_Ethernet6 + tenant: Tenant_A + type: underlay_peering +- name: Vlan110 + description: Tenant_A_OP_Zone_1 shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet4 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_A + tags: + - opzone +- name: Vlan111 + description: Tenant_A_OP_Zone_2 shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet4 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: MGMT + tenant: Tenant_A + tags: + - opzone +- name: Vlan3009 + description: MLAG_L3_VRF_Tenant_A_OP_Zone shutdown: false - mtu: 1500 - switchport: - enabled: false + vrf: Tenant_A_OP_Zone ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet4 - shutdown: false mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet4 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet4 + tenant: Tenant_A + type: underlay_peering +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - mtu: 1500 - switchport: - enabled: false + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan3013 + description: MLAG_L3_VRF_Tenant_A_WAN_Zone + shutdown: false + vrf: Tenant_A_WAN_Zone ipv6_enable: true -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF2A_Ethernet1 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan120 + description: Tenant_A_WEB_Zone_1 shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet1 - peer_type: l2leaf - description: L2_DC1-L2LEAF2B_Ethernet1 + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - web + - erp1 +- name: Vlan121 + description: Tenant_A_WEBZone_2 + shutdown: true + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +- name: Vlan3010 + description: MLAG_L3_VRF_Tenant_A_WEB_Zone shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet10 - peer: server03_ESI - peer_interface: Eth1 - peer_type: server - port_profile: TENANT_A_B - description: SERVER_server03_ESI_Eth1 + vrf: Tenant_A_WEB_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 shutdown: false - channel_group: - id: 10 - mode: active -- name: Ethernet11 - peer: server04_inherit_all_from_profile - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: SERVER_server04_inherit_all_from_profile_Eth1 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet12 - peer: server05_no_profile - peer_interface: Eth1 - peer_type: server - description: SERVER_server05_no_profile_Eth1 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet13 - peer: server06_override_profile - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: SERVER_server06_override_profile_Eth1 + vrf: Tenant_B_OP_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet14 - peer: server07_inherit_all_from_profile_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: SERVER_server07_inherit_all_from_profile_port_channel_Eth1 + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone shutdown: false - channel_group: - id: 14 - mode: active -- name: Ethernet15 - peer: server08_no_profile_port_channel - peer_interface: Eth1 - peer_type: server - description: SERVER_server08_no_profile_port_channel_Eth1 + vrf: Tenant_B_WAN_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 shutdown: false - channel_group: - id: 15 - mode: 'on' -- name: Ethernet16 - peer: server09_override_profile_no_port_channel - peer_interface: Eth1 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: SERVER_server09_override_profile_no_port_channel_Eth1 + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.7 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: MLAG_L3_VRF_Tenant_C_OP_Zone shutdown: false - ip_address: 192.168.255.8/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.8/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.8/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_WAN_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_L3_VRF_Tenant_A_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_Tenant_B_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_L3_VRF_Tenant_C_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3A_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1238,8 +1243,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.8 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml index 3d13675984a..fae27df4319 100644 --- a/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml +++ b/ansible_collections/arista/avd/molecule/evpn_underlay_rfc5549_overlay_ebgp/intended/structured_configs/DC1-SVC3B.yml @@ -1,116 +1,591 @@ +aaa_root: + disabled: true +config_end: true +daemon_terminattr: + cvaddrs: + - 192.168.200.11:9910 + cvauth: + method: key + key: telarista + cvvrf: MGMT + disable_aaa: false + ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent + smashexcludes: ale,flexCounter,hardware,kni,pulse,strata +enable_password: + disabled: true +ethernet_interfaces: +- name: Ethernet5 + description: MLAG_DC1-SVC3A_Ethernet5 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet5 + peer_type: mlag_peer +- name: Ethernet6 + description: MLAG_DC1-SVC3A_Ethernet6 + shutdown: false + channel_group: + id: 5 + mode: active + peer: DC1-SVC3A + peer_interface: Ethernet6 + peer_type: mlag_peer +- name: Ethernet1 + description: P2P_DC1-SPINE1_Ethernet5 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE1 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet2 + description: P2P_DC1-SPINE2_Ethernet5 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE2 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet3 + description: P2P_DC1-SPINE3_Ethernet5 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE3 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet4 + description: P2P_DC1-SPINE4_Ethernet5 + shutdown: false + mtu: 1500 + ipv6_enable: true + peer: DC1-SPINE4 + peer_interface: Ethernet5 + peer_type: spine + switchport: + enabled: false +- name: Ethernet7 + description: L2_DC1-L2LEAF2A_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2A + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet8 + description: L2_DC1-L2LEAF2B_Ethernet2 + shutdown: false + channel_group: + id: 7 + mode: active + peer: DC1-L2LEAF2B + peer_interface: Ethernet2 + peer_type: l2leaf +- name: Ethernet11 + description: SERVER_server04_inherit_all_from_profile_Eth2 + shutdown: false + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server04_inherit_all_from_profile + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet12 + description: SERVER_server05_no_profile_Eth2 + shutdown: false + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + peer: server05_no_profile + peer_interface: Eth2 + peer_type: server + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Ethernet13 + description: SERVER_server06_override_profile_Eth2 + shutdown: false + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server06_override_profile + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY + switchport: + enabled: true + mode: access + access_vlan: 210 +- name: Ethernet14 + description: SERVER_server07_inherit_all_from_profile_port_channel_Eth2 + shutdown: false + channel_group: + id: 14 + mode: active + peer: server07_inherit_all_from_profile_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL +- name: Ethernet15 + description: SERVER_server08_no_profile_port_channel_Eth2 + shutdown: false + channel_group: + id: 15 + mode: 'on' + peer: server08_no_profile_port_channel + peer_interface: Eth2 + peer_type: server +- name: Ethernet16 + description: SERVER_server09_override_profile_no_port_channel_Eth2 + shutdown: false + storm_control: + all: + level: '20' + unit: pps + broadcast: + level: '200' + unit: percent + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'False' + spanning_tree_bpduguard: 'True' + spanning_tree_portfast: network + peer: server09_override_profile_no_port_channel + peer_interface: Eth2 + peer_type: server + port_profile: ALL_WITH_SECURITY_PORT_CHANNEL + switchport: + enabled: true + mode: access + access_vlan: 210 hostname: DC1-SVC3B +ip_igmp_snooping: + globally_enabled: true + vlans: + - id: 120 + enabled: false +ip_name_servers: +- ip_address: 192.168.200.5 + vrf: MGMT +- ip_address: 8.8.8.8 + vrf: MGMT +ip_routing_ipv6_interfaces: true +ip_virtual_router_mac_address: 00:dc:00:00:00:0a +ipv6_unicast_routing: true is_deployed: true +local_users: +- name: admin + privilege: 15 + role: network-admin + no_password: true +- name: cvpadmin + privilege: 15 + role: network-admin + sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. +loopback_interfaces: +- name: Loopback0 + description: ROUTER_ID + shutdown: false + ip_address: 192.168.255.9/32 +- name: Loopback1 + description: VXLAN_TUNNEL_SOURCE + shutdown: false + ip_address: 192.168.254.8/32 +- name: Loopback100 + description: DIAG_VRF_Tenant_A_OP_Zone + shutdown: false + vrf: Tenant_A_OP_Zone + ip_address: 10.255.1.9/32 +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT +management_interfaces: +- name: Management1 + description: OOB_MANAGEMENT + shutdown: false + vrf: MGMT + ip_address: 192.168.200.109/24 + type: oob + gateway: 192.168.200.5 +metadata: + platform: 7280R +mlag_configuration: + domain_id: DC1_SVC3 + local_interface: Vlan4094 + peer_address: 10.255.252.6 + peer_link: Port-Channel5 + reload_delay_mlag: '900' + reload_delay_non_mlag: '1020' +ntp: + local_interface: + name: Management1 + vrf: MGMT + servers: + - name: 192.168.200.5 + preferred: true + vrf: MGMT +platform: + sand: + lag: + hardware_only: true +port_channel_interfaces: +- name: Port-Channel5 + description: MLAG_DC1-SVC3A_Port-Channel5 + shutdown: false + switchport: + enabled: true + mode: trunk + trunk: + groups: + - MLAG +- name: Port-Channel7 + description: L2_DC1_L2LEAF2_Port-Channel1 + shutdown: false + mlag: 7 + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 +- name: Port-Channel14 + description: ALL_WITH_SECURITY_PORT_CHANNEL + shutdown: false + mlag: 14 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +- name: Port-Channel15 + description: server08_no_profile_port_channel + shutdown: false + mlag: 15 + storm_control: + all: + level: '10' + unit: percent + broadcast: + level: '100' + unit: pps + multicast: + level: '1' + unit: percent + unknown_unicast: + level: '2' + unit: percent + spanning_tree_bpdufilter: 'True' + spanning_tree_bpduguard: 'False' + spanning_tree_portfast: edge + switchport: + enabled: true + mode: trunk + trunk: + allowed_vlan: 1-4094 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 192.168.255.0/24 eq 32 + - sequence: 20 + action: permit 192.168.254.0/24 eq 32 +route_maps: +- name: RM-MLAG-PEER-IN + sequence_numbers: + - sequence: 10 + type: permit + description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing + set: + - origin incomplete +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 1200 + min_rx: 1200 + multiplier: 3 router_bgp: as: '65103' router_id: 192.168.255.9 - bgp_defaults: - - distance bgp 20 200 200 - bgp: - default: - ipv4_unicast: false maximum_paths: paths: 4 ecmp: 4 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP updates: wait_install: true + bgp_defaults: + - distance bgp 20 200 200 + bgp: + default: + ipv4_unicast: false peer_groups: - name: MLAG_PEER type: ipv4 remote_as: '65103' - next_hop_self: true description: DC1-SVC3A + next_hop_self: true password: arwUnrq9ydqIhjfTwRhAlg== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 route_map_in: RM-MLAG-PEER-IN - name: UNDERLAY_PEERS type: ipv4 password: af6F4WLl4wUrWRZcwbEwkQ== - maximum_routes: 12000 send_community: all + maximum_routes: 12000 - name: EVPN-OVERLAY-PEERS type: evpn update_source: Loopback0 bfd: true + ebgp_multihop: 3 password: q+VNViP5i4rVjW1cxFv2wA== send_community: all maximum_routes: 0 - ebgp_multihop: 3 - address_family_ipv4: - peer_groups: - - name: MLAG_PEER - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: UNDERLAY_PEERS - activate: true - next_hop: - address_family_ipv6: - enabled: true - originate: true - - name: EVPN-OVERLAY-PEERS - activate: false + neighbors: + - ip_address: 192.168.255.1 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE1 + description: DC1-SPINE1_Loopback0 + - ip_address: 192.168.255.2 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE2 + description: DC1-SPINE2_Loopback0 + - ip_address: 192.168.255.3 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE3 + description: DC1-SPINE3_Loopback0 + - ip_address: 192.168.255.4 + peer_group: EVPN-OVERLAY-PEERS + remote_as: '65001' + peer: DC1-SPINE4 + description: DC1-SPINE4_Loopback0 neighbor_interfaces: - name: Vlan4093 - peer_group: MLAG_PEER - peer: DC1-SVC3A remote_as: '65103' + peer: DC1-SVC3A + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan4093 - name: Ethernet1 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE1 + peer_group: UNDERLAY_PEERS description: DC1-SPINE1_Ethernet5 - name: Ethernet2 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE2 + peer_group: UNDERLAY_PEERS description: DC1-SPINE2_Ethernet5 - name: Ethernet3 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE3 + peer_group: UNDERLAY_PEERS description: DC1-SPINE3_Ethernet5 - name: Ethernet4 - peer_group: UNDERLAY_PEERS remote_as: '65001' peer: DC1-SPINE4 + peer_group: UNDERLAY_PEERS description: DC1-SPINE4_Ethernet5 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP + vlan_aware_bundles: + - name: Tenant_A_APP_Zone + rd: 192.168.255.9:12 + route_targets: + both: + - '12:12' + redistribute_routes: + - learned + vlan: 130-131 + - name: Tenant_A_DB_Zone + rd: 192.168.255.9:13 + route_targets: + both: + - '13:13' + redistribute_routes: + - learned + vlan: 140-141 + - name: Tenant_A_OP_Zone + rd: 192.168.255.9:10 + route_targets: + both: + - '10:10' + redistribute_routes: + - learned + vlan: 110-111 + - name: Tenant_A_WAN_Zone + rd: 192.168.255.9:14 + route_targets: + both: + - '14:14' + redistribute_routes: + - learned + vlan: '150' + - name: Tenant_A_WEB_Zone + rd: 192.168.255.9:11 + route_targets: + both: + - '11:11' + redistribute_routes: + - learned + vlan: 120-121 + - name: Tenant_A_NFS + tenant: Tenant_A + rd: 192.168.255.9:10161 + route_targets: + both: + - 10161:10161 + redistribute_routes: + - learned + vlan: '161' + - name: Tenant_A_VMOTION + tenant: Tenant_A + rd: 192.168.255.9:10160 + route_targets: + both: + - 10160:10160 + redistribute_routes: + - learned + vlan: '160' + - name: Tenant_B_OP_Zone + rd: 192.168.255.9:20 + route_targets: + both: + - '20:20' + redistribute_routes: + - learned + vlan: 210-211 + - name: Tenant_B_WAN_Zone + rd: 192.168.255.9:21 + route_targets: + both: + - '21:21' + redistribute_routes: + - learned + vlan: '250' + - name: Tenant_C_OP_Zone + rd: 192.168.255.9:30 + route_targets: + both: + - '30:30' + redistribute_routes: + - learned + vlan: 310-311 + - name: Tenant_C_WAN_Zone + rd: 192.168.255.9:31 + route_targets: + both: + - '31:31' + redistribute_routes: + - learned + vlan: '350' address_family_evpn: peer_groups: - name: EVPN-OVERLAY-PEERS activate: true evpn_hostflap_detection: + enabled: true window: 20 threshold: 30 - enabled: true - neighbors: - - ip_address: 192.168.255.1 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE1 - description: DC1-SPINE1_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.2 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE2 - description: DC1-SPINE2_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.3 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE3 - description: DC1-SPINE3_Loopback0 - remote_as: '65001' - - ip_address: 192.168.255.4 - peer_group: EVPN-OVERLAY-PEERS - peer: DC1-SPINE4 - description: DC1-SPINE4_Loopback0 - remote_as: '65001' + address_family_ipv4: + peer_groups: + - name: MLAG_PEER + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: UNDERLAY_PEERS + activate: true + next_hop: + address_family_ipv6: + enabled: true + originate: true + - name: EVPN-OVERLAY-PEERS + activate: false vrfs: - name: Tenant_A_APP_Zone rd: 192.168.255.9:12 @@ -124,15 +599,15 @@ router_bgp: route_targets: - '12:12' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3011 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3011 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_DB_Zone rd: 192.168.255.9:13 route_targets: @@ -145,15 +620,15 @@ router_bgp: route_targets: - '13:13' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3012 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3012 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_OP_Zone rd: 192.168.255.9:10 route_targets: @@ -166,15 +641,15 @@ router_bgp: route_targets: - '10:10' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3009 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3009 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WAN_Zone rd: 192.168.255.9:14 route_targets: @@ -187,15 +662,15 @@ router_bgp: route_targets: - '14:14' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3013 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3013 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_A_WEB_Zone rd: 192.168.255.9:11 route_targets: @@ -208,15 +683,15 @@ router_bgp: route_targets: - '11:11' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3010 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3010 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_OP_Zone rd: 192.168.255.9:20 route_targets: @@ -229,15 +704,15 @@ router_bgp: route_targets: - '20:20' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3019 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3019 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_B_WAN_Zone rd: 192.168.255.9:21 route_targets: @@ -250,15 +725,15 @@ router_bgp: route_targets: - '21:21' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan3020 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan3020 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS - name: Tenant_C_OP_Zone rd: 192.168.255.9:30 route_targets: @@ -271,896 +746,426 @@ router_bgp: route_targets: - '30:30' router_id: 192.168.255.9 - redistribute: - connected: - enabled: true - route_map: RM-CONN-2-BGP-VRFS neighbor_interfaces: - name: Vlan2 - peer_group: MLAG_PEER remote_as: '65103' + peer_group: MLAG_PEER description: DC1-SVC3A_Vlan2 - - name: Tenant_C_WAN_Zone - rd: 192.168.255.9:31 - route_targets: - import: - - address_family: evpn - route_targets: - - '31:31' - export: - - address_family: evpn - route_targets: - - '31:31' - router_id: 192.168.255.9 redistribute: connected: enabled: true route_map: RM-CONN-2-BGP-VRFS - neighbor_interfaces: - - name: Vlan3030 - peer_group: MLAG_PEER - remote_as: '65103' - description: DC1-SVC3A_Vlan3030 - vlan_aware_bundles: - - name: Tenant_A_APP_Zone - rd: 192.168.255.9:12 - route_targets: - both: - - '12:12' - redistribute_routes: - - learned - vlan: 130-131 - - name: Tenant_A_DB_Zone - rd: 192.168.255.9:13 - route_targets: - both: - - '13:13' - redistribute_routes: - - learned - vlan: 140-141 - - name: Tenant_A_OP_Zone - rd: 192.168.255.9:10 - route_targets: - both: - - '10:10' - redistribute_routes: - - learned - vlan: 110-111 - - name: Tenant_A_WAN_Zone - rd: 192.168.255.9:14 - route_targets: - both: - - '14:14' - redistribute_routes: - - learned - vlan: '150' - - name: Tenant_A_WEB_Zone - rd: 192.168.255.9:11 - route_targets: - both: - - '11:11' - redistribute_routes: - - learned - vlan: 120-121 - - name: Tenant_A_NFS - tenant: Tenant_A - rd: 192.168.255.9:10161 - route_targets: - both: - - 10161:10161 - redistribute_routes: - - learned - vlan: '161' - - name: Tenant_A_VMOTION - tenant: Tenant_A - rd: 192.168.255.9:10160 - route_targets: - both: - - 10160:10160 - redistribute_routes: - - learned - vlan: '160' - - name: Tenant_B_OP_Zone - rd: 192.168.255.9:20 - route_targets: - both: - - '20:20' - redistribute_routes: - - learned - vlan: 210-211 - - name: Tenant_B_WAN_Zone - rd: 192.168.255.9:21 - route_targets: - both: - - '21:21' - redistribute_routes: - - learned - vlan: '250' - - name: Tenant_C_OP_Zone - rd: 192.168.255.9:30 - route_targets: - both: - - '30:30' - redistribute_routes: - - learned - vlan: 310-311 - name: Tenant_C_WAN_Zone rd: 192.168.255.9:31 - route_targets: - both: - - '31:31' - redistribute_routes: - - learned - vlan: '350' -static_routes: -- vrf: MGMT - destination_address_prefix: 0.0.0.0/0 - gateway: 192.168.200.5 -service_routing_protocols_model: multi-agent -ipv6_unicast_routing: true -ip_routing_ipv6_interfaces: true -daemon_terminattr: - cvaddrs: - - 192.168.200.11:9910 - cvauth: - method: key - key: telarista - cvvrf: MGMT - smashexcludes: ale,flexCounter,hardware,kni,pulse,strata - ingestexclude: /Sysdb/cell/1/agent,/Sysdb/cell/2/agent - disable_aaa: false -vlan_internal_order: - allocation: ascending - range: - beginning: 1006 - ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true -ip_name_servers: -- ip_address: 192.168.200.5 - vrf: MGMT -- ip_address: 8.8.8.8 - vrf: MGMT + route_targets: + import: + - address_family: evpn + route_targets: + - '31:31' + export: + - address_family: evpn + route_targets: + - '31:31' + router_id: 192.168.255.9 + neighbor_interfaces: + - name: Vlan3030 + remote_as: '65103' + peer_group: MLAG_PEER + description: DC1-SVC3A_Vlan3030 + redistribute: + connected: + enabled: true + route_map: RM-CONN-2-BGP-VRFS +service_routing_protocols_model: multi-agent spanning_tree: mode: mstp mst_instances: - id: '0' priority: 4096 no_spanning_tree_vlan: 4093-4094 -local_users: -- name: admin - privilege: 15 - role: network-admin - no_password: true -- name: cvpadmin - privilege: 15 - role: network-admin - sha512_password: $6$rZKcbIZ7iWGAWTUM$TCgDn1KcavS0s.OV8lacMTUkxTByfzcGlFlYUWroxYuU7M/9bIodhRO7nXGzMweUxvbk8mJmQl8Bh44cRktUj. -vrfs: -- name: MGMT - ip_routing: false -- name: Tenant_A_APP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_DB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_OP_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WAN_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_A_WEB_Zone - tenant: Tenant_A - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_OP_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_B_WAN_Zone - tenant: Tenant_B - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_OP_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -- name: Tenant_C_WAN_Zone - tenant: Tenant_C - ip_routing_ipv6_interfaces: true - ipv6_routing: true -management_interfaces: -- name: Management1 - description: OOB_MANAGEMENT - shutdown: false - vrf: MGMT - ip_address: 192.168.200.109/24 +static_routes: +- vrf: MGMT + destination_address_prefix: 0.0.0.0/0 gateway: 192.168.200.5 - type: oob tcam_profile: system: vxlan-routing -platform: - sand: - lag: - hardware_only: true -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ntp: - local_interface: - name: Management1 - vrf: MGMT - servers: - - name: 192.168.200.5 - vrf: MGMT - preferred: true -vlans: -- id: 4093 - tenant: system - name: MLAG_L3 - trunk_groups: - - MLAG -- id: 4094 - tenant: system - name: MLAG - trunk_groups: - - MLAG -- id: 130 - name: Tenant_A_APP_Zone_1 - tenant: Tenant_A -- id: 131 - name: Tenant_A_APP_Zone_2 - tenant: Tenant_A -- id: 3011 - name: MLAG_L3_VRF_Tenant_A_APP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 140 - name: Tenant_A_DB_BZone_1 - tenant: Tenant_A -- id: 141 - name: Tenant_A_DB_Zone_2 - tenant: Tenant_A -- id: 3012 - name: MLAG_L3_VRF_Tenant_A_DB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 110 - name: Tenant_A_OP_Zone_1 - tenant: Tenant_A -- id: 111 - name: Tenant_A_OP_Zone_2 - tenant: Tenant_A -- id: 3009 - name: MLAG_L3_VRF_Tenant_A_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 150 - name: Tenant_A_WAN_Zone_1 - tenant: Tenant_A -- id: 3013 - name: MLAG_L3_VRF_Tenant_A_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 120 - name: Tenant_A_WEB_Zone_1 - tenant: Tenant_A -- id: 121 - name: Tenant_A_WEBZone_2 - tenant: Tenant_A -- id: 3010 - name: MLAG_L3_VRF_Tenant_A_WEB_Zone - trunk_groups: - - MLAG - tenant: Tenant_A -- id: 160 - name: Tenant_A_VMOTION - tenant: Tenant_A -- id: 161 - name: Tenant_A_NFS - tenant: Tenant_A -- id: 210 - name: Tenant_B_OP_Zone_1 - tenant: Tenant_B -- id: 211 - name: Tenant_B_OP_Zone_2 - tenant: Tenant_B -- id: 3019 - name: MLAG_L3_VRF_Tenant_B_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 250 - name: Tenant_B_WAN_Zone_1 - tenant: Tenant_B -- id: 3020 - name: MLAG_L3_VRF_Tenant_B_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_B -- id: 310 - name: Tenant_C_OP_Zone_1 - tenant: Tenant_C -- id: 311 - name: Tenant_C_OP_Zone_2 - tenant: Tenant_C -- id: 2 - name: MLAG_L3_VRF_Tenant_C_OP_Zone - trunk_groups: - - MLAG - tenant: Tenant_C -- id: 350 - name: Tenant_C_WAN_Zone_1 - tenant: Tenant_C -- id: 3030 - name: MLAG_L3_VRF_Tenant_C_WAN_Zone - trunk_groups: - - MLAG - tenant: Tenant_C +transceiver_qsfp_default_mode_4x10: true +virtual_source_nat_vrfs: +- name: Tenant_A_OP_Zone + ip_address: 10.255.1.9 vlan_interfaces: - name: Vlan4093 description: MLAG_L3 shutdown: false - mtu: 1500 ipv6_enable: true + mtu: 1500 - name: Vlan4094 description: MLAG shutdown: false - no_autostate: true - mtu: 1500 - ip_address: 10.255.252.7/31 -- name: Vlan130 - tenant: Tenant_A - tags: - - app - - erp1 - description: Tenant_A_APP_Zone_1 - shutdown: false - ip_address_virtual: 10.1.30.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan131 - tenant: Tenant_A - tags: - - app - description: Tenant_A_APP_Zone_2 - shutdown: false - ip_address_virtual: 10.1.31.1/24 - vrf: Tenant_A_APP_Zone -- name: Vlan3011 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_APP_Zone - vrf: Tenant_A_APP_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan140 - tenant: Tenant_A - tags: - - db - - erp1 - description: Tenant_A_DB_BZone_1 - shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan141 - tenant: Tenant_A - tags: - - db - description: Tenant_A_DB_Zone_2 - shutdown: false - ip_address_virtual: 10.1.41.1/24 - vrf: Tenant_A_DB_Zone -- name: Vlan3012 - tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_DB_Zone - vrf: Tenant_A_DB_Zone + ip_address: 10.255.252.7/31 mtu: 1500 - ipv6_enable: true -- name: Vlan110 - tenant: Tenant_A - tags: - - opzone - description: Tenant_A_OP_Zone_1 + no_autostate: true +- name: Vlan130 + description: Tenant_A_APP_Zone_1 shutdown: false - ip_address_virtual: 10.1.10.1/24 - vrf: Tenant_A_OP_Zone -- name: Vlan111 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.30.1/24 tenant: Tenant_A tags: - - opzone - description: Tenant_A_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.1.11.1/24 - vrf: Tenant_A_OP_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: MGMT -- name: Vlan3009 - tenant: Tenant_A - type: underlay_peering + - app + - erp1 +- name: Vlan131 + description: Tenant_A_APP_Zone_2 shutdown: false - description: MLAG_L3_VRF_Tenant_A_OP_Zone - vrf: Tenant_A_OP_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan150 + vrf: Tenant_A_APP_Zone + ip_address_virtual: 10.1.31.1/24 tenant: Tenant_A tags: - - wan - description: Tenant_A_WAN_Zone_1 + - app +- name: Vlan3011 + description: MLAG_L3_VRF_Tenant_A_APP_Zone shutdown: false - ip_address_virtual: 10.1.40.1/24 - vrf: Tenant_A_WAN_Zone -- name: Vlan3013 + vrf: Tenant_A_APP_Zone + ipv6_enable: true + mtu: 1500 tenant: Tenant_A type: underlay_peering +- name: Vlan140 + description: Tenant_A_DB_BZone_1 shutdown: false - description: MLAG_L3_VRF_Tenant_A_WAN_Zone - vrf: Tenant_A_WAN_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan120 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.40.1/24 tenant: Tenant_A tags: - - web + - db - erp1 - description: Tenant_A_WEB_Zone_1 +- name: Vlan141 + description: Tenant_A_DB_Zone_2 shutdown: false - ip_address_virtual: 10.1.20.1/24 - vrf: Tenant_A_WEB_Zone - ip_helpers: - - ip_helper: 1.1.1.1 - source_interface: lo100 - vrf: TEST -- name: Vlan121 - tenant: Tenant_A - tags: - - web - description: Tenant_A_WEBZone_2 - shutdown: true - mtu: 1560 - ip_address_virtual: 10.1.10.254/24 - vrf: Tenant_A_WEB_Zone -- name: Vlan3010 + vrf: Tenant_A_DB_Zone + ip_address_virtual: 10.1.41.1/24 tenant: Tenant_A - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_A_WEB_Zone - vrf: Tenant_A_WEB_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan210 - tenant: Tenant_B - tags: - - opzone - description: Tenant_B_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.2.10.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan211 - tenant: Tenant_B tags: - - opzone - description: Tenant_B_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.2.11.1/24 - vrf: Tenant_B_OP_Zone -- name: Vlan3019 - tenant: Tenant_B - type: underlay_peering + - db +- name: Vlan3012 + description: MLAG_L3_VRF_Tenant_A_DB_Zone shutdown: false - description: MLAG_L3_VRF_Tenant_B_OP_Zone - vrf: Tenant_B_OP_Zone - mtu: 1500 + vrf: Tenant_A_DB_Zone ipv6_enable: true -- name: Vlan250 - tenant: Tenant_B - tags: - - wan - description: Tenant_B_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.2.50.1/24 - vrf: Tenant_B_WAN_Zone -- name: Vlan3020 - tenant: Tenant_B - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_B_WAN_Zone - vrf: Tenant_B_WAN_Zone mtu: 1500 - ipv6_enable: true -- name: Vlan310 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_1 - shutdown: false - ip_address_virtual: 10.3.10.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan311 - tenant: Tenant_C - tags: - - opzone - description: Tenant_C_OP_Zone_2 - shutdown: false - ip_address_virtual: 10.3.11.1/24 - vrf: Tenant_C_OP_Zone -- name: Vlan2 - tenant: Tenant_C + tenant: Tenant_A type: underlay_peering +- name: Vlan110 + description: Tenant_A_OP_Zone_1 shutdown: false - description: MLAG_L3_VRF_Tenant_C_OP_Zone - vrf: Tenant_C_OP_Zone - mtu: 1500 - ipv6_enable: true -- name: Vlan350 - tenant: Tenant_C + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.10.1/24 + tenant: Tenant_A tags: - - wan - description: Tenant_C_WAN_Zone_1 - shutdown: false - ip_address_virtual: 10.3.50.1/24 - vrf: Tenant_C_WAN_Zone -- name: Vlan3030 - tenant: Tenant_C - type: underlay_peering - shutdown: false - description: MLAG_L3_VRF_Tenant_C_WAN_Zone - vrf: Tenant_C_WAN_Zone - mtu: 1500 - ipv6_enable: true -port_channel_interfaces: -- name: Port-Channel5 - description: MLAG_DC1-SVC3A_Port-Channel5 - switchport: - enabled: true - mode: trunk - trunk: - groups: - - MLAG - shutdown: false -- name: Port-Channel7 - description: L2_DC1_L2LEAF2_Port-Channel1 - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 110-111,120-121,130-131,140-141,150,160-161,210-211,250,310-311,350 - shutdown: false - mlag: 7 -- name: Port-Channel14 - description: ALL_WITH_SECURITY_PORT_CHANNEL - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent - mlag: 14 -- name: Port-Channel15 - description: server08_no_profile_port_channel - shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent - mlag: 15 -ethernet_interfaces: -- name: Ethernet5 - peer: DC1-SVC3A - peer_interface: Ethernet5 - peer_type: mlag_peer - description: MLAG_DC1-SVC3A_Ethernet5 - shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet6 - peer: DC1-SVC3A - peer_interface: Ethernet6 - peer_type: mlag_peer - description: MLAG_DC1-SVC3A_Ethernet6 + - opzone +- name: Vlan111 + description: Tenant_A_OP_Zone_2 shutdown: false - channel_group: - id: 5 - mode: active -- name: Ethernet1 - peer: DC1-SPINE1 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE1_Ethernet5 + vrf: Tenant_A_OP_Zone + ip_address_virtual: 10.1.11.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: MGMT + tenant: Tenant_A + tags: + - opzone +- name: Vlan3009 + description: MLAG_L3_VRF_Tenant_A_OP_Zone shutdown: false - mtu: 1500 - switchport: - enabled: false + vrf: Tenant_A_OP_Zone ipv6_enable: true -- name: Ethernet2 - peer: DC1-SPINE2 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE2_Ethernet5 - shutdown: false mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet3 - peer: DC1-SPINE3 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE3_Ethernet5 + tenant: Tenant_A + type: underlay_peering +- name: Vlan150 + description: Tenant_A_WAN_Zone_1 shutdown: false - mtu: 1500 - switchport: - enabled: false - ipv6_enable: true -- name: Ethernet4 - peer: DC1-SPINE4 - peer_interface: Ethernet5 - peer_type: spine - description: P2P_DC1-SPINE4_Ethernet5 + vrf: Tenant_A_WAN_Zone + ip_address_virtual: 10.1.40.1/24 + tenant: Tenant_A + tags: + - wan +- name: Vlan3013 + description: MLAG_L3_VRF_Tenant_A_WAN_Zone shutdown: false - mtu: 1500 - switchport: - enabled: false + vrf: Tenant_A_WAN_Zone ipv6_enable: true -- name: Ethernet7 - peer: DC1-L2LEAF2A - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF2A_Ethernet2 + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan120 + description: Tenant_A_WEB_Zone_1 shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet8 - peer: DC1-L2LEAF2B - peer_interface: Ethernet2 - peer_type: l2leaf - description: L2_DC1-L2LEAF2B_Ethernet2 + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.20.1/24 + ip_helpers: + - ip_helper: 1.1.1.1 + source_interface: lo100 + vrf: TEST + tenant: Tenant_A + tags: + - web + - erp1 +- name: Vlan121 + description: Tenant_A_WEBZone_2 + shutdown: true + vrf: Tenant_A_WEB_Zone + ip_address_virtual: 10.1.10.254/24 + mtu: 1560 + tenant: Tenant_A + tags: + - web +- name: Vlan3010 + description: MLAG_L3_VRF_Tenant_A_WEB_Zone shutdown: false - channel_group: - id: 7 - mode: active -- name: Ethernet11 - peer: server04_inherit_all_from_profile - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: SERVER_server04_inherit_all_from_profile_Eth2 + vrf: Tenant_A_WEB_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_A + type: underlay_peering +- name: Vlan210 + description: Tenant_B_OP_Zone_1 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet12 - peer: server05_no_profile - peer_interface: Eth2 - peer_type: server - description: SERVER_server05_no_profile_Eth2 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.10.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan211 + description: Tenant_B_OP_Zone_2 shutdown: false - switchport: - enabled: true - mode: trunk - trunk: - allowed_vlan: 1-4094 - spanning_tree_portfast: edge - spanning_tree_bpdufilter: 'True' - spanning_tree_bpduguard: 'False' - storm_control: - all: - level: '10' - unit: percent - broadcast: - level: '100' - unit: pps - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet13 - peer: server06_override_profile - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY - description: SERVER_server06_override_profile_Eth2 + vrf: Tenant_B_OP_Zone + ip_address_virtual: 10.2.11.1/24 + tenant: Tenant_B + tags: + - opzone +- name: Vlan3019 + description: MLAG_L3_VRF_Tenant_B_OP_Zone shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -- name: Ethernet14 - peer: server07_inherit_all_from_profile_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: SERVER_server07_inherit_all_from_profile_port_channel_Eth2 + vrf: Tenant_B_OP_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan250 + description: Tenant_B_WAN_Zone_1 shutdown: false - channel_group: - id: 14 - mode: active -- name: Ethernet15 - peer: server08_no_profile_port_channel - peer_interface: Eth2 - peer_type: server - description: SERVER_server08_no_profile_port_channel_Eth2 + vrf: Tenant_B_WAN_Zone + ip_address_virtual: 10.2.50.1/24 + tenant: Tenant_B + tags: + - wan +- name: Vlan3020 + description: MLAG_L3_VRF_Tenant_B_WAN_Zone shutdown: false - channel_group: - id: 15 - mode: 'on' -- name: Ethernet16 - peer: server09_override_profile_no_port_channel - peer_interface: Eth2 - peer_type: server - port_profile: ALL_WITH_SECURITY_PORT_CHANNEL - description: SERVER_server09_override_profile_no_port_channel_Eth2 + vrf: Tenant_B_WAN_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_B + type: underlay_peering +- name: Vlan310 + description: Tenant_C_OP_Zone_1 + shutdown: false + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.10.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan311 + description: Tenant_C_OP_Zone_2 shutdown: false - switchport: - enabled: true - mode: access - access_vlan: 210 - spanning_tree_portfast: network - spanning_tree_bpdufilter: 'False' - spanning_tree_bpduguard: 'True' - storm_control: - all: - level: '20' - unit: pps - broadcast: - level: '200' - unit: percent - multicast: - level: '1' - unit: percent - unknown_unicast: - level: '2' - unit: percent -mlag_configuration: - domain_id: DC1_SVC3 - local_interface: Vlan4094 - peer_address: 10.255.252.6 - peer_link: Port-Channel5 - reload_delay_mlag: '900' - reload_delay_non_mlag: '1020' -route_maps: -- name: RM-MLAG-PEER-IN - sequence_numbers: - - sequence: 10 - type: permit - set: - - origin incomplete - description: Make routes learned over MLAG Peer-link less preferred on spines to ensure optimal routing -- name: RM-CONN-2-BGP - sequence_numbers: - - sequence: 10 - type: permit - match: - - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY -loopback_interfaces: -- name: Loopback0 - description: ROUTER_ID + vrf: Tenant_C_OP_Zone + ip_address_virtual: 10.3.11.1/24 + tenant: Tenant_C + tags: + - opzone +- name: Vlan2 + description: MLAG_L3_VRF_Tenant_C_OP_Zone shutdown: false - ip_address: 192.168.255.9/32 -- name: Loopback1 - description: VXLAN_TUNNEL_SOURCE + vrf: Tenant_C_OP_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +- name: Vlan350 + description: Tenant_C_WAN_Zone_1 shutdown: false - ip_address: 192.168.254.8/32 -- name: Loopback100 - description: DIAG_VRF_Tenant_A_OP_Zone + vrf: Tenant_C_WAN_Zone + ip_address_virtual: 10.3.50.1/24 + tenant: Tenant_C + tags: + - wan +- name: Vlan3030 + description: MLAG_L3_VRF_Tenant_C_WAN_Zone shutdown: false - vrf: Tenant_A_OP_Zone - ip_address: 10.255.1.9/32 -prefix_lists: -- name: PL-LOOPBACKS-EVPN-OVERLAY - sequence_numbers: - - sequence: 10 - action: permit 192.168.255.0/24 eq 32 - - sequence: 20 - action: permit 192.168.254.0/24 eq 32 -router_bfd: - multihop: - interval: 1200 - min_rx: 1200 - multiplier: 3 -ip_igmp_snooping: - globally_enabled: true - vlans: - - id: 120 - enabled: false -ip_virtual_router_mac_address: 00:dc:00:00:00:0a + vrf: Tenant_C_WAN_Zone + ipv6_enable: true + mtu: 1500 + tenant: Tenant_C + type: underlay_peering +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vlans: +- id: 4093 + name: MLAG_L3 + trunk_groups: + - MLAG + tenant: system +- id: 4094 + name: MLAG + trunk_groups: + - MLAG + tenant: system +- id: 130 + name: Tenant_A_APP_Zone_1 + tenant: Tenant_A +- id: 131 + name: Tenant_A_APP_Zone_2 + tenant: Tenant_A +- id: 3011 + name: MLAG_L3_VRF_Tenant_A_APP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 140 + name: Tenant_A_DB_BZone_1 + tenant: Tenant_A +- id: 141 + name: Tenant_A_DB_Zone_2 + tenant: Tenant_A +- id: 3012 + name: MLAG_L3_VRF_Tenant_A_DB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 110 + name: Tenant_A_OP_Zone_1 + tenant: Tenant_A +- id: 111 + name: Tenant_A_OP_Zone_2 + tenant: Tenant_A +- id: 3009 + name: MLAG_L3_VRF_Tenant_A_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 150 + name: Tenant_A_WAN_Zone_1 + tenant: Tenant_A +- id: 3013 + name: MLAG_L3_VRF_Tenant_A_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 120 + name: Tenant_A_WEB_Zone_1 + tenant: Tenant_A +- id: 121 + name: Tenant_A_WEBZone_2 + tenant: Tenant_A +- id: 3010 + name: MLAG_L3_VRF_Tenant_A_WEB_Zone + trunk_groups: + - MLAG + tenant: Tenant_A +- id: 160 + name: Tenant_A_VMOTION + tenant: Tenant_A +- id: 161 + name: Tenant_A_NFS + tenant: Tenant_A +- id: 210 + name: Tenant_B_OP_Zone_1 + tenant: Tenant_B +- id: 211 + name: Tenant_B_OP_Zone_2 + tenant: Tenant_B +- id: 3019 + name: MLAG_L3_VRF_Tenant_B_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 250 + name: Tenant_B_WAN_Zone_1 + tenant: Tenant_B +- id: 3020 + name: MLAG_L3_VRF_Tenant_B_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_B +- id: 310 + name: Tenant_C_OP_Zone_1 + tenant: Tenant_C +- id: 311 + name: Tenant_C_OP_Zone_2 + tenant: Tenant_C +- id: 2 + name: MLAG_L3_VRF_Tenant_C_OP_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +- id: 350 + name: Tenant_C_WAN_Zone_1 + tenant: Tenant_C +- id: 3030 + name: MLAG_L3_VRF_Tenant_C_WAN_Zone + trunk_groups: + - MLAG + tenant: Tenant_C +vrfs: +- name: MGMT + ip_routing: false +- name: Tenant_A_APP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_DB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WAN_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_A_WEB_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_A +- name: Tenant_B_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_B_WAN_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_B +- name: Tenant_C_OP_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C +- name: Tenant_C_WAN_Zone + ipv6_routing: true + ip_routing_ipv6_interfaces: true + tenant: Tenant_C vxlan_interface: vxlan1: description: DC1-SVC3B_VTEP vxlan: - udp_port: 4789 source_interface: Loopback1 + udp_port: 4789 virtual_router_encapsulation_mac_address: mlag-system-id vlans: - id: 130 @@ -1216,8 +1221,3 @@ vxlan_interface: vni: 30 - name: Tenant_C_WAN_Zone vni: 31 -virtual_source_nat_vrfs: -- name: Tenant_A_OP_Zone - ip_address: 10.255.1.9 -metadata: - platform: 7280R diff --git a/ansible_collections/arista/avd/plugins/action/eos_designs_structured_config.py b/ansible_collections/arista/avd/plugins/action/eos_designs_structured_config.py index b7e1f230775..53f77ea076b 100644 --- a/ansible_collections/arista/avd/plugins/action/eos_designs_structured_config.py +++ b/ansible_collections/arista/avd/plugins/action/eos_designs_structured_config.py @@ -86,21 +86,11 @@ def run(self, tmp: Any = None, task_vars: dict | None = None) -> dict: plugin_name="arista.avd.eos_designs", ) - # Load schema tools for output schema - output_schema_tools = AvdSchemaTools( - hostname=hostname, - ansible_display=display, - schema_id="eos_cli_config_gen", - validation_mode=validation_mode, - plugin_name="arista.avd.eos_cli_config_gen", - ) - # Get Structured Config from modules in PyAVD using internal api so we can supply our own templar try: output = get_structured_config( vars=dict(task_vars), input_schema_tools=input_schema_tools, - output_schema_tools=output_schema_tools, result=result, templar=self.templar, ) @@ -118,24 +108,36 @@ def run(self, tmp: Any = None, task_vars: dict | None = None) -> dict: template_vars = ChainMap(output, task_vars) # eos_designs_custom_templates can contain a list of jinja templates to run after PyAVD - for template_item in eos_designs_custom_templates: - template_options = template_item.get("options", {}) - list_merge = template_options.get("list_merge", "append_rp") - strip_empty_keys = template_options.get("strip_empty_keys", True) - template = template_item["template"] + if eos_designs_custom_templates: + # Load schema tools for output schema + output_schema_tools = AvdSchemaTools( + hostname=hostname, + ansible_display=display, + schema_id="eos_cli_config_gen", + validation_mode=validation_mode, + plugin_name="arista.avd.eos_cli_config_gen", + ) + + for template_item in eos_designs_custom_templates: + template_options = template_item.get("options", {}) + list_merge = template_options.get("list_merge", "append_rp") + strip_empty_keys = template_options.get("strip_empty_keys", True) + template = template_item["template"] + + # Here we parse the template, expecting the result to be a YAML formatted string + template_result = templater(template, template_vars, self.templar) - # Here we parse the template, expecting the result to be a YAML formatted string - template_result = templater(template, template_vars, self.templar) + # Load data from the template result. + template_result_data = yaml.safe_load(template_result) - # Load data from the template result. - template_result_data = yaml.safe_load(template_result) + # If the argument 'strip_empty_keys' is set, remove keys with value of null / None from the resulting dict (recursively). + if strip_empty_keys: + template_result_data = strip_null_from_data(template_result_data) - # If the argument 'strip_empty_keys' is set, remove keys with value of null / None from the resulting dict (recursively). - if strip_empty_keys: - template_result_data = strip_null_from_data(template_result_data) + if not template_result_data: + continue - # If there is any data produced by the template, convert and merge it on top of previous output. - if template_result_data: + # If there is any data produced by the template, convert and merge it on top of previous output. # Some templates return a list of dicts, others only return a dict. Here we normalize to list. if not isinstance(template_result_data, list): template_result_data = [template_result_data] diff --git a/ansible_collections/arista/avd/tests/integration/targets/filter_hide_passwords/tasks/main.yml b/ansible_collections/arista/avd/tests/integration/targets/filter_hide_passwords/tasks/main.yml index ccdd2e4c395..3b62e111f94 100644 --- a/ansible_collections/arista/avd/tests/integration/targets/filter_hide_passwords/tasks/main.yml +++ b/ansible_collections/arista/avd/tests/integration/targets/filter_hide_passwords/tasks/main.yml @@ -2,5 +2,5 @@ - name: Test hide_passwords filter ansible.builtin.assert: that: - - "{{ 'dummy' | arista.avd.hide_passwords(false) == 'dummy' }}" - - "{{ 'dummy' | arista.avd.hide_passwords(true) == '' }}" + - "'dummy' | arista.avd.hide_passwords(false) == 'dummy'" + - "'dummy' | arista.avd.hide_passwords(true) == ''" diff --git a/ansible_collections/arista/avd/tests/integration/targets/filter_password/tasks/main.yml b/ansible_collections/arista/avd/tests/integration/targets/filter_password/tasks/main.yml index 6f2220cecee..bbcdb05a971 100644 --- a/ansible_collections/arista/avd/tests/integration/targets/filter_password/tasks/main.yml +++ b/ansible_collections/arista/avd/tests/integration/targets/filter_password/tasks/main.yml @@ -2,30 +2,30 @@ - name: Test Encrypt & Decrypt for BGP passwords ansible.builtin.assert: that: - - "{{ bgp.clear_password | arista.avd.encrypt(passwd_type='bgp', key=bgp.neighbor_ip) == bgp.neighbor_encrypted_password }}" - - "{{ bgp.clear_password | arista.avd.encrypt(passwd_type='bgp', key=bgp.peer_group) == bgp.peer_group_encrypted_password }}" - - "{{ bgp.non_string_clear_password | arista.avd.encrypt(passwd_type='bgp', key=bgp.peer_group) == bgp.expected_non_string_pg_encrypted_password }}" - - "{{ bgp.neighbor_encrypted_password | arista.avd.decrypt(passwd_type='bgp', key=bgp.neighbor_ip) == bgp.clear_password }}" - - "{{ bgp.peer_group_encrypted_password | arista.avd.decrypt(passwd_type='bgp', key=bgp.peer_group) == bgp.clear_password }}" + - bgp.clear_password | arista.avd.encrypt(passwd_type='bgp', key=bgp.neighbor_ip) == bgp.neighbor_encrypted_password + - bgp.clear_password | arista.avd.encrypt(passwd_type='bgp', key=bgp.peer_group) == bgp.peer_group_encrypted_password + - bgp.non_string_clear_password | arista.avd.encrypt(passwd_type='bgp', key=bgp.peer_group) == bgp.expected_non_string_pg_encrypted_password + - bgp.neighbor_encrypted_password | arista.avd.decrypt(passwd_type='bgp', key=bgp.neighbor_ip) == bgp.clear_password + - bgp.peer_group_encrypted_password | arista.avd.decrypt(passwd_type='bgp', key=bgp.peer_group) == bgp.clear_password - name: Test Encrypt & Decrypt for OSPF passwords ansible.builtin.assert: that: - >- - {{ ospf.clear_password | arista.avd.encrypt(passwd_type='ospf_simple', key=ospf.interface_name) - == ospf.expected_ospf_simple_auth_encrypted_password }} + ospf.clear_password | arista.avd.encrypt(passwd_type='ospf_simple', key=ospf.interface_name) + == ospf.expected_ospf_simple_auth_encrypted_password - >- - {{ ospf.clear_password | arista.avd.encrypt(passwd_type='ospf_message_digest', key=ospf.interface_name, - hash_algorithm=ospf.hash_algorithm, key_id=ospf.key_id) == ospf.expected_ospf_message_digest_encrypted_password }} + ospf.clear_password | arista.avd.encrypt(passwd_type='ospf_message_digest', key=ospf.interface_name, + hash_algorithm=ospf.hash_algorithm, key_id=ospf.key_id) == ospf.expected_ospf_message_digest_encrypted_password - >- - {{ ospf.expected_ospf_simple_auth_encrypted_password | arista.avd.decrypt(passwd_type='ospf_simple', key=ospf.interface_name) - == ospf.clear_password }} + ospf.expected_ospf_simple_auth_encrypted_password | arista.avd.decrypt(passwd_type='ospf_simple', key=ospf.interface_name) + == ospf.clear_password - >- - {{ ospf.expected_ospf_message_digest_encrypted_password | arista.avd.decrypt(passwd_type='ospf_message_digest', - key=ospf.interface_name, hash_algorithm=ospf.hash_algorithm, key_id=ospf.key_id) == ospf.clear_password }} + ospf.expected_ospf_message_digest_encrypted_password | arista.avd.decrypt(passwd_type='ospf_message_digest', + key=ospf.interface_name, hash_algorithm=ospf.hash_algorithm, key_id=ospf.key_id) == ospf.clear_password - name: Test Encrypt & Decrypt for ISIS passwords ansible.builtin.assert: that: - - "{{ isis.clear_password | arista.avd.encrypt(passwd_type='isis', key=isis.instance_name, mode=isis.mode) == isis.expected_encrypted_password }}" - - "{{ isis.expected_encrypted_password | arista.avd.decrypt(passwd_type='isis', key=isis.instance_name, mode=isis.mode) == isis.clear_password }}" + - isis.clear_password | arista.avd.encrypt(passwd_type='isis', key=isis.instance_name, mode=isis.mode) == isis.expected_encrypted_password + - isis.expected_encrypted_password | arista.avd.decrypt(passwd_type='isis', key=isis.instance_name, mode=isis.mode) == isis.clear_password diff --git a/ansible_collections/arista/avd/tests/integration/targets/vars_global_vars/playbook.yml b/ansible_collections/arista/avd/tests/integration/targets/vars_global_vars/playbook.yml index e93e335f92b..a2966748044 100644 --- a/ansible_collections/arista/avd/tests/integration/targets/vars_global_vars/playbook.yml +++ b/ansible_collections/arista/avd/tests/integration/targets/vars_global_vars/playbook.yml @@ -5,11 +5,11 @@ - name: Verify Global Variables ansible.builtin.assert: that: - - "{{ not_overwritten == 'GLOBAL_VALUE' }}" - - "{{ overwritten_by_zz_global_vars_01 == 'ZZ_GLOBAL_VALUE_01' }}" - - "{{ overwritten_by_zz_global_vars_02 == 'ZZ_GLOBAL_VALUE_02' }}" - - "{{ not_overwritten_by_zz_global_vars_03 == 'GLOBAL_VALUE' }}" - - "{{ overwritten_by_group_all == 'ALL_VALUE' }}" + - not_overwritten == 'GLOBAL_VALUE' + - overwritten_by_zz_global_vars_01 == 'ZZ_GLOBAL_VALUE_01' + - overwritten_by_zz_global_vars_02 == 'ZZ_GLOBAL_VALUE_02' + - not_overwritten_by_zz_global_vars_03 == 'GLOBAL_VALUE' + - overwritten_by_group_all == 'ALL_VALUE' - name: Testing leaf1 hosts: leaf1 @@ -17,10 +17,10 @@ - name: Verify Global Variables ansible.builtin.assert: that: - - "{{ not_overwritten == 'GLOBAL_VALUE' }}" - - "{{ overwritten_by_group_all == 'ALL_VALUE' }}" - - "{{ overwritten_by_group_leafs == 'LEAFS_VALUE' }}" - - "{{ overwritten_by_host_vars == 'HOST_VALUE' }}" + - not_overwritten == 'GLOBAL_VALUE' + - overwritten_by_group_all == 'ALL_VALUE' + - overwritten_by_group_leafs == 'LEAFS_VALUE' + - overwritten_by_host_vars == 'HOST_VALUE' - name: Testing spine1 hosts: spine1 @@ -28,7 +28,7 @@ - name: Verify Global Variables ansible.builtin.assert: that: - - "{{ not_overwritten == 'GLOBAL_VALUE' }}" - - "{{ overwritten_by_group_all == 'ALL_VALUE' }}" - - "{{ overwritten_by_group_spines == 'SPINES_VALUE' }}" - - "{{ overwritten_by_host_vars == 'HOST_VALUE' }}" + - not_overwritten == 'GLOBAL_VALUE' + - overwritten_by_group_all == 'ALL_VALUE' + - overwritten_by_group_spines == 'SPINES_VALUE' + - overwritten_by_host_vars == 'HOST_VALUE' diff --git a/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.json b/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.json index 9e84050112b..f655039c517 100644 --- a/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.json +++ b/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.json @@ -1 +1 @@ -{"hostname": "testhost", "is_deployed": true, "service_routing_protocols_model": "multi-agent", "vlan_internal_order": {"allocation": "ascending", "range": {"beginning": 1006, "ending": 1199}}, "aaa_root": {"disabled": true}, "config_end": true, "enable_password": {"disabled": true}, "transceiver_qsfp_default_mode_4x10": true, "vrfs": [{"name": "MGMT", "ip_routing": false}], "management_api_http": {"enable_vrfs": [{"name": "MGMT"}], "enable_https": true}, "ip_igmp_snooping": {"globally_enabled": true}} \ No newline at end of file +{"aaa_root": {"disabled": true}, "config_end": true, "enable_password": {"disabled": true}, "hostname": "testhost", "ip_igmp_snooping": {"globally_enabled": true}, "is_deployed": true, "management_api_http": {"enable_https": true, "enable_vrfs": [{"name": "MGMT"}]}, "service_routing_protocols_model": "multi-agent", "transceiver_qsfp_default_mode_4x10": true, "vlan_internal_order": {"allocation": "ascending", "range": {"beginning": 1006, "ending": 1199}}, "vrfs": [{"name": "MGMT", "ip_routing": false}]} \ No newline at end of file diff --git a/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.yml b/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.yml index 321c5208f17..b1f12e28aa3 100644 --- a/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.yml +++ b/ansible_collections/arista/avd/tests/inventory/eos_designs_structured_config/expected_output/eos_designs_structured_config_test_with_dest.yml @@ -1,23 +1,23 @@ +aaa_root: + disabled: true +config_end: true +enable_password: + disabled: true hostname: testhost +ip_igmp_snooping: + globally_enabled: true is_deployed: true +management_api_http: + enable_https: true + enable_vrfs: + - name: MGMT service_routing_protocols_model: multi-agent +transceiver_qsfp_default_mode_4x10: true vlan_internal_order: allocation: ascending range: beginning: 1006 ending: 1199 -aaa_root: - disabled: true -config_end: true -enable_password: - disabled: true -transceiver_qsfp_default_mode_4x10: true vrfs: - name: MGMT ip_routing: false -management_api_http: - enable_vrfs: - - name: MGMT - enable_https: true -ip_igmp_snooping: - globally_enabled: true diff --git a/development/compare.py b/development/compare.py index df1c7edaccc..b78faf700c6 100755 --- a/development/compare.py +++ b/development/compare.py @@ -9,6 +9,8 @@ from itertools import groupby from pathlib import Path +import yaml + @dataclass(frozen=True, eq=True) class ConfigLine: @@ -30,8 +32,8 @@ def parse_config(config: str, config_source: str) -> set[ConfigLine]: parent = last_config_line else: # We may be jumping out multiple levels at once - parent = last_config_line.parent.parent - while indentation <= getattr(parent, "indentation", -1): + parent = last_config_line.parent.parent if last_config_line.parent is not None else last_config_line.parent + while parent is not None and indentation <= getattr(parent, "indentation", -1): parent = parent.parent new_config_line = ConfigLine( @@ -80,6 +82,11 @@ def main() -> None: old = Path(args.old_file).read_text() new = Path(args.new_file).read_text() + if args.old_file.endswith(("yml", "yaml")): + old = yaml.dump(yaml.load(old, Loader=yaml.CSafeLoader), Dumper=yaml.CDumper, sort_keys=True, indent=2) + if args.new_file.endswith(("yml", "yaml")): + new = yaml.dump(yaml.load(new, Loader=yaml.CSafeLoader), Dumper=yaml.CDumper, sort_keys=True, indent=2) + # Build set of diffs diffs = parse_config(old, "old").symmetric_difference(parse_config(new, "new")) @@ -101,16 +108,16 @@ def main() -> None: # Remove the one without +/- - [0] is the boolean signalling this is a diff lines = [line for line in lines if line[0]] - is_diff, config_line = lines[0] - if not is_diff: - # Print line for parent - print(f" {line_number:5} {config_line.config}") # noqa: T201 - elif config_line.config_source == "old": - # Print line for removal - print(f"-{line_number:5} {config_line.config}") # noqa: T201 - else: - # Print line for addition - print(f"+{line_number:5} {config_line.config}") # noqa: T201 + for is_diff, config_line in lines: + if not is_diff: + # Print line for parent + print(f" {line_number:5} {config_line.config}") # noqa: T201 + elif config_line.config_source == "old": + # Print line for removal + print(f"-{line_number:5} {config_line.config}") # noqa: T201 + else: + # Print line for addition + print(f"+{line_number:5} {config_line.config}") # noqa: T201 if __name__ == "__main__": diff --git a/pylintrc b/pylintrc index 1ea56f6060d..4311d898d0e 100644 --- a/pylintrc +++ b/pylintrc @@ -7,6 +7,7 @@ ignore-paths= # The schema/__init__.py are generated, so they should not be linted. python-avd/pyavd/_eos_cli_config_gen/schema/__init__.py, python-avd/pyavd/_eos_designs/schema/__init__.py, + python-avd/tests/pyavd/schema/data_merging_schema_class.py, [MESSAGES CONTROL] disable= diff --git a/pyproject.toml b/pyproject.toml index f638f8ad74b..29543118e9f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,6 +12,7 @@ skip_glob = [ line-length = 160 extend-exclude = [ "python-avd/pyavd/_cv/api/**/*", + "python-avd/tests/pyavd/schema/data_merging_schema_class.py", "ansible_collections/arista/avd/tests/**/*", ] target-version = "py310" diff --git a/python-avd/pyavd/_eos_designs/structured_config/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/__init__.py index a305d68c84b..7f02b3819dd 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/__init__.py @@ -3,12 +3,11 @@ # that can be found in the LICENSE file. from __future__ import annotations -from collections import ChainMap from typing import TYPE_CHECKING +from pyavd._eos_cli_config_gen.schema import EosCliConfigGen from pyavd._eos_designs.schema import EosDesigns from pyavd._eos_designs.shared_utils import SharedUtils -from pyavd._utils import get, merge from .base import AvdStructuredConfigBase from .connected_endpoints import AvdStructuredConfigConnectedEndpoints @@ -20,13 +19,15 @@ from .mlag import AvdStructuredConfigMlag from .network_services import AvdStructuredConfigNetworkServices from .overlay import AvdStructuredConfigOverlay +from .structured_config_generator import StructCfgs from .underlay import AvdStructuredConfigUnderlay if TYPE_CHECKING: - from pyavd._eos_designs.avdfacts import AvdFacts from pyavd.avd_schema_tools import AvdSchemaTools -AVD_STRUCTURED_CONFIG_CLASSES = [ + from .structured_config_generator import StructuredConfigGenerator + +AVD_STRUCTURED_CONFIG_CLASSES: list[type[StructuredConfigGenerator]] = [ AvdStructuredConfigBase, AvdStructuredConfigMlag, AvdStructuredConfigUnderlay, @@ -41,7 +42,8 @@ # Metadata must be after anything else that can generate structured config, since CV tags can consume from structured config. AvdStructuredConfigMetadata, # The Custom Structured Configuration module must be rendered last, - # since it parses all supported object looking for `struct_cfg`. + # since it strips empties from all previously generated structured config and then + # applies the custom structured config snips gathered by the other generators. AvdStructuredConfigCustomStructuredConfiguration, ] """ @@ -53,7 +55,6 @@ def get_structured_config( vars: dict, # noqa: A002 input_schema_tools: AvdSchemaTools, - output_schema_tools: AvdSchemaTools, result: dict, templar: object | None = None, *, @@ -67,8 +68,6 @@ def get_structured_config( The variable for the device input_schema_tools: An AvdSchemaTools object used to validate the input variables if enabled. - output_schema_tools: - An AvdSchemaTools object used to validate the structured_config. result: Dictionary to store results. templar: @@ -86,36 +85,27 @@ def get_structured_config( # Input data validation failed so return empty dict. Calling function should check result.get("failed"). return {} - structured_config = {} - module_vars = ChainMap(structured_config, vars) - # Load input vars into the EosDesigns data class. inputs = EosDesigns._from_dict(vars) # Initialize SharedUtils class to be passed to each python_module below. - shared_utils = SharedUtils(hostvars=module_vars, inputs=inputs, templar=templar, schema=input_schema_tools.avdschema) - - for cls in AVD_STRUCTURED_CONFIG_CLASSES: - eos_designs_module: AvdFacts = cls(hostvars=module_vars, inputs=inputs, shared_utils=shared_utils) - results = eos_designs_module.render() + shared_utils = SharedUtils(hostvars=vars, inputs=inputs, templar=templar, schema=input_schema_tools.avdschema) - # Modules can return a dict or a list of dicts - if not isinstance(results, list): - results = [results] + # Single structured config instance which will be in-place updated by each structured config generator. + structured_config = EosCliConfigGen() - # All lists will be merged with "append" except for custom structured configuration where - # the default list merge is "append_rp" and can be overridden. - # TODO: Each dict entry can contain a list_merge key, which will be picked up by the merge function for all underlying lists. - if issubclass(cls, AvdStructuredConfigCustomStructuredConfiguration): - list_merge = get(module_vars, "custom_structured_configuration_list_merge", default="append_rp") + # Placeholder for custom structured configs added by the structured config generators. + # Will be applied last by AvdStructuredConfigCustomStructuredConfiguration. + # "root" holds full device structured configs given under node-config or under VRFs. They will be applied at the root level of the final structured config. + # "nested" is one instance of structured config merged onto during parsing of various models supporting a "structured_config" option. + # We need these variants because the order of application is important (root first, then nested). + # + custom_structured_configs = StructCfgs.new_from_ansible_list_merge_strategy(inputs.custom_structured_configuration_list_merge) - # Only for structured config run conversion on the data in since we still have some structured config inputs without full schema validation. - for res in results: - output_schema_tools.convert_data(res) - - else: - list_merge = "append" - - merge(structured_config, *results, list_merge=list_merge, schema=output_schema_tools.avdschema) + for cls in AVD_STRUCTURED_CONFIG_CLASSES: + eos_designs_module = cls( + hostvars=vars, inputs=inputs, shared_utils=shared_utils, structured_config=structured_config, custom_structured_configs=custom_structured_configs + ) + eos_designs_module.render() - return structured_config + return structured_config._as_dict() diff --git a/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py index 296cb9787d3..d0de8d7d0b3 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/base/__init__.py @@ -6,7 +6,7 @@ from functools import cached_property from typing import TYPE_CHECKING -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from pyavd._errors import AristaAvdInvalidInputsError, AristaAvdMissingVariableError from pyavd._utils import default, get, strip_empties_from_dict, strip_null_from_data from pyavd.j2filters import natural_sort @@ -19,7 +19,7 @@ from pyavd._eos_designs.schema import EosDesigns -class AvdStructuredConfigBase(AvdFacts, NtpMixin, SnmpServerMixin, RouterGeneralMixin): +class AvdStructuredConfigBase(StructuredConfigGenerator, NtpMixin, SnmpServerMixin, RouterGeneralMixin): """ The AvdStructuredConfig Class is imported by "get_structured_config" to render parts of the structured config. @@ -27,7 +27,7 @@ class AvdStructuredConfigBase(AvdFacts, NtpMixin, SnmpServerMixin, RouterGeneral .render() runs all class methods not starting with _ and of type @cached property and inserts the returned data into a dict with the name of the method as key. This means that each key in the final dict corresponds to a method. - The Class uses AvdFacts, as the base class, to inherit the _hostvars, keys and other attributes. + The Class uses StructuredConfigGenerator, as the base class, to inherit the _hostvars, keys and other attributes. Other methods are included as "Mixins" to make the files more manageable. The order of the @cached_properties methods imported from Mixins will also control the order in the output. @@ -778,8 +778,6 @@ def route_maps(self) -> list | None: return route_maps or None @cached_property - def struct_cfgs(self) -> list | None: + def struct_cfgs(self) -> None: if self.shared_utils.platform_settings.structured_config: - return [self.shared_utils.platform_settings.structured_config._as_dict()] - - return None + self.custom_structured_configs.root.append(self.shared_utils.platform_settings.structured_config) diff --git a/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/__init__.py index ddd32b18af1..c7bfce7c02f 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/__init__.py @@ -1,7 +1,7 @@ # Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from .ethernet_interfaces import EthernetInterfacesMixin from .monitor_sessions import MonitorSessionsMixin @@ -9,7 +9,7 @@ class AvdStructuredConfigConnectedEndpoints( - AvdFacts, + StructuredConfigGenerator, EthernetInterfacesMixin, PortChannelInterfacesMixin, MonitorSessionsMixin, @@ -21,14 +21,15 @@ class AvdStructuredConfigConnectedEndpoints( .render() runs all class methods not starting with _ and of type @cached property and inserts the returned data into a dict with the name of the method as key. This means that each key in the final dict corresponds to a method. - The Class uses AvdFacts, as the base class, to inherit the _hostvars, keys and other attributes. + The Class uses StructuredConfigGenerator, as the base class, to inherit the _hostvars, keys and other attributes. All other methods are included as "Mixins" to make the files more manageable. The order of the @cached_properties methods imported from Mixins will also control the order in the output. """ - def render(self) -> dict: + def render(self) -> None: """Wrap class render function with a check if connected_endpoints feature is enabled.""" if self.shared_utils.connected_endpoints: return super().render() - return {} + + return None diff --git a/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/ethernet_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/ethernet_interfaces.py index c8161251a87..96e53dae0cf 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/ethernet_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/ethernet_interfaces.py @@ -182,9 +182,13 @@ def _get_ethernet_interface_cfg( "dot1x": adapter.dot1x._as_dict() or None, "poe": self._get_adapter_poe(adapter), "eos_cli": adapter.raw_eos_cli, - "struct_cfg": adapter.structured_config._as_dict(), } + if adapter.structured_config: + self.custom_structured_configs.nested.ethernet_interfaces.obtain(adapter.switch_ports[node_index])._deepmerge( + adapter.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + # Port-channel member if adapter.port_channel.mode: ethernet_interface["channel_group"] = {"id": channel_group_id, "mode": adapter.port_channel.mode} diff --git a/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/port_channel_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/port_channel_interfaces.py index 3a8160e2a97..799469933c4 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/port_channel_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/connected_endpoints/port_channel_interfaces.py @@ -158,8 +158,11 @@ def _get_port_channel_interface_cfg( "validate_state": None if (adapter.validate_state if adapter.validate_state is not None else True) else False, "validate_lldp": None if (adapter.validate_lldp if adapter.validate_lldp is not None else True) else False, "eos_cli": adapter.port_channel.raw_eos_cli, - "struct_cfg": adapter.port_channel.structured_config._as_dict() or None, } + if adapter.port_channel.structured_config: + self.custom_structured_configs.nested.port_channel_interfaces.obtain(port_channel_interface_name)._deepmerge( + adapter.port_channel.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) if adapter.port_channel.subinterfaces: port_channel_interface.update({"switchport": {"enabled": False}}) diff --git a/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/__init__.py index c8eced81158..b046e835439 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/__init__.py @@ -5,7 +5,7 @@ from typing import TYPE_CHECKING -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from .ethernet_interfaces import EthernetInterfacesMixin from .port_channel_interfaces import PortChannelInterfacesMixin @@ -19,7 +19,7 @@ class AvdStructuredConfigCoreInterfacesAndL3Edge( - AvdFacts, + StructuredConfigGenerator, EthernetInterfacesMixin, PortChannelInterfacesMixin, RouterBgpMixin, @@ -32,7 +32,7 @@ class AvdStructuredConfigCoreInterfacesAndL3Edge( .render() runs all class methods not starting with _ and of type @cached property and inserts the returned data into a dict with the name of the method as key. This means that each key in the final dict corresponds to a method. - The Class uses AvdFacts, as the base class, to inherit the _hostvars, keys and other attributes. + The Class uses StructuredConfigGenerator, as the base class, to inherit the _hostvars, keys and other attributes. All other methods are included as "Mixins" to make the files more manageable. The order of the @cached_properties methods imported from Mixins will also control the order in the output. diff --git a/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/utils.py b/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/utils.py index 4daf1196b12..3ba76b4b2f2 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/utils.py +++ b/python-avd/pyavd/_eos_designs/structured_config/core_interfaces_and_l3_edge/utils.py @@ -9,6 +9,7 @@ from itertools import islice from typing import TYPE_CHECKING, TypeVar +from pyavd._eos_cli_config_gen.schema import EosCliConfigGen from pyavd._eos_designs.schema import EosDesigns from pyavd._errors import AristaAvdInvalidInputsError, AristaAvdMissingVariableError from pyavd._utils import default @@ -205,9 +206,22 @@ def _get_common_interface_cfg(self: AvdStructuredConfigCoreInterfacesAndL3Edge, "mtu": p2p_link._get("mtu", self.shared_utils.p2p_uplinks_mtu) if self.shared_utils.platform_settings.feature_support.per_interface_mtu else None, "service_profile": p2p_link._get("qos_profile", self.inputs.p2p_uplinks_qos_profile), "eos_cli": p2p_link.raw_eos_cli, - "struct_cfg": p2p_link.structured_config or None, } + if p2p_link.structured_config: + if str(interface_name := p2p_link_data["interface"]).lower().startswith("p"): + # Port-channel + self.custom_structured_configs.nested.port_channel_interfaces.obtain(interface_name)._deepmerge( + EosCliConfigGen.PortChannelInterfacesItem._from_dict(p2p_link.structured_config), + list_merge=self.custom_structured_configs.list_merge_strategy, + ) + else: + # Ethernet + self.custom_structured_configs.nested.ethernet_interfaces.obtain(interface_name)._deepmerge( + EosCliConfigGen.EthernetInterfacesItem._from_dict(p2p_link.structured_config), + list_merge=self.custom_structured_configs.list_merge_strategy, + ) + if p2p_link.ip: interface_cfg["ip_address"] = p2p_link.ip[index] diff --git a/python-avd/pyavd/_eos_designs/structured_config/custom_structured_configuration/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/custom_structured_configuration/__init__.py index 7965dd82000..c60bda950c2 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/custom_structured_configuration/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/custom_structured_configuration/__init__.py @@ -3,135 +3,47 @@ # that can be found in the LICENSE file. from __future__ import annotations -from functools import cached_property - -from pyavd._eos_designs.avdfacts import AvdFacts -from pyavd._utils import get +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator CUSTOM_STRUCTURED_CONFIGURATION_EXEMPT_KEYS = ["custom_structured_configuration_prefix", "custom_structured_configuration_list_merge"] -class AvdStructuredConfigCustomStructuredConfiguration(AvdFacts): +class AvdStructuredConfigCustomStructuredConfiguration(StructuredConfigGenerator): """ The AvdStructuredConfig Class is imported by "get_structured_config" to render parts of the structured config. "get_structured_config" imports, instantiates and run the .render() method on the class. - The Class uses AvdFacts, as the base class, to inherit _hostvars other attributes. + The Class uses StructuredConfigGenerator, as the base class, to inherit _hostvars other attributes. """ - @cached_property - def _router_bgp(self) -> dict | None: - return get(self._hostvars, "router_bgp") - - def _extract_and_apply_struct_cfg_from_list_of_dicts(self, list_of_dicts: list, primary_key: str) -> list: - if not list_of_dicts: - return [] - - struct_cfgs = [] - for item in list_of_dicts: - if "struct_cfg" not in item: - continue - - struct_cfg = item.pop("struct_cfg") - struct_cfgs.append({primary_key: item[primary_key], **struct_cfg}) - - return struct_cfgs - - def _struct_cfg(self) -> list: - if struct_cfg := self.shared_utils.node_config.structured_config._as_dict(): - return [struct_cfg] - - return [] - - def _struct_cfgs(self) -> list: - if (struct_cfgs := self._hostvars.pop("struct_cfgs", None)) is not None: - return struct_cfgs - - return [] - - def _ethernet_interfaces(self) -> list: - if (struct_cfgs := self._extract_and_apply_struct_cfg_from_list_of_dicts(self._hostvars.get("ethernet_interfaces"), "name")) == []: - return [] - - return [{"ethernet_interfaces": struct_cfgs}] - - def _port_channel_interfaces(self) -> list: - if (struct_cfgs := self._extract_and_apply_struct_cfg_from_list_of_dicts(self._hostvars.get("port_channel_interfaces"), "name")) == []: - return [] - - return [{"port_channel_interfaces": struct_cfgs}] - - def _vlan_interfaces(self) -> list: - if (struct_cfgs := self._extract_and_apply_struct_cfg_from_list_of_dicts(self._hostvars.get("vlan_interfaces"), "name")) == []: - return [] - - return [{"vlan_interfaces": struct_cfgs}] - - def _router_bgp_peer_groups(self) -> list: - if self._router_bgp is None: - return [] - - if (struct_cfgs := self._extract_and_apply_struct_cfg_from_list_of_dicts(self._router_bgp.get("peer_groups"), "name")) == []: - return [] + def render(self) -> None: + """ + Custom Structured Configuration can contain any key, so we cannot use the regular render method. - return [ - { - "router_bgp": { - "peer_groups": struct_cfgs, - }, - }, - ] + This method merges each custom structured config on top of self.structured_config. - def _router_bgp_vrfs(self) -> list: - if self._router_bgp is None: - return [] + First strip all (None, {}, []) from regular structured_config. This is to avoid empty objects showing up in the output dict. + Next we merge in custom structured config from various sources including None, {}, []. + """ + # Strip empties from regular structured config + self.structured_config._strip_empties() - if (struct_cfgs := self._extract_and_apply_struct_cfg_from_list_of_dicts(self._router_bgp.get("vrfs"), "name")) == []: - return [] + # Apply structured_config from node config + if struct_cfg := self.shared_utils.node_config.structured_config: + self.structured_config._deepmerge(struct_cfg, list_merge=self.custom_structured_configs.list_merge_strategy) - return [ - { - "router_bgp": { - "vrfs": struct_cfgs, - }, - }, + # Apply structured configs from root. + [ + self.structured_config._deepmerge(struct_cfg, list_merge=self.custom_structured_configs.list_merge_strategy) + for struct_cfg in self.custom_structured_configs.root ] - def _router_bgp_vlans(self) -> list: - if self._router_bgp is None: - return [] + # Apply structured configs from "nested" meaning structured config for smaller objects like ethernet_interfaces, peer-groups etc. + self.structured_config._deepmerge(self.custom_structured_configs.nested, list_merge=self.custom_structured_configs.list_merge_strategy) - if (struct_cfgs := self._extract_and_apply_struct_cfg_from_list_of_dicts(self._router_bgp.get("vlans"), "id")) == []: - return [] - - return [ - { - "router_bgp": { - "vlans": struct_cfgs, - }, - }, + # Apply custom_structured_configuration + [ + self.structured_config._deepmerge(custom_structured_configuration.value, list_merge=self.custom_structured_configs.list_merge_strategy) + for custom_structured_configuration in self.inputs._custom_structured_configurations ] - - def _custom_structured_configurations(self) -> list[dict]: - return [custom_structured_configuration.value._as_dict() for custom_structured_configuration in self.inputs._custom_structured_configurations] - - def render(self) -> list[dict]: - """ - Custom Structured Configuration can contain any key, so we cannot use the regular render method. - - This method returns a list of dicts with structured_configuration. - - get_structured_config will merge this list into a single dict. - """ - struct_cfgs = self._struct_cfg() - struct_cfgs.extend(self._struct_cfgs()) - struct_cfgs.extend(self._ethernet_interfaces()) - struct_cfgs.extend(self._port_channel_interfaces()) - struct_cfgs.extend(self._vlan_interfaces()) - struct_cfgs.extend(self._router_bgp_peer_groups()) - struct_cfgs.extend(self._router_bgp_vrfs()) - struct_cfgs.extend(self._router_bgp_vlans()) - struct_cfgs.extend(self._custom_structured_configurations()) - - return struct_cfgs diff --git a/python-avd/pyavd/_eos_designs/structured_config/flows/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/flows/__init__.py index 94e6661e710..823c6bbd30c 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/flows/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/flows/__init__.py @@ -4,15 +4,16 @@ from __future__ import annotations from functools import cached_property +from itertools import chain -from pyavd._eos_designs.avdfacts import AvdFacts from pyavd._eos_designs.schema import EosDesigns +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from pyavd._errors import AristaAvdInvalidInputsError -from pyavd._utils import get, strip_null_from_data +from pyavd._utils import strip_null_from_data from pyavd.j2filters import natural_sort -class AvdStructuredConfigFlows(AvdFacts): +class AvdStructuredConfigFlows(StructuredConfigGenerator): """ Structured config for sflow and flow_tracker. @@ -119,11 +120,7 @@ def _enable_sflow(self) -> bool: This relies on sFlow being rendered after all other eos_designs modules (except structured config). """ - for interface in get(self._hostvars, "ethernet_interfaces", default=[]): - if get(interface, "sflow.enable") is True: - return True - - return any(get(interface, "sflow.enable") is True for interface in get(self._hostvars, "port_channel_interfaces", default=[])) + return any(interface.sflow.enable for interface in chain(self.structured_config.ethernet_interfaces, self.structured_config.port_channel_interfaces)) def resolve_flow_tracker_by_type(self, tracker_settings: EosDesigns.FlowTrackingSettings.TrackersItem) -> dict: tracker = { @@ -157,7 +154,7 @@ def flow_tracking(self) -> dict | None: flow_tracking[tracker_type]["sample"] = global_settings.sample filtered_trackers = [] - for tracker_name in configured_trackers: + for tracker_name in natural_sort(configured_trackers): """ We allow overriding the default flow tracker name, so if user has configured a tracker with the default tracker name, then we just use that, if not, we create a default config @@ -179,21 +176,16 @@ def flow_tracking(self) -> dict | None: return flow_tracking - def _get_enabled_flow_trackers(self) -> dict: + def _get_enabled_flow_trackers(self) -> set: """ Enable flow-tracking if any interface is enabled for flow-tracking. This relies on flow-tracking being rendered after all other eos_designs modules (except structured config). """ - trackers = { - "sampled": {}, - "hardware": {}, - } - - for interface_type in ["ethernet_interfaces", "port_channel_interfaces", "dps_interfaces"]: - for interface in get(self._hostvars, interface_type, default=[]): - if tracker := get(interface, "flow_tracker"): - for tracker_type, tracker_name in tracker.items(): - trackers[tracker_type][tracker_name] = True + all_interfaces = chain( + self.structured_config.ethernet_interfaces, self.structured_config.port_channel_interfaces, self.structured_config.dps_interfaces + ) + if self.shared_utils.flow_tracking_type == "hardware": + return {interface.flow_tracker.hardware for interface in all_interfaces if interface.flow_tracker.hardware} - return trackers[self.shared_utils.flow_tracking_type] + return {interface.flow_tracker.sampled for interface in all_interfaces if interface.flow_tracker.sampled} diff --git a/python-avd/pyavd/_eos_designs/structured_config/inband_management/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/inband_management/__init__.py index f85160442c3..b5502939e92 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/inband_management/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/inband_management/__init__.py @@ -6,12 +6,12 @@ from functools import cached_property from ipaddress import ip_network -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from pyavd._errors import AristaAvdInvalidInputsError from pyavd._utils import strip_empties_from_dict -class AvdStructuredConfigInbandManagement(AvdFacts): +class AvdStructuredConfigInbandManagement(StructuredConfigGenerator): @cached_property def vlans(self) -> list | None: if not self.shared_utils.inband_management_parent_vlans and not ( diff --git a/python-avd/pyavd/_eos_designs/structured_config/metadata/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/metadata/__init__.py index f0c41aa03c0..0c442e51692 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/metadata/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/metadata/__init__.py @@ -5,14 +5,14 @@ from functools import cached_property -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from pyavd._utils import strip_empties_from_dict from .cv_pathfinder import CvPathfinderMixin from .cv_tags import CvTagsMixin -class AvdStructuredConfigMetadata(AvdFacts, CvTagsMixin, CvPathfinderMixin): +class AvdStructuredConfigMetadata(StructuredConfigGenerator, CvTagsMixin, CvPathfinderMixin): """ This returns the metadata data structure as per the below example. diff --git a/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_pathfinder.py b/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_pathfinder.py index 0689e268c78..53321535d34 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_pathfinder.py +++ b/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_pathfinder.py @@ -6,7 +6,7 @@ from typing import TYPE_CHECKING from pyavd._errors import AristaAvdError, AristaAvdInvalidInputsError -from pyavd._utils import get, get_all, get_item, strip_empties_from_list +from pyavd._utils import default, strip_empties_from_list if TYPE_CHECKING: from . import AvdStructuredConfigMetadata @@ -135,67 +135,73 @@ def _metadata_pathfinder_vtep_ips(self: AvdStructuredConfigMetadata) -> list: def _metadata_vrfs(self: AvdStructuredConfigMetadata) -> list: """Extracting metadata for VRFs by parsing the generated structured config and flatten it a bit (like hiding load-balance policies).""" - if (avt_vrfs := get(self._hostvars, "router_adaptive_virtual_topology.vrfs")) is None: + if not (avt_vrfs := self.structured_config.router_adaptive_virtual_topology.vrfs): return [] - if (load_balance_policies := get(self._hostvars, "router_path_selection.load_balance_policies")) is None: + if not (load_balance_policies := self.structured_config.router_path_selection.load_balance_policies): return [] - avt_policies = get(self._hostvars, "router_adaptive_virtual_topology.policies", required=True) + avt_policies = self.structured_config.router_adaptive_virtual_topology.policies if self.shared_utils.is_wan_server: # On pathfinders, verify that the Load Balance policies have at least one priority one except for the HA path-group for lb_policy in load_balance_policies: if not any( - path_group.get("priority", 1) == 1 - for path_group in lb_policy["path_groups"] - if path_group["name"] != self.inputs.wan_ha.lan_ha_path_group_name + default(path_group.priority, 1) == 1 for path_group in lb_policy.path_groups if path_group.name != self.inputs.wan_ha.lan_ha_path_group_name ): msg = ( "At least one path-group must be configured with preference '1' or 'preferred' for " - f"load-balance policy {lb_policy['name']}' to use CloudVision integration. " + f"load-balance policy {lb_policy.name}' to use CloudVision integration. " "If this is an auto-generated policy, ensure that at least one default_preference " "for a non excluded path-group is set to 'preferred' (or unset as this is the default)." ) raise AristaAvdError(msg) - return strip_empties_from_list( - [ - { - "name": vrf["name"], - "vni": self._get_vni_for_vrf_name(vrf["name"]), - "avts": [ - { - "constraints": { - "jitter": lb_policy.get("jitter"), - "latency": lb_policy.get("latency"), - "lossrate": float(lb_policy["loss_rate"]) if "loss_rate" in lb_policy else None, - "hop_count": "lowest" if lb_policy.get("lowest_hop_count") else None, - }, - "description": "", # TODO: Not sure we have this field anywhere - "id": profile["id"], - "name": profile["name"], - "pathgroups": [ - { - "name": pathgroup["name"], - "preference": "alternate" if pathgroup.get("priority", 1) > 1 else "preferred", - } - for pathgroup in lb_policy["path_groups"] - ], - "application_profiles": [ - profile - for profile in get_all(get_item(avt_policy["matches"], "avt_profile", profile["name"], default={}), "application_profile") - if profile != "default" - ], - } - for profile in vrf["profiles"] - for lb_policy in [get_item(load_balance_policies, "name", self.shared_utils.generate_lb_policy_name(profile["name"]), required=True)] - ], - } - for vrf in avt_vrfs - for avt_policy in [get_item(avt_policies, "name", vrf["policy"], required=True)] - ], - ) + metadata_vrfs = [] + for vrf in avt_vrfs: + if not vrf.policy: + continue + + avt_policy = avt_policies[vrf.policy] + metadata_vrf = { + "name": vrf.name, + "vni": self._get_vni_for_vrf_name(vrf.name), + "avts": [], + } + for profile in vrf.profiles: + if not profile.name: + continue + lb_policy = load_balance_policies[self.shared_utils.generate_lb_policy_name(profile.name)] + application_profiles = [ + match.application_profile + for match in avt_policy.matches + if match.avt_profile == profile.name and match.application_profile and match.application_profile != "default" + ] + metadata_vrf["avts"].append( + { + "constraints": { + "jitter": lb_policy.jitter, + "latency": lb_policy.latency, + "lossrate": float(lb_policy.loss_rate) if lb_policy.loss_rate is not None else None, + "hop_count": "lowest" if lb_policy.lowest_hop_count else None, + }, + "description": "", # TODO: Not sure we have this field anywhere + "id": profile.id, + "name": profile.name, + "pathgroups": [ + { + "name": pathgroup.name, + "preference": "alternate" if default(pathgroup.priority, 1) > 1 else "preferred", + } + for pathgroup in lb_policy.path_groups + ], + "application_profiles": application_profiles, + } + ) + + metadata_vrfs.append(metadata_vrf) + + return strip_empties_from_list(metadata_vrfs) def _get_vni_for_vrf_name(self: AvdStructuredConfigMetadata, vrf_name: str) -> int: if vrf_name not in self.inputs.wan_virtual_topologies.vrfs or (wan_vni := self.inputs.wan_virtual_topologies.vrfs[vrf_name].wan_vni) is None: diff --git a/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py b/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py index 14c2e9741a3..1af1129ecb2 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py +++ b/python-avd/pyavd/_eos_designs/structured_config/metadata/cv_tags.py @@ -6,9 +6,12 @@ from typing import TYPE_CHECKING, Any from pyavd._errors import AristaAvdError -from pyavd._utils import default, get, strip_empties_from_dict, strip_empties_from_list +from pyavd._schema.models.avd_base import AvdBase +from pyavd._utils import default, get_v2, strip_empties_from_dict, strip_empties_from_list if TYPE_CHECKING: + from pyavd._eos_cli_config_gen.schema import EosCliConfigGen + from . import AvdStructuredConfigMetadata INVALID_CUSTOM_DEVICE_TAGS = [ @@ -131,11 +134,11 @@ def _get_device_tags(self: AvdStructuredConfigMetadata) -> list: if generate_tag.value is not None: value = generate_tag.value elif generate_tag.data_path is not None: - value = get(self._hostvars, generate_tag.data_path) - if type(value) in [list, dict]: + value = get_v2(self.structured_config, generate_tag.data_path) + if isinstance(type(value), AvdBase): msg = ( f"'generate_cv_tags.device_tags[name={generate_tag.name}].data_path' ({generate_tag.data_path}) " - f"points to a variable of type {type(value).__name__}. This is not supported for cloudvision tag data_paths." + f"points to a list or dict. This is not supported for cloudvision tag data_paths." ) raise AristaAvdError(msg) else: @@ -154,14 +157,14 @@ def _get_interface_tags(self: AvdStructuredConfigMetadata) -> list: return [] interface_tags = [] - for ethernet_interface in get(self._hostvars, "ethernet_interfaces", default=[]): + for ethernet_interface in self.structured_config.ethernet_interfaces: tags = [] for generate_tag in tags_to_generate: # Get value from either 'value' key, structured config based on the 'data_path' key or raise. if generate_tag.value is not None: value = generate_tag.value elif generate_tag.data_path is not None: - value = get(ethernet_interface, generate_tag.data_path) + value = get_v2(ethernet_interface, generate_tag.data_path) if type(value) in [list, dict]: msg = ( f"'generate_cv_tags.interface_tags[name={generate_tag.name}].data_path' ({generate_tag.data_path}) " @@ -180,11 +183,11 @@ def _get_interface_tags(self: AvdStructuredConfigMetadata) -> list: tags.extend(self._get_cv_pathfinder_interface_tags(ethernet_interface)) if tags: - interface_tags.append({"interface": ethernet_interface["name"], "tags": tags}) + interface_tags.append({"interface": ethernet_interface.name, "tags": tags}) return interface_tags - def _get_cv_pathfinder_interface_tags(self: AvdStructuredConfigMetadata, ethernet_interface: dict) -> list: + def _get_cv_pathfinder_interface_tags(self: AvdStructuredConfigMetadata, ethernet_interface: EosCliConfigGen.EthernetInterfacesItem) -> list: """ Return list of device_tags for cv_pathfinder solution. @@ -194,8 +197,8 @@ def _get_cv_pathfinder_interface_tags(self: AvdStructuredConfigMetadata, etherne {"name": "Circuit", } ]. """ - if ethernet_interface["name"] in self.shared_utils.wan_interfaces: - wan_interface = self.shared_utils.wan_interfaces[ethernet_interface["name"]] + if ethernet_interface.name in self.shared_utils.wan_interfaces: + wan_interface = self.shared_utils.wan_interfaces[ethernet_interface.name] return strip_empties_from_list( [ self._tag_dict("Type", "wan"), diff --git a/python-avd/pyavd/_eos_designs/structured_config/mlag/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/mlag/__init__.py index ec50862acff..96ab2c1532d 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/mlag/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/mlag/__init__.py @@ -5,18 +5,18 @@ from functools import cached_property -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from pyavd._utils import AvdStringFormatter, default, strip_empties_from_dict from pyavd.api.interface_descriptions import InterfaceDescriptionData from pyavd.j2filters import list_compress -class AvdStructuredConfigMlag(AvdFacts): - def render(self) -> dict: +class AvdStructuredConfigMlag(StructuredConfigGenerator): + def render(self) -> None: """Wrap class render function with a check for mlag is True.""" if self.shared_utils.mlag is True: return super().render() - return {} + return None @cached_property def spanning_tree(self) -> dict: @@ -70,10 +70,14 @@ def vlan_interfaces(self) -> list | None: ), "shutdown": False, "no_autostate": True, - "struct_cfg": self.shared_utils.node_config.mlag_peer_vlan_structured_config._as_dict() or None, "mtu": self.shared_utils.p2p_uplinks_mtu, } + if self.shared_utils.node_config.mlag_peer_vlan_structured_config: + self.custom_structured_configs.nested.vlan_interfaces.obtain(main_vlan_interface_name)._deepmerge( + self.shared_utils.node_config.mlag_peer_vlan_structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.shared_utils.node_config.mlag_peer_address_family == "ipv6": main_vlan_interface["ipv6_address"] = f"{self.shared_utils.mlag_ip}/{self.inputs.fabric_ip_addressing.mlag.ipv6_prefix_length}" else: @@ -82,7 +86,7 @@ def vlan_interfaces(self) -> list | None: return [strip_empties_from_dict(main_vlan_interface)] # Create L3 data which will go on either a dedicated l3 vlan or the main mlag vlan - l3_cfg = {"struct_cfg": self.shared_utils.node_config.mlag_peer_l3_vlan_structured_config._as_dict() or None} + l3_cfg = {} if self.shared_utils.underlay_routing_protocol == "ospf": l3_cfg.update( { @@ -119,9 +123,11 @@ def vlan_interfaces(self) -> list | None: # Add L3 config if the main interface is also used for L3 peering if self.shared_utils.mlag_peer_l3_vlan is None: main_vlan_interface.update(l3_cfg) - # Applying structured config again in the case it is set on both l3vlan and main vlan - if self.shared_utils.node_config.mlag_peer_vlan_structured_config is not None: - main_vlan_interface["struct_cfg"] = self.shared_utils.node_config.mlag_peer_vlan_structured_config._as_dict() + # Applying structured config from l3_vlan only when not set on the main vlan + if self.shared_utils.node_config.mlag_peer_l3_vlan_structured_config and not self.shared_utils.node_config.mlag_peer_vlan_structured_config: + self.custom_structured_configs.nested.vlan_interfaces.obtain(main_vlan_interface_name)._deepmerge( + self.shared_utils.node_config.mlag_peer_l3_vlan_structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) return [strip_empties_from_dict(main_vlan_interface)] @@ -140,6 +146,11 @@ def vlan_interfaces(self) -> list | None: l3_vlan_interface.update(l3_cfg) + if self.shared_utils.node_config.mlag_peer_l3_vlan_structured_config: + self.custom_structured_configs.nested.vlan_interfaces.obtain(l3_vlan_interface_name)._deepmerge( + self.shared_utils.node_config.mlag_peer_l3_vlan_structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + return [ strip_empties_from_dict(l3_vlan_interface), strip_empties_from_dict(main_vlan_interface), @@ -169,10 +180,14 @@ def port_channel_interfaces(self) -> list: }, "shutdown": False, "service_profile": self.inputs.p2p_uplinks_qos_profile, - "struct_cfg": self.shared_utils.node_config.mlag_port_channel_structured_config._as_dict() or None, "flow_tracker": self.shared_utils.get_flow_tracker(self.inputs.fabric_flow_tracking.mlag_interfaces), } + if self.shared_utils.node_config.mlag_port_channel_structured_config: + self.custom_structured_configs.nested.port_channel_interfaces.obtain(port_channel_interface_name)._deepmerge( + self.shared_utils.node_config.mlag_port_channel_structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.shared_utils.mlag_l3 is True and self.inputs.trunk_groups.mlag_l3.name != self.inputs.trunk_groups.mlag.name: # Add mlag_l3 trunk group even if we reuse the MLAG trunk group for underlay peering # since this trunk group is also used for overlay iBGP peerings @@ -350,8 +365,13 @@ def _router_bgp_mlag_peer_group(self) -> dict: "bfd": self.inputs.bgp_peer_groups.ipv4_underlay_peers.bfd or None, "maximum_routes": 12000, "send_community": "all", - "struct_cfg": self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.structured_config._as_dict() or None, } + + if self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.structured_config: + self.custom_structured_configs.nested.router_bgp.peer_groups.obtain(peer_group_name)._deepmerge( + self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.shared_utils.node_config.mlag_ibgp_origin_incomplete: peer_group["route_map_in"] = "RM-MLAG-PEER-IN" diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/__init__.py index cf3e33e879f..72d2501e7fc 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/__init__.py @@ -1,7 +1,7 @@ # Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from .application_traffic_recognition import ApplicationTrafficRecognitionMixin from .dps_interfaces import DpsInterfacesMixin @@ -42,7 +42,7 @@ class AvdStructuredConfigNetworkServices( - AvdFacts, + StructuredConfigGenerator, ApplicationTrafficRecognitionMixin, SpanningTreeMixin, PatchPanelMixin, @@ -87,13 +87,13 @@ class AvdStructuredConfigNetworkServices( .render() runs all class methods not starting with _ and of type @cached property and inserts the returned data into a dict with the name of the method as key. This means that each key in the final dict corresponds to a method. - The Class uses AvdFacts, as the base class, to inherit the _hostvars, keys and other attributes. + The Class uses StructuredConfigGenerator, as the base class, to inherit the _hostvars, keys and other attributes. All other methods are included as "Mixins" to make the files more manageable. The order of the @cached_properties methods imported from Mixins will also control the order in the output. """ - def render(self) -> dict: + def render(self) -> None: """ Wrap class render function with a check if one of the following vars are True. @@ -103,4 +103,4 @@ def render(self) -> dict: """ if self.shared_utils.any_network_services: return super().render() - return {} + return None diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/eos_cli.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/eos_cli.py index 32b0fca8f04..6b1844f2c9a 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/eos_cli.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/eos_cli.py @@ -6,8 +6,6 @@ from functools import cached_property from typing import TYPE_CHECKING -from pyavd._utils import get - from .utils import UtilsMixin if TYPE_CHECKING: @@ -28,7 +26,7 @@ def eos_cli(self: AvdStructuredConfigNetworkServices) -> str | None: return None eos_clis = [] - if (eos_cli := get(self._hostvars, "eos_cli")) is not None: + if (eos_cli := self.structured_config.eos_cli) is not None: eos_clis.append(eos_cli) eos_clis.extend(vrf.raw_eos_cli for tenant in self.shared_utils.filtered_tenants for vrf in tenant.vrfs if vrf.raw_eos_cli is not None) diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/ethernet_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/ethernet_interfaces.py index 6fffe42a324..e549469086b 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/ethernet_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/ethernet_interfaces.py @@ -70,10 +70,14 @@ def ethernet_interfaces(self: AvdStructuredConfigNetworkServices) -> list | None "shutdown": not l3_interface.enabled, "description": interface_description, "eos_cli": l3_interface.raw_eos_cli, - "struct_cfg": l3_interface.structured_config._as_dict() or None, "flow_tracker": self.shared_utils.get_flow_tracker(l3_interface.flow_tracking), } + if l3_interface.structured_config: + self.custom_structured_configs.nested.ethernet_interfaces.obtain(interface_name)._deepmerge( + l3_interface.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.inputs.fabric_sflow.l3_interfaces is not None: interface["sflow"] = {"enable": self.inputs.fabric_sflow.l3_interfaces} diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/router_bgp.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/router_bgp.py index 907d2eac546..f4ab8efb4a2 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/router_bgp.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/router_bgp.py @@ -153,10 +153,14 @@ def _router_bgp_vrfs(self: AvdStructuredConfigNetworkServices) -> dict: bgp_vrf = strip_empties_from_dict( { "eos_cli": vrf.bgp.raw_eos_cli, - "struct_cfg": vrf.bgp.structured_config._as_dict() or None, } ) + if vrf.bgp.structured_config: + self.custom_structured_configs.nested.router_bgp.vrfs.obtain(vrf_name)._deepmerge( + vrf.bgp.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if vrf_address_families := [af for af in vrf.address_families if af in self.shared_utils.overlay_address_families]: # The called function in-place updates the bgp_vrf dict. self._update_router_bgp_vrf_evpn_or_mpls_cfg(bgp_vrf, vrf, vrf_address_families) @@ -442,8 +446,6 @@ def _router_bgp_vlans(self: AvdStructuredConfigNetworkServices, tenant_svis_l2vl for vrf in tenant.vrfs: for svi in tenant_svis_l2vlans_dict[tenant.name]["svi_non_bundle"][vrf.name]: if (vlan := self._router_bgp_vlans_vlan(svi, tenant, vrf)) is not None: - vlan_id = svi.id - vlan = {"id": vlan_id, **vlan} append_if_not_duplicate( list_of_dicts=vlans, primary_key="id", @@ -461,8 +463,6 @@ def _router_bgp_vlans(self: AvdStructuredConfigNetworkServices, tenant_svis_l2vl l2vlan, tenant, vrf=EosDesigns._DynamicKeys.DynamicNetworkServicesItem.NetworkServicesItem.VrfsItem() ) ) is not None: - vlan_id = l2vlan.id - vlan = {"id": vlan_id, **vlan} append_if_not_duplicate( list_of_dicts=vlans, primary_key="id", @@ -488,13 +488,19 @@ def _router_bgp_vlans_vlan( vlan_rt = self.get_vlan_rt(vlan, tenant) bgp_vlan = { - "tenant": vlan._tenant, + "id": vlan.id, + "tenant": tenant.name, "rd": vlan_rd, "route_targets": {"both": [vlan_rt]}, "redistribute_routes": ["learned"], "eos_cli": vlan.bgp.raw_eos_cli, - "struct_cfg": vlan.bgp.structured_config._as_dict() or None, } + + if vlan.bgp.structured_config: + self.custom_structured_configs.nested.router_bgp.vlans.obtain(vlan.id)._deepmerge( + vlan.bgp.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.shared_utils.node_config.evpn_gateway.evpn_l2.enabled and default( vlan.evpn_l2_multi_domain, vrf.evpn_l2_multi_domain, tenant.evpn_l2_multi_domain ): @@ -630,7 +636,8 @@ def _router_bgp_vlan_aware_bundles(self: AvdStructuredConfigNetworkServices, ten # Skip bundle since no vlans were enabled for vxlan. continue - # We are reusing the regular bgp vlan function so need to add vlan info + # We are reusing the regular bgp vlan function so need to add vlan info and remove the vlan id. + bundle.pop("id") bundle["vlan"] = list_compress([l2vlan.id for l2vlan in l2vlans]) bundle = {"name": bundle_name, **bundle} append_if_not_duplicate( @@ -816,9 +823,13 @@ def _router_bgp_mlag_peer_group(self: AvdStructuredConfigNetworkServices) -> dic "password": self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.password, "maximum_routes": 12000, "send_community": "all", - "struct_cfg": self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.structured_config._as_dict() or None, } + if self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.structured_config: + self.custom_structured_configs.nested.router_bgp.peer_groups.obtain(peer_group_name)._deepmerge( + self.inputs.bgp_peer_groups.mlag_ipv4_underlay_peer.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.shared_utils.node_config.mlag_ibgp_origin_incomplete: peer_group["route_map_in"] = "RM-MLAG-PEER-IN" diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/struct_cfgs.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/struct_cfgs.py index 48f2ccc8054..8df0d71fe0c 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/struct_cfgs.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/struct_cfgs.py @@ -6,8 +6,6 @@ from functools import cached_property from typing import TYPE_CHECKING -from pyavd._utils import append_if_not_duplicate - from .utils import UtilsMixin if TYPE_CHECKING: @@ -22,26 +20,12 @@ class StructCfgsMixin(UtilsMixin): """ @cached_property - def struct_cfgs(self: AvdStructuredConfigNetworkServices) -> list | None: + def struct_cfgs(self: AvdStructuredConfigNetworkServices) -> None: """Return the combined structured config from VRFs.""" if not self.shared_utils.network_services_l3: return None - vrf_struct_cfgs = [] for tenant in self.shared_utils.filtered_tenants: - for vrf in tenant.vrfs: - if vrf.structured_config: - # Inserting VRF into structured_config to perform duplication checks - vrf_struct_cfg = {"vrf": vrf.name, "struct_cfg": vrf.structured_config._as_dict()} - append_if_not_duplicate( - list_of_dicts=vrf_struct_cfgs, - primary_key="vrf", - new_dict=vrf_struct_cfg, - context="Structured Config for VRF '{vrf['name']}'", - context_keys=["vrf"], - ) - - if vrf_struct_cfgs: - return [vrf_struct_cfg["struct_cfg"] for vrf_struct_cfg in vrf_struct_cfgs] + self.custom_structured_configs.root.extend(vrf.structured_config for vrf in tenant.vrfs if vrf.structured_config) return None diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/vlan_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/vlan_interfaces.py index 92b6958923a..476c6199cd6 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/vlan_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/vlan_interfaces.py @@ -103,8 +103,13 @@ def _check_virtual_router_mac_address(vlan_interface_config: dict, variables: li "access_group_out": get(self._svi_acls, f"{interface_name}.ipv4_acl_out.name"), "mtu": svi.mtu if self.shared_utils.platform_settings.feature_support.per_interface_mtu else None, "eos_cli": svi.raw_eos_cli, - "struct_cfg": svi.structured_config._as_dict() or None, } + + if svi.structured_config: + self.custom_structured_configs.nested.vlan_interfaces.obtain(interface_name)._deepmerge( + svi.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + # Only set VARP if ip_address is set if vlan_interface_config["ip_address"] is not None: vlan_interface_config["ip_virtual_router_addresses"] = svi.ip_virtual_router_addresses._as_list() or None diff --git a/python-avd/pyavd/_eos_designs/structured_config/overlay/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/overlay/__init__.py index ae56a650d21..e552404f8c1 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/overlay/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/overlay/__init__.py @@ -1,7 +1,7 @@ # Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from .cvx import CvxMixin from .ip_extcommunity_lists import IpExtCommunityListsMixin @@ -18,7 +18,7 @@ class AvdStructuredConfigOverlay( - AvdFacts, + StructuredConfigGenerator, CvxMixin, IpExtCommunityListsMixin, IpSecurityMixin, @@ -39,13 +39,13 @@ class AvdStructuredConfigOverlay( .render() runs all class methods not starting with _ and of type @cached property and inserts the returned data into a dict with the name of the method as key. This means that each key in the final dict corresponds to a method. - The Class uses AvdFacts, as the base class, to get the render, keys and other attributes. + The Class uses StructuredConfigGenerator, as the base class, to get the render, keys and other attributes. All other methods are included as "Mixins" to make the files more manageable. The order of the @cached_properties methods imported from Mixins will also control the order in the output. """ - def render(self) -> dict: + def render(self) -> None: """ Wrap class render function with a check if one of the following vars are True. @@ -64,4 +64,4 @@ def render(self) -> dict: ], ): return super().render() - return {} + return None diff --git a/python-avd/pyavd/_eos_designs/structured_config/overlay/router_bgp.py b/python-avd/pyavd/_eos_designs/structured_config/overlay/router_bgp.py index 89d90a33cad..29a36a0b387 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/overlay/router_bgp.py +++ b/python-avd/pyavd/_eos_designs/structured_config/overlay/router_bgp.py @@ -80,6 +80,12 @@ def _generate_base_peer_group( update_source: str = "Loopback0", ) -> dict: peer_group = getattr(self.inputs.bgp_peer_groups, pg_name) + + if peer_group.structured_config: + self.custom_structured_configs.nested.router_bgp.peer_groups.obtain(peer_group.name)._deepmerge( + peer_group.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + return { "name": peer_group.name, "type": pg_type, @@ -88,7 +94,6 @@ def _generate_base_peer_group( "password": peer_group.password, "send_community": "all", "maximum_routes": maximum_routes, - "struct_cfg": peer_group.structured_config._as_dict() or None, } def _peer_groups(self: AvdStructuredConfigOverlay) -> list | None: diff --git a/python-avd/pyavd/_eos_designs/structured_config/structured_config_generator.py b/python-avd/pyavd/_eos_designs/structured_config/structured_config_generator.py new file mode 100644 index 00000000000..c8ca68c543f --- /dev/null +++ b/python-avd/pyavd/_eos_designs/structured_config/structured_config_generator.py @@ -0,0 +1,72 @@ +# Copyright (c) 2023-2024 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +from __future__ import annotations + +from dataclasses import dataclass, field +from typing import TYPE_CHECKING, Literal, cast + +from pyavd._eos_cli_config_gen.schema import EosCliConfigGen +from pyavd._eos_designs.avdfacts import AvdFacts + +if TYPE_CHECKING: + from pyavd._eos_designs.schema import EosDesigns + from pyavd._eos_designs.shared_utils import SharedUtils + + +@dataclass +class StructCfgs: + """ + Snips of structured config gathered during structured config generation. + + The snips comes from the `structured_config` input fields in various data models. + """ + + root: list[EosCliConfigGen] = field(default_factory=list) + nested: EosCliConfigGen = field(default_factory=EosCliConfigGen) + list_merge_strategy: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"] = "append_unique" + + @classmethod + def new_from_ansible_list_merge_strategy(cls, ansible_strategy: Literal["replace", "append", "keep", "prepend", "append_rp", "prepend_rp"]) -> StructCfgs: + merge_strategy_map = { + "append_rp": "append_unique", + "prepend_rp": "prepend_unique", + } + list_merge_strategy = merge_strategy_map.get(ansible_strategy, ansible_strategy) + if list_merge_strategy not in ["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"]: + msg = f"Unsupported list merge strategy: {ansible_strategy}" + raise ValueError(msg) + + list_merge_strategy = cast(Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"], list_merge_strategy) + return cls(list_merge_strategy=list_merge_strategy) + + +class StructuredConfigGenerator(AvdFacts): + """ + Base class for structured config generators. + + This differs from AvdFacts by also taking structured_config and custom_structured_configs as argument + and by the render function which updates the structured_config instead of + returning a dict. + """ + + structured_config: EosCliConfigGen + custom_structured_configs: StructCfgs + + def __init__( + self, hostvars: dict, inputs: EosDesigns, shared_utils: SharedUtils, structured_config: EosCliConfigGen, custom_structured_configs: StructCfgs + ) -> None: + self.structured_config = structured_config + self.custom_structured_configs = custom_structured_configs + super().__init__(hostvars=hostvars, inputs=inputs, shared_utils=shared_utils) + + def render(self) -> None: + """ + In-place update the structured_config by deepmerging the rendered dict over the structured_config object. + + This method is bridging the gap between older classes which returns builtin types on all methods, + and refactored classes which returns AVD schema class instances. The _from_dict will automatically convert as needed. + """ + generated_structured_config_as_dict = super().render() + generated_structured_config = EosCliConfigGen._from_dict(generated_structured_config_as_dict) + self.structured_config._deepmerge(generated_structured_config, list_merge="append_unique") diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/__init__.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/__init__.py index e76660b96e9..6648ba7c78b 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/__init__.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/__init__.py @@ -1,7 +1,7 @@ # Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. -from pyavd._eos_designs.avdfacts import AvdFacts +from pyavd._eos_designs.structured_config.structured_config_generator import StructuredConfigGenerator from .agents import AgentsMixin from .as_path import AsPathMixin @@ -24,7 +24,7 @@ class AvdStructuredConfigUnderlay( - AvdFacts, + StructuredConfigGenerator, VlansMixin, EthernetInterfacesMixin, PortChannelInterfacesMixin, @@ -51,7 +51,7 @@ class AvdStructuredConfigUnderlay( .render() runs all class methods not starting with _ and of type @cached property and inserts the returned data into a dict with the name of the method as key. This means that each key in the final dict corresponds to a method. - The Class uses AvdFacts, as the base class, to get the render, keys and other attributes. + The Class uses StructuredConfigGenerator, as the base class, to get the render, keys and other attributes. All other methods are included as "Mixins" to make the files more manageable. The order of the @cached_properties methods imported from Mixins will also control the order in the output. diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/dhcp_servers.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/dhcp_servers.py index fa3c4958a42..7868a2f432a 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/dhcp_servers.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/dhcp_servers.py @@ -6,12 +6,16 @@ import re from functools import cached_property from ipaddress import AddressValueError, IPv4Address, ip_network +from typing import TYPE_CHECKING from pyavd._errors import AristaAvdInvalidInputsError from pyavd._utils import get from .utils import UtilsMixin +if TYPE_CHECKING: + from . import AvdStructuredConfigUnderlay + class DhcpServersMixin(UtilsMixin): """ @@ -20,10 +24,8 @@ class DhcpServersMixin(UtilsMixin): Class should only be used as Mixin to a AvdStructuredConfig class. """ - _hostvars: dict - @cached_property - def _subnets(self) -> list: + def _subnets(self: AvdStructuredConfigUnderlay) -> list: """ Returns a list of dhcp subnets for downstream p2p interfaces. @@ -51,13 +53,11 @@ def _subnets(self) -> list: return subnets @cached_property - def _ipv4_ztp_boot_file(self) -> str | None: - """Returns the file name to allow for ZTP to CV.""" - custom_bootfile = get(self._hostvars, "inband_ztp_bootstrap_file") - if custom_bootfile: + def _ipv4_ztp_boot_file(self: AvdStructuredConfigUnderlay) -> str | None: + """Returns the file name to allow for ZTP to CV. TODO: Add inband_ztp_bootstrap_file to schema.""" + if custom_bootfile := get(self._hostvars, "inband_ztp_bootstrap_file"): return custom_bootfile - cvp_instance_ips = get(self._hostvars, "cvp_instance_ips") - if not cvp_instance_ips: + if not (cvp_instance_ips := self.inputs.cvp_instance_ips): return None if "arista.io" in cvp_instance_ips[0]: @@ -67,18 +67,9 @@ def _ipv4_ztp_boot_file(self) -> str | None: return f"https://{cvp_instance_ips[0]}/ztp/bootstrap" @cached_property - def _dns_servers(self) -> list | None: - """Returns the list of name servers.""" - dns_servers = get(self._hostvars, "name_servers") - if not dns_servers: - return None - - return dns_servers - - @cached_property - def _ntp_servers(self) -> dict | None: + def _ntp_servers(self: AvdStructuredConfigUnderlay) -> dict | None: """Returns the list of NTP servers.""" - ntp_servers_settings = get(self._hostvars, "ntp_settings.servers") + ntp_servers_settings = self.inputs.ntp_settings.servers if not ntp_servers_settings: return None @@ -86,7 +77,7 @@ def _ntp_servers(self) -> dict | None: for ntp_server in ntp_servers_settings: # Check and validate NTP server IP address try: - ntp_server_ip = IPv4Address(ntp_server["name"]) + ntp_server_ip = IPv4Address(ntp_server.name) except AddressValueError: continue ntp_servers.append(str(ntp_server_ip)) @@ -97,7 +88,7 @@ def _ntp_servers(self) -> dict | None: raise AristaAvdInvalidInputsError(msg) @cached_property - def dhcp_servers(self) -> list | None: + def dhcp_servers(self: AvdStructuredConfigUnderlay) -> list | None: """Return structured config for dhcp_server.""" dhcp_servers = [] # Set subnets for DHCP server @@ -108,8 +99,8 @@ def dhcp_servers(self) -> list | None: if ztp_bootfile := self._ipv4_ztp_boot_file: dhcp_server["tftp_server"] = {"file_ipv4": ztp_bootfile} # Set DNS servers - if dns_servers := self._dns_servers: - dhcp_server["dns_servers_ipv4"] = dns_servers + if dns_servers := self.inputs.name_servers: + dhcp_server["dns_servers_ipv4"] = dns_servers._as_list() # Set NTP servers if ntp_servers := self._ntp_servers: dhcp_server["ipv4_vendor_options"] = [ntp_servers] diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py index b082ff69790..d3deecd9989 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py @@ -6,6 +6,7 @@ from functools import cached_property from typing import TYPE_CHECKING +from pyavd._eos_cli_config_gen.schema import EosCliConfigGen from pyavd._errors import AristaAvdError, AristaAvdMissingVariableError from pyavd._utils import append_if_not_duplicate, get, strip_null_from_data from pyavd.api.interface_descriptions import InterfaceDescriptionData @@ -153,7 +154,10 @@ def ethernet_interfaces(self: AvdStructuredConfigUnderlay) -> list | None: ethernet_interface["dhcp_server_ipv4"] = True # Structured Config - ethernet_interface["struct_cfg"] = link.get("structured_config") + if structured_config := link.get("structured_config"): + self.custom_structured_configs.nested.ethernet_interfaces.obtain(link["interface"])._deepmerge( + EosCliConfigGen.EthernetInterfacesItem._from_dict(structured_config), list_merge=self.custom_structured_configs.list_merge_strategy + ) # L2 interface elif link["type"] == "underlay_l2": diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py index a9264779d2a..008e1f315be 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/port_channel_interfaces.py @@ -6,6 +6,7 @@ from functools import cached_property from typing import TYPE_CHECKING +from pyavd._eos_cli_config_gen.schema import EosCliConfigGen from pyavd._utils import append_if_not_duplicate, get, short_esi_to_route_target, strip_null_from_data from pyavd.api.interface_descriptions import InterfaceDescriptionData @@ -102,7 +103,10 @@ def port_channel_interfaces(self: AvdStructuredConfigUnderlay) -> list | None: port_channel_interface["lacp_fallback_timeout"] = get(link, "inband_ztp_lacp_fallback_delay") # Structured Config - port_channel_interface["struct_cfg"] = link.get("structured_config") + if structured_config := link.get("structured_config"): + self.custom_structured_configs.nested.port_channel_interfaces.obtain(port_channel_name)._deepmerge( + EosCliConfigGen.PortChannelInterfacesItem._from_dict(structured_config), list_merge=self.custom_structured_configs.list_merge_strategy + ) # Remove None values port_channel_interface = strip_null_from_data(port_channel_interface, strip_values_tuple=(None, "", {})) diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/router_bgp.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/router_bgp.py index 1c35a78678c..4ff177e4f93 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/router_bgp.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/router_bgp.py @@ -36,9 +36,13 @@ def router_bgp(self: AvdStructuredConfigUnderlay) -> dict | None: "bfd": self.inputs.bgp_peer_groups.ipv4_underlay_peers.bfd or None, "maximum_routes": 12000, "send_community": "all", - "struct_cfg": self.inputs.bgp_peer_groups.ipv4_underlay_peers.structured_config._as_dict() or None, } + if self.inputs.bgp_peer_groups.ipv4_underlay_peers.structured_config: + self.custom_structured_configs.nested.router_bgp.peer_groups.obtain(self.inputs.bgp_peer_groups.ipv4_underlay_peers.name)._deepmerge( + self.inputs.bgp_peer_groups.ipv4_underlay_peers.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.shared_utils.overlay_routing_protocol == "ibgp" and self.shared_utils.is_cv_pathfinder_router: peer_group["route_map_in"] = "RM-BGP-UNDERLAY-PEERS-IN" if self.shared_utils.wan_ha: diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py index 20da753bfba..0bc2412d800 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py +++ b/python-avd/pyavd/_eos_designs/structured_config/underlay/utils.py @@ -6,6 +6,7 @@ from functools import cached_property from typing import TYPE_CHECKING +from pyavd._eos_cli_config_gen.schema import EosCliConfigGen from pyavd._errors import AristaAvdError, AristaAvdMissingVariableError from pyavd._utils import default, get, get_ip_from_ip_prefix, get_item, strip_empties_from_dict from pyavd.api.interface_descriptions import InterfaceDescriptionData @@ -182,10 +183,14 @@ def _get_l3_interface_cfg( "access_group_in": get(self._l3_interface_acls, f"{l3_interface.name}..ipv4_acl_in..name", separator=".."), "access_group_out": get(self._l3_interface_acls, f"{l3_interface.name}..ipv4_acl_out..name", separator=".."), "eos_cli": l3_interface.raw_eos_cli, - "struct_cfg": l3_interface.structured_config._as_dict(), "flow_tracker": self.shared_utils.get_flow_tracker(l3_interface.flow_tracking), } + if l3_interface.structured_config: + self.custom_structured_configs.nested.ethernet_interfaces.obtain(l3_interface.name)._deepmerge( + l3_interface.structured_config, list_merge=self.custom_structured_configs.list_merge_strategy + ) + if self.inputs.fabric_sflow.l3_interfaces is not None: interface["sflow"] = {"enable": self.inputs.fabric_sflow.l3_interfaces} @@ -268,9 +273,15 @@ def _get_l2_as_subint( "ipv6_enable": svi.ipv6_enable, "mtu": svi.mtu if self.shared_utils.platform_settings.feature_support.per_interface_mtu else None, "eos_cli": svi.raw_eos_cli, - "struct_cfg": svi.structured_config._as_dict() or None, "flow_tracker": link.get("flow_tracker"), } + + if svi.structured_config: + self.custom_structured_configs.nested.ethernet_interfaces.obtain(interface_name)._deepmerge( + svi.structured_config._cast_as(EosCliConfigGen.EthernetInterfacesItem, ignore_extra_keys=True), + list_merge=self.custom_structured_configs.list_merge_strategy, + ) + if (mtu := subinterface["mtu"]) is not None and subinterface["mtu"] > self.shared_utils.p2p_uplinks_mtu: msg = ( f"MTU '{self.shared_utils.p2p_uplinks_mtu}' set for 'p2p_uplinks_mtu' must be larger or equal to MTU '{mtu}' " diff --git a/python-avd/pyavd/_schema/models/avd_base.py b/python-avd/pyavd/_schema/models/avd_base.py index f9dd8bf714f..a68c9d2eb58 100644 --- a/python-avd/pyavd/_schema/models/avd_base.py +++ b/python-avd/pyavd/_schema/models/avd_base.py @@ -63,26 +63,44 @@ def _cast_as(self, new_type: type[T_AvdBase], ignore_extra_keys: bool = False) - """Recast a class instance as another similar subclass if they are compatible.""" @abstractmethod - def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "append") -> None: + def _deepmerge(self, other: Self, list_merge: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"] = "append_unique") -> None: """ Update instance by deepmerging the other instance in. Args: other: The other instance of the same type to merge on this instance. list_merge: Merge strategy used on any nested lists. - - "append" will first try to deep merge on the primary key, and if not found it will append non-existing items. - - "replace" will replace the full list. + + List merge strategies: + - "append_unique" will first try to deep merge on the primary key, and if not found it will append non-existing items. + - "append" will first try to deep merge on the primary key, and if not found it will append all other items (including duplicates).\ + (For AvdIndexedList this works the same as append_unique) + - "replace" will replace the full list. + - "keep" will only use the new list if there is no existing list or existing list is `None`. + - "prepend_unique" will first try to deep merge on the primary key, and if not found it will prepend non-existing items. + - "prepend" will first try to deep merge on the primary key, and if not found it will prepend all other items (including duplicates).\ + (For AvdIndexedList this works the same as prepend_unique) """ - def _deepmerged(self, other: Self, list_merge: Literal["append", "replace"] = "append") -> Self: + def _deepmerged( + self, other: Self, list_merge: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"] = "append_unique" + ) -> Self: """ Return new instance with the result of the deepmerge of "other" on this instance. Args: other: The other instance of the same type to merge on this instance. list_merge: Merge strategy used on any nested lists. - - "append" will first try to deep merge on the primary key, and if not found it will append non-existing items. - - "replace" will replace the full list. + + List merge strategies: + - "append_unique" will first try to deep merge on the primary key, and if not found it will append non-existing items. + - "append" will first try to deep merge on the primary key, and if not found it will append all other items (including duplicates).\ + (For AvdIndexedList this works the same as append_unique) + - "replace" will replace the full list. + - "keep" will only use the new list if there is no existing list or existing list is `None`. + - "prepend_unique" will first try to deep merge on the primary key, and if not found it will prepend non-existing items. + - "prepend" will first try to deep merge on the primary key, and if not found it will prepend all other items (including duplicates).\ + (For AvdIndexedList this works the same as prepend_unique) """ new_instance = deepcopy(self) new_instance._deepmerge(other=other, list_merge=list_merge) diff --git a/python-avd/pyavd/_schema/models/avd_indexed_list.py b/python-avd/pyavd/_schema/models/avd_indexed_list.py index cfb6118519c..2fa13120cff 100644 --- a/python-avd/pyavd/_schema/models/avd_indexed_list.py +++ b/python-avd/pyavd/_schema/models/avd_indexed_list.py @@ -166,15 +166,23 @@ def key(value: T_AvdModel) -> list[int | str]: cls = type(self) return cls(sorted(self.values(), key=key)) - def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "append") -> None: + def _deepmerge(self, other: Self, list_merge: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"] = "append_unique") -> None: """ Update instance by deepmerging the other instance in. Args: other: The other instance of the same type to merge into this instance. list_merge: Merge strategy used on this and any nested lists. - - "append" will first try to deep merge on the primary key, and if not found it will append non-existing items. - - "replace" will replace the full list. + + List merge strategies: + - "append_unique" will first try to deep merge on the primary key, and if not found it will append non-existing items. + - "append" will first try to deep merge on the primary key, and if not found it will append all other items (including duplicates).\ + (For AvdIndexedList this works the same as append_unique) + - "replace" will replace the full list. + - "keep" will only use the new list if there is no existing list or existing list is `None`. + - "prepend_unique" will first try to deep merge on the primary key, and if not found it will prepend non-existing items. + - "prepend" will first try to deep merge on the primary key, and if not found it will prepend all other items (including duplicates).\ + (For AvdIndexedList this works the same as prepend_unique) """ cls = type(self) if not isinstance(other, cls): @@ -183,27 +191,47 @@ def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "ap if self._created_from_null or other._created_from_null: # Clear the flag and set list_merge to replace so we overwrite with data from other below. - self._created_from_null = False + self._created_from_null = other._created_from_null list_merge = "replace" - if list_merge == "replace": - self._items = other._items.copy() - return + match list_merge: + case "replace": + # Replace with the "other" list. + self._items = other._items.copy() + return + case "keep": + # We only get here if there was a defined instance of the old list, so we "keep" the existing list as-is. + return + case _: + # For the other strategies we need to merge on primary key for existing items and otherwise append/prepend. + # There is no difference for _unique for indexed lists since it can only hold one item per primary key. + pass + prepend_items = {} for primary_key, new_item in other.items(): if new_item._created_from_null: # Remove the complete item when merging in a Null item. self._items.pop(primary_key, None) continue - if (old_value := self.get(primary_key)) is Undefined or not isinstance(old_value, type(new_item)): - # New item or different type so we can just replace + if self.get(primary_key) is Undefined: + # New item so we can just append/prepend. + if list_merge.startswith("prepend"): + # Prepending requires us to rebuild the internal dict to maintain the correct order. + # We do that at the end to maintain the order of + . If we prepended per item we would reverse the new list. + prepend_items[primary_key] = new_item + continue + + # Appending the new item. self[primary_key] = new_item continue # Existing item of same type, so deepmerge. self[primary_key]._deepmerge(new_item, list_merge=list_merge) + if prepend_items: + self._items = {**prepend_items, **self._items} + def _deepinherit(self, other: Self) -> None: """Update instance by recursively inheriting from other instance for all existing items. New items are *not* added.""" cls = type(self) diff --git a/python-avd/pyavd/_schema/models/avd_list.py b/python-avd/pyavd/_schema/models/avd_list.py index 490bf725d11..cc14d9400c5 100644 --- a/python-avd/pyavd/_schema/models/avd_list.py +++ b/python-avd/pyavd/_schema/models/avd_list.py @@ -161,32 +161,53 @@ def _filtered(self, function: Callable[[T_ItemType], bool]) -> Self: cls = type(self) return cls(filter(function, self._items)) - def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "append") -> None: + def _deepmerge(self, other: Self, list_merge: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"] = "append_unique") -> None: """ Update instance by appending or replacing the items from the other instance. Args: other: The other instance of the same type to merge into this instance. list_merge: Merge strategy used on this and any nested lists. - - "append" will first try to deep merge on the primary key, and if not found it will append non-existing items. - - "replace" will replace the full list. + + List merge strategies: + - "append_unique" will first try to deep merge on the primary key, and if not found it will append non-existing items. + - "append" will first try to deep merge on the primary key, and if not found it will append all other items (including duplicates).\ + (For AvdIndexedList this works the same as append_unique) + - "replace" will replace the full list. + - "keep" will only use the new list if there is no existing list or existing list is `None`. + - "prepend_unique" will first try to deep merge on the primary key, and if not found it will prepend non-existing items. + - "prepend" will first try to deep merge on the primary key, and if not found it will prepend all other items (including duplicates).\ + (For AvdIndexedList this works the same as prepend_unique) """ cls = type(self) if not isinstance(other, cls): msg = f"Unable to merge type '{type(other)}' into '{cls}'" raise TypeError(msg) - if self._created_from_null: - # Overwrite all data from other and clear the flag. - self._created_from_null = False + if self._created_from_null or other._created_from_null: + # Set the flag to the value of other and set list_merge to replace so we overwrite with data from other below. + self._created_from_null = other._created_from_null list_merge = "replace" - if list_merge == "replace": - self._items = other._items.copy() - return - - # Append non-existing items. - self._items.extend(new_item for new_item in other._items if new_item not in self._items) + match list_merge: + case "append_unique": + # Append non-existing items. + self._items.extend(new_item for new_item in other._items if new_item not in self._items) + case "append": + # Append all items. + self._items.extend(other._items) + case "replace": + # Replace with the "other" list. + self._items = other._items.copy() + return + case "keep": + # We only get here if there was a defined instance of the old list, so we "keep" the existing list as-is. + return + case "prepend_unique": + # Prepend non-existing items. + self._items[:0] = [new_item for new_item in other._items if new_item not in self._items] + case "prepend": + self._items[:0] = other._items def _cast_as(self, new_type: type[T_AvdList], ignore_extra_keys: bool = False) -> T_AvdList: """ diff --git a/python-avd/pyavd/_schema/models/avd_model.py b/python-avd/pyavd/_schema/models/avd_model.py index cca18716d25..e93ba1850c8 100644 --- a/python-avd/pyavd/_schema/models/avd_model.py +++ b/python-avd/pyavd/_schema/models/avd_model.py @@ -134,8 +134,6 @@ def _get_defined_attr(self, name: str) -> Any | UndefinedType: Get attribute or Undefined. Avoids the overridden __getattr__ to avoid default values. - - Falls back to __getattr__ in case of _created_from_null to always insert None or default value. """ if name not in self._fields: msg = f"'{type(self).__name__}' object has no attribute '{name}'" @@ -225,7 +223,7 @@ def _get(self, name: str, default: Any = None) -> Any: """ Behave like dict.get() to get a field value only if set. - If the field balue is not set, this will not insert a default schema values but will instead return the given 'default' value (or None). + If the field value is not set, this will not insert a default schema values but will instead return the given 'default' value (or None). """ if (value := self._get_defined_attr(name)) is Undefined: return default @@ -240,15 +238,24 @@ def _update(self, *args: Any, **kwargs: Any) -> Self: self.__init__(*args, **kwargs) return self - def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "append") -> None: + def _deepmerge(self, other: Self, list_merge: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"] = "append_unique") -> None: """ Update instance by deepmerging the other instance in. Args: other: The other instance of the same type to merge on this instance. list_merge: Merge strategy used on any nested lists. - - "append" will first try to deep merge on the primary key, and if not found it will append non-existing items. - - "replace" will replace the full list. + + List merge strategies: + - "append_unique" will first try to deep merge on the primary key, and if not found it will append non-existing items. + - "append" will first try to deep merge on the primary key, and if not found it will append all other items (including duplicates).\ + (For AvdIndexedList this works the same as append_unique) + - "replace" will replace the full list. + - "keep" will only use the new list if there is no existing list or existing list is `None`. + - "prepend_unique" will first try to deep merge on the primary key, and if not found it will prepend non-existing items. + - "prepend" will first try to deep merge on the primary key, and if not found it will prepend all other items (including duplicates).\ + (For AvdIndexedList this works the same as prepend_unique) + """ cls = type(self) if not isinstance(other, cls): @@ -283,7 +290,8 @@ def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "ap if field_type is dict: # In-place deepmerge in to the existing dict without schema. # Deepcopying since merge() does not copy. - merge(old_value, new_value, list_merge=list_merge) + legacy_list_merge = list_merge.replace("_unique", "_rp") + merge(old_value, new_value, list_merge=legacy_list_merge) continue setattr(self, field, new_value) @@ -295,30 +303,6 @@ def _deepmerge(self, other: Self, list_merge: Literal["append", "replace"] = "ap # We merged into a "null" class, but since we now have proper data, we clear the flag. self._created_from_null = False - def _inherit(self, other: Self) -> None: - """Update unset fields on this instance with fields from other instance. No merging.""" - cls = type(self) - if not isinstance(other, cls): - msg = f"Unable to inherit from type '{type(other)}' into '{cls}'" - raise TypeError(msg) - - if self._created_from_null: - # Null always wins, so no inheritance. - return - - if other._created_from_null: - # Nothing to inherit, but we set the flag to prevent inheriting from something else later. - self._created_from_null = True - return - - for field in cls._fields: - if self._get_defined_attr(field) is not Undefined: - continue - if (new_value := other._get_defined_attr(field)) is Undefined: - continue - - setattr(self, field, deepcopy(new_value)) - def _deepinherit(self, other: Self) -> None: """Update instance by recursively inheriting unset fields from other instance. Lists are not merged.""" cls = type(self) diff --git a/python-avd/pyavd/_utils/get.py b/python-avd/pyavd/_utils/get.py index 43ca9a4b122..f08853dc4ad 100644 --- a/python-avd/pyavd/_utils/get.py +++ b/python-avd/pyavd/_utils/get.py @@ -1,6 +1,9 @@ # Copyright (c) 2023-2024 Arista Networks, Inc. # Use of this source code is governed by the Apache License 2.0 # that can be found in the LICENSE file. +from __future__ import annotations + +from collections.abc import Mapping from typing import Any from pyavd._errors import AristaAvdInvalidInputsError, AristaAvdMissingVariableError @@ -67,7 +70,7 @@ def get( def get_v2( - dict_or_object: dict | object, + dict_or_object: object, key_or_attribute: str, default: Any = None, required: bool = False, @@ -112,7 +115,16 @@ def get_v2( if org_key is None: org_key = key_or_attribute keys = str(key_or_attribute).split(separator) - value = dict_or_object.get(keys[0]) if callable(getattr(dict_or_object, "get", None)) else getattr(dict_or_object, keys[0], None) + if isinstance(dict_or_object, Mapping): + # Mapping like object (probably a dict). + value = dict_or_object.get(keys[0]) + elif hasattr(dict_or_object, "_key_to_field_map"): + # AvdModel subclass - avoiding circular imports. + field_name = dict_or_object._key_to_field_map.get(keys[0], keys[0]) + value = dict_or_object._get(field_name) if field_name in dict_or_object._fields else None + else: + # Regular object. + value = getattr(dict_or_object, keys[0], None) if value is None: if required is True: diff --git a/python-avd/pyavd/get_device_structured_config.py b/python-avd/pyavd/get_device_structured_config.py index 66c6be3bc49..d2e623891f1 100644 --- a/python-avd/pyavd/get_device_structured_config.py +++ b/python-avd/pyavd/get_device_structured_config.py @@ -21,7 +21,7 @@ def get_device_structured_config(hostname: str, inputs: dict, avd_facts: dict) - from ._eos_designs.structured_config import get_structured_config from ._errors import AristaAvdError from .avd_schema_tools import AvdSchemaTools - from .constants import EOS_CLI_CONFIG_GEN_SCHEMA_ID, EOS_DESIGNS_SCHEMA_ID + from .constants import EOS_DESIGNS_SCHEMA_ID # pylint: enable=import-outside-toplevel # @@ -37,14 +37,12 @@ def get_device_structured_config(hostname: str, inputs: dict, avd_facts: dict) - ) input_schema_tools = AvdSchemaTools(schema_id=EOS_DESIGNS_SCHEMA_ID) - output_schema_tools = AvdSchemaTools(schema_id=EOS_CLI_CONFIG_GEN_SCHEMA_ID) result = {} # We do not validate input variables in this stage (done in "validate_inputs") structured_config = get_structured_config( vars=mapped_hostvars, input_schema_tools=input_schema_tools, - output_schema_tools=output_schema_tools, result=result, templar=None, validate=False, diff --git a/python-avd/schema_tools/generate_classes/class_src_gen.py b/python-avd/schema_tools/generate_classes/class_src_gen.py index bbb16cbc8ea..4d193231440 100644 --- a/python-avd/schema_tools/generate_classes/class_src_gen.py +++ b/python-avd/schema_tools/generate_classes/class_src_gen.py @@ -18,7 +18,6 @@ class SrcGenBase: # TODO: add deprecation handling # dynamic_valid_values - # Create a base model for lists so child items can be rendered by their own generators instead of trying to handle it inside lists. def generate_class_src(self, schema: AvdSchemaField, class_name: str | None = None) -> SrcData: """ diff --git a/python-avd/tests/pyavd/schema/data_merging.schema.yml b/python-avd/tests/pyavd/schema/data_merging.schema.yml new file mode 100644 index 00000000000..d185649f79e --- /dev/null +++ b/python-avd/tests/pyavd/schema/data_merging.schema.yml @@ -0,0 +1,17 @@ +type: dict +allow_other_keys: true +keys: + some_indexed_list: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + some_int: + type: int + some_list: + type: list + items: + type: int diff --git a/python-avd/tests/pyavd/schema/data_merging_schema_class.py b/python-avd/tests/pyavd/schema/data_merging_schema_class.py new file mode 100644 index 00000000000..76d9503ae3b --- /dev/null +++ b/python-avd/tests/pyavd/schema/data_merging_schema_class.py @@ -0,0 +1,78 @@ +# Copyright (c) 2024 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. + +from __future__ import annotations +from typing import ClassVar +from typing import Any +from pyavd._schema.models.eos_cli_config_gen_root_model import EosCliConfigGenRootModel +from typing import TYPE_CHECKING + +from pyavd._schema.models.avd_indexed_list import AvdIndexedList +from pyavd._schema.models.avd_list import AvdList +from pyavd._schema.models.avd_model import AvdModel + +if TYPE_CHECKING: + from pyavd._utils import Undefined, UndefinedType + + +class DataMergingTestSchema(EosCliConfigGenRootModel): + """Subclass of AvdModel.""" + class SomeIndexedListItem(AvdModel): + """Subclass of AvdModel.""" + _fields: ClassVar[dict] = {"name": {"type": str}, "some_int": {"type": int}, "_custom_data": {"type": dict}} + name: str + some_int: int | None + _custom_data: dict[str, Any] + + + if TYPE_CHECKING: + def __init__(self, *, name: str | UndefinedType = Undefined, some_int: int | None | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined) -> None: + """ + SomeIndexedListItem. + + + Subclass of AvdModel. + + Args: + name: name + some_int: some_int + _custom_data: _custom_data + + """ + + + class SomeIndexedList(AvdIndexedList[str, SomeIndexedListItem]): + """Subclass of AvdIndexedList with `SomeIndexedListItem` items. Primary key is `name` (`str`).""" + _primary_key: ClassVar[str] = "name" + + SomeIndexedList._item_type = SomeIndexedListItem + + class SomeList(AvdList[int]): + """Subclass of AvdList with `int` items.""" + + SomeList._item_type = int + + _fields: ClassVar[dict] = {"some_indexed_list": {"type": SomeIndexedList}, "some_list": {"type": SomeList}, "_custom_data": {"type": dict}} + _allow_other_keys: ClassVar[bool] = True + some_indexed_list: SomeIndexedList + """Subclass of AvdIndexedList with `SomeIndexedListItem` items. Primary key is `name` (`str`).""" + some_list: SomeList + """Subclass of AvdList with `int` items.""" + _custom_data: dict[str, Any] + + + if TYPE_CHECKING: + def __init__(self, *, some_indexed_list: SomeIndexedList | UndefinedType = Undefined, some_list: SomeList | UndefinedType = Undefined, _custom_data: dict[str, Any] | UndefinedType = Undefined) -> None: + """ + DataMergingTestSchema. + + + Subclass of AvdModel. + + Args: + some_indexed_list: Subclass of AvdIndexedList with `SomeIndexedListItem` items. Primary key is `name` (`str`). + some_list: Subclass of AvdList with `int` items. + _custom_data: _custom_data + + """ diff --git a/python-avd/tests/pyavd/schema/test_avdschema.py b/python-avd/tests/pyavd/schema/test_avdschema.py index 6370ee4679b..846d70a9d0f 100644 --- a/python-avd/tests/pyavd/schema/test_avdschema.py +++ b/python-avd/tests/pyavd/schema/test_avdschema.py @@ -13,15 +13,15 @@ script_dir = Path(__file__).parent with Path(script_dir, "access_lists.schema.yml").open(encoding="utf-8") as schema_file: - acl_schema = yaml.load(schema_file, Loader=yaml.SafeLoader) + acl_schema = yaml.load(schema_file, Loader=yaml.CSafeLoader) with Path(script_dir, "ipv6_standard_access_lists.schema.yml").open(encoding="utf-8") as schema_file: - ipv6_acl_schema = yaml.load(schema_file, Loader=yaml.SafeLoader) + ipv6_acl_schema = yaml.load(schema_file, Loader=yaml.CSafeLoader) with Path(script_dir, "combined.schema.yml").open(encoding="utf-8") as schema_file: - combined_schema = yaml.load(schema_file, Loader=yaml.SafeLoader) + combined_schema = yaml.load(schema_file, Loader=yaml.CSafeLoader) with Path(script_dir, "acl.yml").open(encoding="utf-8") as data_file: - acl_test_data = yaml.load(data_file, Loader=yaml.SafeLoader) + acl_test_data = yaml.load(data_file, Loader=yaml.CSafeLoader) with Path(script_dir, "ipv6-access-lists.yml").open(encoding="utf-8") as data_file: - ipv6_acl_test_data = yaml.load(data_file, Loader=yaml.SafeLoader) + ipv6_acl_test_data = yaml.load(data_file, Loader=yaml.CSafeLoader) VALID_TEST_SCHEMAS = [DEFAULT_SCHEMA, acl_schema, ipv6_acl_schema, combined_schema] diff --git a/python-avd/tests/pyavd/schema/test_data_merging.py b/python-avd/tests/pyavd/schema/test_data_merging.py new file mode 100644 index 00000000000..88a0b742c86 --- /dev/null +++ b/python-avd/tests/pyavd/schema/test_data_merging.py @@ -0,0 +1,89 @@ +# Copyright (c) 2024 Arista Networks, Inc. +# Use of this source code is governed by the Apache License 2.0 +# that can be found in the LICENSE file. +from __future__ import annotations + +from importlib.machinery import ModuleSpec +from importlib.util import module_from_spec +from pathlib import Path +from typing import TYPE_CHECKING, Literal + +import pytest +import yaml + +from schema_tools.generate_classes.src_generators import FileSrc +from schema_tools.metaschema.meta_schema_model import AristaAvdSchema + +if TYPE_CHECKING: + from .data_merging_schema_class import DataMergingTestSchema + + +script_dir = Path(__file__).parent + + +@pytest.fixture(scope="module") +def data_merging_schema_class() -> DataMergingTestSchema: + with Path(script_dir, "data_merging.schema.yml").open(encoding="utf-8") as schema_file: + raw_schema = yaml.load(schema_file, Loader=yaml.CSafeLoader) + + schema = AristaAvdSchema(**raw_schema) + schemasrc = schema._generate_class_src(class_name="DataMergingTestSchema") + src_file_contents = FileSrc(classes=[schemasrc.cls]) + + # Writing to file to assist the type-checker for these tests. + with Path(script_dir, "data_merging_schema_class.py").open(mode="w", encoding="UTF-8") as file: + file.write(str(src_file_contents)) + + cls_module = module_from_spec(ModuleSpec(name="cls_module", loader=None)) + exec(str(src_file_contents), cls_module.__dict__) # noqa: S102 + + return cls_module.DataMergingTestSchema + + +A_LIST = {"some_list": [1, 2]} +B_LIST = {"some_list": [2, 3, 4]} +ALL_A_AND_B_LISTS = {"some_list": [1, 2, 2, 3, 4]} +UNIQUE_A_AND_B_LISTS = {"some_list": [1, 2, 3, 4]} +ALL_B_AND_A_LISTS = {"some_list": [2, 3, 4, 1, 2]} +UNIQUE_B_AND_A_LISTS = {"some_list": [3, 4, 1, 2]} + +A_INDEXED_LIST = {"some_indexed_list": [{"name": "one", "some_int": 1}, {"name": "two", "some_int": 2}]} +B_INDEXED_LIST = {"some_indexed_list": [{"name": "two", "some_int": 2}, {"name": "three", "some_int": 3}, {"name": "four", "some_int": 4}]} +UNIQUE_A_AND_B_INDEXED_LISTS = { + "some_indexed_list": [{"name": "one", "some_int": 1}, {"name": "two", "some_int": 2}, {"name": "three", "some_int": 3}, {"name": "four", "some_int": 4}] +} +UNIQUE_B_AND_A_INDEXED_LISTS = { + "some_indexed_list": [{"name": "three", "some_int": 3}, {"name": "four", "some_int": 4}, {"name": "one", "some_int": 1}, {"name": "two", "some_int": 2}] +} + + +@pytest.mark.parametrize( + ("a_data", "b_data", "list_merge", "expected"), + [ + pytest.param({}, {}, "append_unique", {}, id="empty_data"), + # Testing AvdList + pytest.param(A_LIST, B_LIST, "append_unique", UNIQUE_A_AND_B_LISTS, id="list_append_unique"), + pytest.param(A_LIST, B_LIST, "append", ALL_A_AND_B_LISTS, id="list_append"), + pytest.param(A_LIST, B_LIST, "replace", B_LIST, id="list_replace"), + pytest.param(A_LIST, B_LIST, "keep", A_LIST, id="list_keep"), + pytest.param(A_LIST, B_LIST, "prepend", ALL_B_AND_A_LISTS, id="list_prepend"), + pytest.param(A_LIST, B_LIST, "prepend_unique", UNIQUE_B_AND_A_LISTS, id="list_prepend_unique"), + # Testing AvdIndexedList + pytest.param(A_INDEXED_LIST, B_INDEXED_LIST, "append_unique", UNIQUE_A_AND_B_INDEXED_LISTS, id="indexed_list_append_unique"), + pytest.param(A_INDEXED_LIST, B_INDEXED_LIST, "append", UNIQUE_A_AND_B_INDEXED_LISTS, id="indexed_list_append"), + pytest.param(A_INDEXED_LIST, B_INDEXED_LIST, "replace", B_INDEXED_LIST, id="indexed_list_replace"), + pytest.param(A_INDEXED_LIST, B_INDEXED_LIST, "keep", A_INDEXED_LIST, id="indexed_list_keep"), + pytest.param(A_INDEXED_LIST, B_INDEXED_LIST, "prepend", UNIQUE_B_AND_A_INDEXED_LISTS, id="indexed_list_prepend"), + pytest.param(A_INDEXED_LIST, B_INDEXED_LIST, "prepend_unique", UNIQUE_B_AND_A_INDEXED_LISTS, id="indexed_list_prepend_unique"), + ], +) +def test_data_merging( + a_data: dict, + b_data: dict, + list_merge: Literal["append_unique", "append", "replace", "keep", "prepend", "prepend_unique"], + expected: dict, + data_merging_schema_class: DataMergingTestSchema, +) -> None: + a = data_merging_schema_class._from_dict(a_data) + b = data_merging_schema_class._from_dict(b_data) + assert a._deepmerged(b, list_merge=list_merge)._as_dict() == expected