diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md
index 5cf8a45f6d5..af2228d68c5 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/inet-cloud.md
@@ -26,6 +26,7 @@
- [Internal VLAN Allocation Policy Device Configuration](#internal-vlan-allocation-policy-device-configuration)
- [Interfaces](#interfaces)
- [Ethernet Interfaces](#ethernet-interfaces)
+ - [Port-Channel Interfaces](#port-channel-interfaces)
- [Loopback Interfaces](#loopback-interfaces)
- [Routing](#routing)
- [Service Routing Protocols Model](#service-routing-protocols-model)
@@ -235,7 +236,6 @@ dhcp server
| -------------- | --------- | --------- |
| Ethernet5 | True | False |
| Ethernet6 | True | False |
-| Ethernet8 | True | False |
## Monitoring
@@ -306,7 +306,10 @@ vlan internal order ascending range 1006 1199
| Ethernet5 | site1-wan1-Ethernet4 | - | 100.64.10.1/24 | default | - | False | - | - |
| Ethernet6 | site1-wan2-Ethernet4 | - | 100.64.11.1/24 | default | - | False | - | - |
| Ethernet7 | site2-wan2-Ethernet4 | - | 100.64.21.1/24 | default | - | False | - | - |
-| Ethernet8 | site3-wan1-Ethernet4 | - | 100.64.30.1/24 | default | - | False | - | - |
+| Ethernet8 | - | 8 | *100.64.30.1/24 | **default | **- | *False | **- | **- |
+| Ethernet9 | - | 8 | *100.64.30.1/24 | **default | **- | *False | **- | **- |
+
+*Inherited from Port-Channel Interface
#### Ethernet Interfaces Device Configuration
@@ -345,11 +348,44 @@ interface Ethernet7
ip address 100.64.21.1/24
!
interface Ethernet8
- description site3-wan1-Ethernet4
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 8 mode active
+!
+interface Ethernet9
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 8 mode active
+```
+
+### Port-Channel Interfaces
+
+#### Port-Channel Interfaces Summary
+
+##### L2
+
+| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | LACP Fallback Timeout | LACP Fallback Mode | MLAG ID | EVPN ESI |
+| --------- | ----------- | ---- | ----- | ----------- | ------------| --------------------- | ------------------ | ------- | -------- |
+
+##### IPv4
+
+| Interface | Description | MLAG ID | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out |
+| --------- | ----------- | ------- | ---------- | --- | --- | -------- | ------ | ------- |
+| Port-Channel8 | site3-wan1-Port-Channel4 | - | 100.64.30.1/24 | default | - | False | - | - |
+
+#### Port-Channel Interfaces Device Configuration
+
+```eos
+!
+interface Port-Channel8
+ description site3-wan1-Port-Channel4
no shutdown
no switchport
ip address 100.64.30.1/24
dhcp server ipv4
+
```
### Loopback Interfaces
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md
index 3d5d2d9c577..93f5d7486ab 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/documentation/devices/site3-wan1.md
@@ -33,6 +33,7 @@
- [Interfaces](#interfaces)
- [DPS Interfaces](#dps-interfaces)
- [Ethernet Interfaces](#ethernet-interfaces)
+ - [Port-Channel Interfaces](#port-channel-interfaces)
- [Loopback Interfaces](#loopback-interfaces)
- [VXLAN Interface](#vxlan-interface)
- [Routing](#routing)
@@ -287,7 +288,7 @@ daemon TerminAttr
| Tracker Name | Record Export On Inactive Timeout | Record Export On Interval | Number of Exporters | Applied On |
| ------------ | --------------------------------- | ------------------------- | ------------------- | ---------- |
-| FLOW-TRACKER | 70000 | 5000 | 1 | Dps1
Ethernet1.666
Ethernet1.42
Ethernet4 |
+| FLOW-TRACKER | 70000 | 5000 | 1 | Dps1
Ethernet1.666
Ethernet1.42
Port-Channel4 |
##### Exporters Summary
@@ -430,7 +431,10 @@ interface Dps1
| --------- | ----------- | ------------- | ---------- | ----| ---- | -------- | ------ | ------- |
| Ethernet1.42 | RED-TEST | - | 10.42.3.1/24 | RED | - | False | - | - |
| Ethernet1.666 | BLUE-TEST | - | 10.66.3.1/24 | BLUE | - | False | - | - |
-| Ethernet4 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8 | - | dhcp | default | - | False | ACL-INTERNET-IN_Ethernet4 | - |
+| Ethernet4 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud | 4 | *dhcp | **default | **- | *False | *ACL-INTERNET-IN_Port-Channel4 | **- |
+| Ethernet5 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud | 4 | *dhcp | **default | **- | *False | *ACL-INTERNET-IN_Port-Channel4 | **- |
+
+*Inherited from Port-Channel Interface
#### Ethernet Interfaces Device Configuration
@@ -459,13 +463,47 @@ interface Ethernet1.666
ip address 10.66.3.1/24
!
interface Ethernet4
- description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8
+ description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 4 mode active
+!
+interface Ethernet5
+ description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 4 mode active
+```
+
+### Port-Channel Interfaces
+
+#### Port-Channel Interfaces Summary
+
+##### L2
+
+| Interface | Description | Mode | VLANs | Native VLAN | Trunk Group | LACP Fallback Timeout | LACP Fallback Mode | MLAG ID | EVPN ESI |
+| --------- | ----------- | ---- | ----- | ----------- | ------------| --------------------- | ------------------ | ------- | -------- |
+
+##### IPv4
+
+| Interface | Description | MLAG ID | IP Address | VRF | MTU | Shutdown | ACL In | ACL Out |
+| --------- | ----------- | ------- | ---------- | --- | --- | -------- | ------ | ------- |
+| Port-Channel4 | REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8 | - | dhcp | default | - | False | ACL-INTERNET-IN_Port-Channel4 | - |
+
+#### Port-Channel Interfaces Device Configuration
+
+```eos
+!
+interface Port-Channel4
+ description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8
no shutdown
no switchport
flow tracker hardware FLOW-TRACKER
ip address dhcp
dhcp client accept default-route
- ip access-group ACL-INTERNET-IN_Ethernet4 in
+ ip access-group ACL-INTERNET-IN_Port-Channel4 in
```
### Loopback Interfaces
@@ -1011,7 +1049,7 @@ ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.255.11:203
```eos
!
-ip access-list ACL-INTERNET-IN_Ethernet4
+ip access-list ACL-INTERNET-IN_Port-Channel4
1 remark Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface
10 permit udp any host 100.64.30.2 eq isakmp non500-isakmp
30 permit icmp any host 100.64.30.2
@@ -1168,7 +1206,7 @@ application traffic recognition
| Interface name | Public address | STUN server profile(s) |
| -------------- | -------------- | ---------------------- |
-| Ethernet4 | - | INTERNET-pf1-Ethernet2
INTERNET-pf2-Ethernet2 |
+| Port-Channel4 | - | INTERNET-pf1-Ethernet2
INTERNET-pf2-Ethernet2 |
###### Dynamic Peers Settings
@@ -1206,7 +1244,7 @@ router path-selection
path-group INTERNET id 102
ipsec profile CP-PROFILE
!
- local interface Ethernet4
+ local interface Port-Channel4
stun server-profile INTERNET-pf1-Ethernet2 INTERNET-pf2-Ethernet2
!
peer dynamic
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml
index c0d78381609..c3f1639569f 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/SITE3.yml
@@ -23,10 +23,21 @@ wan_router:
id: 11
mgmt_ip: 192.168.17.20/24
uplink_switches: [site3-leaf1]
- l3_interfaces:
- - name: Ethernet4
- peer_interface: Ethernet8
+ l3_port_channels:
+ - name: Port-Channel4
+ mode: active
+ member_interfaces:
+ - name: Ethernet4
+ speed: forced 10000full
+ - name: Ethernet5
+ speed: forced 10000full
+ peer: inet-cloud
+ ip_address: dhcp
dhcp_ip: 100.64.30.2
- profile: INTERNET-WAN-INTERFACE
+ dhcp_accept_default_route: true
+ ipv4_acl_in: ACL-INTERNET-IN
+ peer_port_channel: Port-Channel8
wan_carrier: REGION2-INTERNET-CORP
wan_circuit_id: inet-site3-wan1
+ flow_tracking:
+ enabled: true
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml
index 3a289d70903..45f19c45942 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/group_vars/TRANSPORTS.yml
@@ -50,11 +50,18 @@ spine:
- name: Ethernet7
description: site2-wan2-Ethernet4
ip_address: 100.64.21.1/24
- - name: Ethernet8
- description: site3-wan1-Ethernet4
+ l3_port_channels:
+ - name: Port-Channel8
+ mode: active
+ description: site3-wan1-Port-Channel4
+ member_interfaces:
+ - name: Ethernet8
+ speed: forced 10000full
+ - name: Ethernet9
+ speed: forced 10000full
ip_address: 100.64.30.1/24
- structured_config:
- dhcp_server_ipv4: true
+ raw_eos_cli: |
+ dhcp server ipv4
structured_config:
router_bgp:
# Neighbor definition for site2-wan2
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg
index f38e4cdf0e6..0c8ca483342 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/inet-cloud.cfg
@@ -53,6 +53,14 @@ management api http-commands
no shutdown
!
aaa authorization exec default local
+!
+interface Port-Channel8
+ description site3-wan1-Port-Channel4
+ no shutdown
+ no switchport
+ ip address 100.64.30.1/24
+ dhcp server ipv4
+
!
interface Ethernet1
description pf1-Ethernet2
@@ -87,11 +95,16 @@ interface Ethernet7
ip address 100.64.21.1/24
!
interface Ethernet8
- description site3-wan1-Ethernet4
no shutdown
+ speed forced 10000full
no switchport
- ip address 100.64.30.1/24
- dhcp server ipv4
+ channel-group 8 mode active
+!
+interface Ethernet9
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 8 mode active
!
interface Loopback0
description ROUTER_ID
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg
index 58fbee377cb..65f4547c301 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/configs/site3-wan1.cfg
@@ -104,7 +104,7 @@ router path-selection
path-group INTERNET id 102
ipsec profile CP-PROFILE
!
- local interface Ethernet4
+ local interface Port-Channel4
stun server-profile INTERNET-pf1-Ethernet2 INTERNET-pf2-Ethernet2
!
peer dynamic
@@ -196,6 +196,15 @@ ip security
key controller
profile DP-PROFILE
!
+interface Port-Channel4
+ description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8
+ no shutdown
+ no switchport
+ flow tracker hardware FLOW-TRACKER
+ ip address dhcp
+ dhcp client accept default-route
+ ip access-group ACL-INTERNET-IN_Port-Channel4 in
+!
interface Dps1
description DPS Interface
mtu 9194
@@ -225,13 +234,18 @@ interface Ethernet1.666
ip address 10.66.3.1/24
!
interface Ethernet4
- description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8
+ description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud
no shutdown
+ speed forced 10000full
no switchport
- flow tracker hardware FLOW-TRACKER
- ip address dhcp
- dhcp client accept default-route
- ip access-group ACL-INTERNET-IN_Ethernet4 in
+ channel-group 4 mode active
+!
+interface Ethernet5
+ description REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 4 mode active
!
interface Loopback0
description ROUTER_ID
@@ -296,7 +310,7 @@ application traffic recognition
field-set l4-port VOICE-PORTS
666-667
!
-ip access-list ACL-INTERNET-IN_Ethernet4
+ip access-list ACL-INTERNET-IN_Port-Channel4
1 remark Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface
10 permit udp any host 100.64.30.2 eq isakmp non500-isakmp
30 permit icmp any host 100.64.30.2
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml
index ff44c321f9d..5c61a3e7e35 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/inet-cloud.yml
@@ -138,13 +138,34 @@ ethernet_interfaces:
enabled: false
description: site2-wan2-Ethernet4
- name: Ethernet8
- peer_type: l3_interface
+ peer_type: l3_port_channel_member
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 8
+ mode: active
+- name: Ethernet9
+ peer_type: l3_port_channel_member
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 8
+ mode: active
+port_channel_interfaces:
+- name: Port-Channel8
+ peer_type: l3_port_channel
ip_address: 100.64.30.1/24
shutdown: false
switchport:
enabled: false
- description: site3-wan1-Ethernet4
- dhcp_server_ipv4: true
+ description: site3-wan1-Port-Channel4
+ eos_cli: 'dhcp server ipv4
+
+ '
loopback_interfaces:
- name: Loopback0
description: ROUTER_ID
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml
index 26ebe38fe11..1184ca94d6e 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan1.yml
@@ -334,9 +334,9 @@ ethernet_interfaces:
switchport:
enabled: false
description: REGION1-INTERNET-CORP_inet-site1-wan1_inet-cloud_Ethernet5
- access_group_in: ACL-INTERNET-IN_Ethernet4
flow_tracker:
hardware: FLOW-TRACKER
+ access_group_in: ACL-INTERNET-IN_Ethernet4
loopback_interfaces:
- name: Loopback0
description: ROUTER_ID
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml
index 6cd61b9e2be..4bb66fe57cb 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site1-wan2.yml
@@ -334,9 +334,9 @@ ethernet_interfaces:
switchport:
enabled: false
description: REGION1-INTERNET-CORP_inet-site1-wan2_inet-cloud_Ethernet6
- access_group_in: ACL-INTERNET-IN_Ethernet4
flow_tracker:
hardware: FLOW-TRACKER
+ access_group_in: ACL-INTERNET-IN_Ethernet4
dhcp_client_accept_default_route: true
loopback_interfaces:
- name: Loopback0
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml
index b95710ba067..22e9e1adb78 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site2-wan2.yml
@@ -365,9 +365,9 @@ ethernet_interfaces:
switchport:
enabled: false
description: REGION2-INTERNET-CORP_inet-site2-wan2_inet-cloud_Ethernet7
- access_group_in: ACL-INTERNET-IN_Ethernet4
flow_tracker:
hardware: FLOW-TRACKER
+ access_group_in: ACL-INTERNET-IN_Ethernet4
- name: Ethernet5
switchport:
enabled: false
diff --git a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml
index a5c8da00bd0..156ed6d163d 100644
--- a/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml
+++ b/ansible_collections/arista/avd/examples/cv-pathfinder/intended/structured_configs/site3-wan1.yml
@@ -215,17 +215,40 @@ ethernet_interfaces:
flow_tracker:
hardware: FLOW-TRACKER
- name: Ethernet4
- peer_type: l3_interface
+ description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud
+ peer_type: l3_port_channel_member
peer: inet-cloud
- peer_interface: Ethernet8
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 4
+ mode: active
+- name: Ethernet5
+ description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud
+ peer_type: l3_port_channel_member
+ peer: inet-cloud
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 4
+ mode: active
+port_channel_interfaces:
+- name: Port-Channel4
+ peer_type: l3_port_channel
+ peer: inet-cloud
+ peer_interface: Port-Channel8
ip_address: dhcp
shutdown: false
switchport:
enabled: false
- description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Ethernet8
- access_group_in: ACL-INTERNET-IN_Ethernet4
+ description: REGION2-INTERNET-CORP_inet-site3-wan1_inet-cloud_Port-Channel8
flow_tracker:
hardware: FLOW-TRACKER
+ access_group_in: ACL-INTERNET-IN_Port-Channel4
dhcp_client_accept_default_route: true
loopback_interfaces:
- name: Loopback0
@@ -272,7 +295,7 @@ agents:
- name: KERNELFIB_PROGRAM_ALL_ECMP
value: '1'
ip_access_lists:
-- name: ACL-INTERNET-IN_Ethernet4
+- name: ACL-INTERNET-IN_Port-Channel4
entries:
- sequence: 1
remark: 'Not for PRODUCTION: This ACL is built this way because the lab has an out-of-band interface'
@@ -428,7 +451,7 @@ router_path_selection:
- name: INTERNET
id: 102
local_interfaces:
- - name: Ethernet4
+ - name: Port-Channel4
stun:
server_profiles:
- INTERNET-pf1-Ethernet2
@@ -590,14 +613,6 @@ metadata:
tags:
- name: Type
value: lan
- - interface: Ethernet4
- tags:
- - name: Type
- value: wan
- - name: Carrier
- value: REGION2-INTERNET-CORP
- - name: Circuit
- value: inet-site3-wan1
cv_pathfinder:
role: edge
ssl_profile: STUN-DTLS
@@ -606,7 +621,7 @@ metadata:
zone: REGION2-ZONE
site: SITE3
interfaces:
- - name: Ethernet4
+ - name: Port-Channel4
carrier: REGION2-INTERNET-CORP
circuit_id: inet-site3-wan1
pathgroup: INTERNET
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml
index 0c2656b2281..5930aa1e75e 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml
@@ -24,4 +24,4 @@ wan_path_groups:
expected_error_message: >-
'ipv4_acl_in' must be set on WAN interfaces where 'wan_carrier' is set,
- unless the carrier is configured as 'trusted' under 'wan_carriers'. 'ipv4_acl_in' is missing on interface 'Ethernet1'.
+ unless the carrier is configured as 'trusted' under 'wan_carriers'. 'ipv4_acl_in' is missing on L3 interface 'Ethernet1'.
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg
index 52331356039..4d144183706 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg
@@ -66,6 +66,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -82,6 +85,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -116,6 +122,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router internet-exit
exit-group DIRECT-EXIT-POLICY-1
@@ -196,6 +203,10 @@ router path-selection
path-group INET
path-group MPLS
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group MPLS priority 2
@@ -427,6 +438,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -438,6 +452,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -461,8 +478,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
monitor connectivity
no shutdown
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg
index 9962486a0d2..2d3ac9de760 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge1.cfg
@@ -63,6 +63,9 @@ router adaptive-virtual-topology
match application-profile VIDEO
avt profile PROD-AVT-POLICY-VIDEO
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -79,6 +82,10 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ internet-exit policy ZSCALER-EXIT-POLICY-3
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -110,6 +117,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-DEFAULT id 1
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router internet-exit
exit-group DIRECT-EXIT-POLICY-1
@@ -133,6 +141,15 @@ router internet-exit
exit-group ZSCALER-EXIT-POLICY-2_TER
local connection IE-Tunnel112
!
+ exit-group ZSCALER-EXIT-POLICY-3_PRI
+ local connection IE-Tunnel200
+ !
+ exit-group ZSCALER-EXIT-POLICY-3_SEC
+ local connection IE-Tunnel201
+ !
+ exit-group ZSCALER-EXIT-POLICY-3_TER
+ local connection IE-Tunnel202
+ !
policy DIRECT-EXIT-POLICY-1
exit-group DIRECT-EXIT-POLICY-1
!
@@ -146,6 +163,11 @@ router internet-exit
exit-group ZSCALER-EXIT-POLICY-2_PRI
exit-group ZSCALER-EXIT-POLICY-2_SEC
exit-group ZSCALER-EXIT-POLICY-2_TER
+ !
+ policy ZSCALER-EXIT-POLICY-3
+ exit-group ZSCALER-EXIT-POLICY-3_PRI
+ exit-group ZSCALER-EXIT-POLICY-3_SEC
+ exit-group ZSCALER-EXIT-POLICY-3_TER
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -163,6 +185,15 @@ router path-selection
local interface Ethernet3
stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1
!
+ local interface Port-Channel1
+ stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1
+ !
+ local interface Port-Channel450
+ stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1
+ !
+ local interface Port-Channel540
+ stun server-profile INET-cv-pathfinder-pathfinder1-Ethernet1 INET-cv-pathfinder-pathfinder2-Ethernet1
+ !
peer dynamic
!
peer static router-ip 192.168.144.2
@@ -196,6 +227,11 @@ router path-selection
path-group INET
path-group Satellite priority 2
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group AWS priority 2
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
!
@@ -230,6 +266,15 @@ router service-insertion
connection IE-Tunnel112
interface Tunnel112 primary
monitor connectivity host IE-Tunnel112
+ connection IE-Tunnel200
+ interface Tunnel200 primary
+ monitor connectivity host IE-Tunnel200
+ connection IE-Tunnel201
+ interface Tunnel201 primary
+ monitor connectivity host IE-Tunnel201
+ connection IE-Tunnel202
+ interface Tunnel202 primary
+ monitor connectivity host IE-Tunnel202
!
spanning-tree mode none
!
@@ -271,6 +316,12 @@ ip security
dh-group 24
local-id fqdn cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-2@test.local
!
+ ike policy IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY
+ ike-lifetime 24
+ encryption aes256
+ dh-group 24
+ local-id fqdn cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-3@test.local
+ !
sa policy CP-SA-POLICY
esp encryption aes256gcm128
pfs dh-group 14
@@ -291,6 +342,12 @@ ip security
sa lifetime 8 hours
pfs dh-group 24
!
+ sa policy IE-ZSCALER-EXIT-POLICY-3-SA-POLICY
+ esp encryption aes256
+ esp integrity sha256
+ sa lifetime 8 hours
+ pfs dh-group 24
+ !
profile CP-PROFILE
ike-policy CP-IKE-POLICY
sa-policy CP-SA-POLICY
@@ -320,15 +377,70 @@ ip security
shared-key 7 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0B67637B7B666B3873293274733B31233B6D2A332315696A
dpd 10 60 clear
!
+ profile IE-ZSCALER-EXIT-POLICY-3-PROFILE
+ ike-policy IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY
+ sa-policy IE-ZSCALER-EXIT-POLICY-3-SA-POLICY
+ connection start
+ shared-key 7 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0A67637B7B666B3873293274733B31233B6D2A332315696A
+ dpd 10 60 clear
+ !
key controller
profile DP-PROFILE
!
+interface Port-Channel1
+ description ATT_404_peerDeviceA_Port-Channel2
+ no shutdown
+ no switchport
+ flow tracker hardware FLOW-TRACKER
+ ip address 172.15.5.7/31
+!
+interface Port-Channel450
+ description Orange_peerDevice10_Port-Channel455
+ no shutdown
+ no switchport
+ ip address 172.15.5.8/31
+!
+interface Port-Channel540
+ description Comcast_peerDevice11_Port-Channel545
+ no shutdown
+ no switchport
+ ip address 172.15.6.9/31
+ ip access-group TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540 in
+ ip access-group TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540 out
+!
interface Dps1
description DPS Interface
mtu 9194
flow tracker hardware FLOW-TRACKER
ip address 192.168.142.2/32
!
+interface Ethernet1/10
+ description Orange_peerDevice10
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 450 mode on
+!
+interface Ethernet1/16
+ description Comcast_peerDevice11
+ no shutdown
+ speed auto 10000full
+ no switchport
+ channel-group 540 mode active
+!
+interface Ethernet1/17
+ description Comcast_peerDevice11
+ no shutdown
+ no switchport
+ channel-group 540 mode active
+!
+interface Ethernet1/18
+ description Comcast_peerDevice11
+ no shutdown
+ speed 1000full
+ no switchport
+ channel-group 540 mode active
+!
interface Ethernet1/49
no shutdown
no switchport
@@ -367,6 +479,20 @@ interface Ethernet5
ip address dhcp
dhcp client accept default-route
!
+interface Ethernet6
+ description ATT_404_peerDevice1_PeerDevIntf1
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 1 mode active
+!
+interface Ethernet7
+ description ATT_404_peerDeviceA
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 1 mode active
+!
interface Ethernet52
description P2P_site-ha-disabled-leaf_Ethernet2
no shutdown
@@ -463,6 +589,36 @@ interface Tunnel112
tunnel destination 10.50.9.1
tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-2-PROFILE
!
+interface Tunnel200
+ description Internet Exit ZSCALER-EXIT-POLICY-3 PRI
+ mtu 1394
+ ip address unnumbered Loopback0
+ ip nat service-profile NAT-IE-ZSCALER
+ tunnel mode ipsec
+ tunnel source interface Port-Channel1
+ tunnel destination 10.37.121.1
+ tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-3-PROFILE
+!
+interface Tunnel201
+ description Internet Exit ZSCALER-EXIT-POLICY-3 SEC
+ mtu 1394
+ ip address unnumbered Loopback0
+ ip nat service-profile NAT-IE-ZSCALER
+ tunnel mode ipsec
+ tunnel source interface Port-Channel1
+ tunnel destination 10.39.77.1
+ tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-3-PROFILE
+!
+interface Tunnel202
+ description Internet Exit ZSCALER-EXIT-POLICY-3 TER
+ mtu 1394
+ ip address unnumbered Loopback0
+ ip nat service-profile NAT-IE-ZSCALER
+ tunnel mode ipsec
+ tunnel source interface Port-Channel1
+ tunnel destination 10.50.9.1
+ tunnel ipsec profile IE-ZSCALER-EXIT-POLICY-3-PROFILE
+!
interface Vxlan1
description cv-pathfinder-edge1_VTEP
vxlan source-interface Dps1
@@ -485,6 +641,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -496,6 +655,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile VIDEO
application CUSTOM-APPLICATION-1
application skype
@@ -517,8 +679,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
monitor connectivity
no shutdown
@@ -529,6 +697,9 @@ monitor connectivity
interface set SET-Tunnel110 Tunnel110
interface set SET-Tunnel111 Tunnel111
interface set SET-Tunnel112 Tunnel112
+ interface set SET-Tunnel200 Tunnel200
+ interface set SET-Tunnel201 Tunnel201
+ interface set SET-Tunnel202 Tunnel202
!
host IE-Ethernet3
description
@@ -577,6 +748,27 @@ monitor connectivity
local-interfaces SET-Tunnel112
ip 10.50.9.1
url http://gateway.zscalerbeta.net/vpntest
+ !
+ host IE-Tunnel200
+ description
+ Internet Exit ZSCALER-EXIT-POLICY-3 PRI
+ local-interfaces SET-Tunnel200
+ ip 10.37.121.1
+ url http://gateway.zscalerbeta.net/vpntest
+ !
+ host IE-Tunnel201
+ description
+ Internet Exit ZSCALER-EXIT-POLICY-3 SEC
+ local-interfaces SET-Tunnel201
+ ip 10.39.77.1
+ url http://gateway.zscalerbeta.net/vpntest
+ !
+ host IE-Tunnel202
+ description
+ Internet Exit ZSCALER-EXIT-POLICY-3 TER
+ local-interfaces SET-Tunnel202
+ ip 10.50.9.1
+ url http://gateway.zscalerbeta.net/vpntest
!
ip access-list ACL-NAT-IE-DIRECT
10 deny ip any 5.0.0.0/24
@@ -590,6 +782,14 @@ ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Ethernet1_49.3
15 deny ip any host 172.24.49.3
permit ip host 172.24.49.2 host 172.24.49.3
!
+ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540
+ 15 deny ip any host 172.15.6.9
+ permit ip host 172.31.0.11 host 172.15.6.9
+!
+ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540
+ remark Some remark will not require source and destination fields.
+ permit ip host 172.15.6.9 any
+!
ip routing
ip routing vrf ATTRACTED-VRF-FROM-UPLINK
ip routing vrf IT
@@ -603,7 +803,7 @@ ip prefix-list ALLOW-DEFAULT
!
ip prefix-list PL2
seq 10 permit 5.0.0.0/0
- seq 20 deny 10.00.0.0/24
+ seq 20 deny 10.0.0.0/24
!
ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
seq 10 permit 192.168.42.0/24 eq 32
@@ -611,6 +811,9 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
ip route 10.37.121.1/32 172.31.0.1 name IE-ZSCALER-PRI
ip route 10.39.77.1/32 172.31.0.1 name IE-ZSCALER-SEC
ip route 10.50.9.1/32 172.31.0.1 name IE-ZSCALER-TER
+ip route 172.16.0.0/16 172.31.0.1
+ip route 172.17.0.0/16 172.31.0.10
+ip route 172.18.0.0/16 172.31.0.11
!
ip nat pool PORT-ONLY-POOL port-only
port range 1500 65535
@@ -628,6 +831,21 @@ route-map RM-BGP-172.29.0.13-OUT permit 10
!
route-map RM-BGP-172.29.0.13-OUT deny 20
!
+route-map RM-BGP-172.31.0.1-IN permit 10
+ match ip address prefix-list PL2
+ set community no-advertise additive
+!
+route-map RM-BGP-172.31.0.1-OUT permit 10
+ match ip address prefix-list ALLOW-DEFAULT
+!
+route-map RM-BGP-172.31.0.1-OUT deny 20
+!
+route-map RM-BGP-172.31.0.10-IN permit 10
+ match ip address prefix-list PL2
+ set community no-advertise additive
+!
+route-map RM-BGP-172.31.0.10-OUT deny 10
+!
route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
description Mark prefixes originated from the LAN
set extcommunity soo 192.168.42.2:511 additive
@@ -676,6 +894,14 @@ router bgp 65000
neighbor 172.29.0.13 remote-as 64520
neighbor 172.29.0.13 route-map RM-BGP-172.29.0.13-IN in
neighbor 172.29.0.13 route-map RM-BGP-172.29.0.13-OUT out
+ neighbor 172.31.0.1 remote-as 64520
+ neighbor 172.31.0.1 description ATT_404_peerDeviceA_Port-Channel2
+ neighbor 172.31.0.1 route-map RM-BGP-172.31.0.1-IN in
+ neighbor 172.31.0.1 route-map RM-BGP-172.31.0.1-OUT out
+ neighbor 172.31.0.10 remote-as 64520
+ neighbor 172.31.0.10 description Orange_peerDevice10_Port-Channel455
+ neighbor 172.31.0.10 route-map RM-BGP-172.31.0.10-IN in
+ neighbor 172.31.0.10 route-map RM-BGP-172.31.0.10-OUT out
neighbor 192.168.144.2 peer group WAN-OVERLAY-PEERS
neighbor 192.168.144.2 description cv-pathfinder-pathfinder1_Dps1
neighbor 192.168.144.3 peer group WAN-OVERLAY-PEERS
@@ -693,6 +919,8 @@ router bgp 65000
no neighbor WAN-OVERLAY-PEERS activate
neighbor 172.28.0.14 activate
neighbor 172.29.0.13 activate
+ neighbor 172.31.0.1 activate
+ neighbor 172.31.0.10 activate
!
address-family ipv4 sr-te
neighbor WAN-OVERLAY-PEERS activate
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg
index f2d1fb1eab3..f0eab7d42c3 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg
@@ -59,6 +59,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -74,6 +77,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -107,6 +113,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -153,6 +160,11 @@ router path-selection
path-group INET
path-group LAN_HA
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -331,6 +343,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -342,6 +357,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -365,8 +383,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf ATTRACTED-VRF-FROM-UPLINK
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg
index 926b3c4a899..9618cf8fe8a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg
@@ -59,6 +59,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -74,6 +77,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -107,6 +113,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -153,6 +160,10 @@ router path-selection
path-group CUSTOM_LAN_HA
path-group MPLS
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group CUSTOM_LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group CUSTOM_LAN_HA
path-group MPLS priority 2
@@ -316,6 +327,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -327,6 +341,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -350,8 +367,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf ATTRACTED-VRF-FROM-UPLINK
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg
index a25ef697368..abf4b6d9718 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3A.cfg
@@ -54,6 +54,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -66,6 +69,9 @@ router adaptive-virtual-topology
profile DEFAULT-AVT-POLICY-VIDEO
path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -95,6 +101,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -134,6 +141,11 @@ router path-selection
path-group INET
path-group LAN_HA
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -255,6 +267,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -266,6 +281,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -289,8 +307,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf IT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg
index 661711e095c..ac9e9852069 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge3B.cfg
@@ -54,6 +54,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -66,6 +69,9 @@ router adaptive-virtual-topology
profile DEFAULT-AVT-POLICY-VIDEO
path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -95,6 +101,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -134,6 +141,10 @@ router path-selection
path-group LAN_HA
path-group MPLS
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group LAN_HA
path-group MPLS priority 2
@@ -255,6 +266,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -266,6 +280,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -289,8 +306,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf IT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg
index 948b4f4a9cf..8d53fa194cd 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4A.cfg
@@ -54,6 +54,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -66,6 +69,9 @@ router adaptive-virtual-topology
profile DEFAULT-AVT-POLICY-VIDEO
path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -95,6 +101,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -133,6 +140,11 @@ router path-selection
path-group INET
path-group LAN_HA
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -266,6 +278,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -277,6 +292,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -300,8 +318,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf IT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg
index 25a1e5e02dd..471f95547c3 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge4B.cfg
@@ -54,6 +54,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -66,6 +69,9 @@ router adaptive-virtual-topology
profile DEFAULT-AVT-POLICY-VIDEO
path-selection load-balance LB-DEFAULT-AVT-POLICY-VIDEO
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -95,6 +101,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
router path-selection
tcp mss ceiling ipv4 ingress
@@ -133,6 +140,11 @@ router path-selection
path-group INET
path-group LAN_HA
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -266,6 +278,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -277,6 +292,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -300,8 +318,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf IT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg
index a010e84d82f..07e645346ea 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg
@@ -56,6 +56,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -82,6 +85,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -118,6 +124,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
vrf TRANSIT
avt policy TRANSIT-AVT-POLICY
@@ -184,6 +191,12 @@ router path-selection
path-group Equinix priority 2
path-group Satellite priority 2
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ path-group AWS priority 2
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -300,6 +313,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -311,6 +327,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -334,8 +353,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
no ip routing vrf MGMT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg
index a722345ab23..5c2dcfb50f5 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg
@@ -56,6 +56,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -82,6 +85,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -118,6 +124,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
vrf TRANSIT
avt policy TRANSIT-AVT-POLICY
@@ -187,6 +194,12 @@ router path-selection
path-group Equinix priority 2
path-group Satellite priority 2
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ path-group AWS priority 2
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -291,6 +304,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -302,6 +318,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -325,8 +344,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
no ip routing vrf MGMT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg
index f5cef9139e2..b81e319bfac 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg
@@ -56,6 +56,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -82,6 +85,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -118,6 +124,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
vrf TRANSIT
avt policy TRANSIT-AVT-POLICY
@@ -194,6 +201,12 @@ router path-selection
path-group Equinix priority 2
path-group Satellite priority 2
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ path-group AWS priority 2
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -304,6 +317,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -315,6 +331,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -338,8 +357,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
no ip routing vrf MGMT
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg
index 55756638cc6..c1d39266d00 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg
@@ -63,6 +63,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -90,6 +93,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -126,6 +132,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
vrf TRANSIT
avt policy TRANSIT-AVT-POLICY
@@ -203,6 +210,11 @@ router path-selection
path-group LAN_HA
path-group MPLS
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -380,6 +392,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -391,6 +406,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -414,8 +432,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
monitor connectivity
no shutdown
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg
index a1abb72ffdb..64999ac4185 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg
@@ -59,6 +59,9 @@ router adaptive-virtual-topology
match application-profile MPLS-ONLY
avt profile PROD-AVT-POLICY-MPLS-ONLY
!
+ match application-profile CRITICAL-APP
+ avt profile PROD-AVT-POLICY-CRITICAL-APP
+ !
match application-profile default
avt profile PROD-AVT-POLICY-DEFAULT
!
@@ -85,6 +88,9 @@ router adaptive-virtual-topology
profile DEFAULT-POLICY-DEFAULT
path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
!
+ profile PROD-AVT-POLICY-CRITICAL-APP
+ path-selection load-balance LB-PROD-AVT-POLICY-CRITICAL-APP
+ !
profile PROD-AVT-POLICY-DEFAULT
path-selection load-balance LB-PROD-AVT-POLICY-DEFAULT
!
@@ -121,6 +127,7 @@ router adaptive-virtual-topology
avt profile PROD-AVT-POLICY-VOICE id 2
avt profile PROD-AVT-POLICY-VIDEO id 4
avt profile PROD-AVT-POLICY-MPLS-ONLY id 5
+ avt profile PROD-AVT-POLICY-CRITICAL-APP id 6
!
vrf TRANSIT
avt policy TRANSIT-AVT-POLICY
@@ -190,6 +197,11 @@ router path-selection
path-group LAN_HA
path-group MPLS
!
+ load-balance policy LB-PROD-AVT-POLICY-CRITICAL-APP
+ loss-rate 45.0
+ path-group INET
+ path-group LAN_HA
+ !
load-balance policy LB-PROD-AVT-POLICY-DEFAULT
path-group INET
path-group LAN_HA
@@ -361,6 +373,9 @@ application traffic recognition
application ipv4 CUSTOM-APPLICATION-2
protocol tcp source port field-set TCP-SRC-2 destination port field-set TCP-DEST-2
!
+ application ipv4 CUSTOM-APPLICATION-3
+ protocol tcp source port field-set TCP-SRC-3 destination port field-set TCP-DEST-3
+ !
application ipv4 CUSTOM-DSCP-APPLICATION
dscp ef 12-14 cs6 42
!
@@ -372,6 +387,9 @@ application traffic recognition
application-profile APP-PROFILE-CONTROL-PLANE
application APP-CONTROL-PLANE
!
+ application-profile CRITICAL-APP
+ application CUSTOM-APPLICATION-3
+ !
application-profile MPLS-ONLY
!
application-profile VIDEO
@@ -395,8 +413,14 @@ application traffic recognition
field-set l4-port TCP-DEST-2
666, 777
!
+ field-set l4-port TCP-DEST-3
+ 880
+ !
field-set l4-port TCP-SRC-2
42
+ !
+ field-set l4-port TCP-SRC-3
+ 400
!
ip routing
ip routing vrf ATTRACTED-VRF-FROM-UPLINK
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg
new file mode 100644
index 00000000000..7202d6bfc42
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/node-type-l3-port-channels.cfg
@@ -0,0 +1,322 @@
+!
+no enable password
+no aaa root
+!
+agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP=1
+!
+flow tracking hardware
+ tracker FLOW-TRACKER
+ record export on inactive timeout 70000
+ record export on interval 300000
+ exporter CV-TELEMETRY
+ collector 127.0.0.1
+ local interface Loopback0
+ template interval 3600000
+ no shutdown
+!
+service routing protocols model multi-agent
+!
+hostname node-type-l3-port-channels
+!
+router adaptive-virtual-topology
+ topology role edge
+ region AVD_Land_East id 43
+ zone AVD_Land_East-ZONE id 1
+ site Site511 id 511
+ !
+ policy DEFAULT-POLICY-WITH-CP
+ !
+ match application-profile APP-PROFILE-CONTROL-PLANE
+ avt profile DEFAULT-POLICY-CONTROL-PLANE
+ !
+ match application-profile default
+ avt profile DEFAULT-POLICY-DEFAULT
+ !
+ profile DEFAULT-POLICY-CONTROL-PLANE
+ path-selection load-balance LB-DEFAULT-POLICY-CONTROL-PLANE
+ !
+ profile DEFAULT-POLICY-DEFAULT
+ path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
+ !
+ vrf default
+ avt policy DEFAULT-POLICY-WITH-CP
+ avt profile DEFAULT-POLICY-DEFAULT id 1
+ avt profile DEFAULT-POLICY-CONTROL-PLANE id 254
+!
+router path-selection
+ tcp mss ceiling ipv4 ingress
+ !
+ path-group INET id 101
+ ipsec profile CP-PROFILE
+ !
+ local interface Port-Channel2
+ !
+ local interface Port-Channel5
+ !
+ local interface Port-Channel5.100
+ !
+ local interface Port-Channel8
+ !
+ local interface Port-Channel19
+ !
+ peer dynamic
+ !
+ load-balance policy LB-DEFAULT-POLICY-CONTROL-PLANE
+ path-group INET
+ !
+ load-balance policy LB-DEFAULT-POLICY-DEFAULT
+ path-group INET
+!
+spanning-tree mode none
+!
+vrf instance MGMT
+!
+management api http-commands
+ protocol https
+ no shutdown
+ !
+ vrf MGMT
+ no shutdown
+!
+management security
+ !
+ ssl profile STUN-DTLS
+ tls versions 1.2
+ trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+ certificate STUN-DTLS.crt key STUN-DTLS.key
+!
+ip security
+ ike policy CP-IKE-POLICY
+ local-id 192.168.142.1
+ !
+ sa policy CP-SA-POLICY
+ esp encryption aes256gcm128
+ pfs dh-group 14
+ !
+ sa policy DP-SA-POLICY
+ esp encryption aes256gcm128
+ pfs dh-group 14
+ !
+ profile CP-PROFILE
+ ike-policy CP-IKE-POLICY
+ sa-policy CP-SA-POLICY
+ connection start
+ shared-key 7 ABCDEF1234567890
+ dpd 10 50 clear
+ mode transport
+ !
+ profile DP-PROFILE
+ sa-policy DP-SA-POLICY
+ connection start
+ shared-key 7 ABCDEF1234567890666
+ dpd 10 50 clear
+ mode transport
+ !
+ key controller
+ profile DP-PROFILE
+!
+interface Port-Channel2
+ description Cybercast_101_peer1_Port-Channel10
+ no shutdown
+ no switchport
+ flow tracker hardware FLOW-TRACKER
+ ip address 192.168.1.102/31
+ service-profile TEST-QOS-PROFILE1
+!
+interface Port-Channel5
+ description StreamFast_102_peer2_Port-Channel15
+ no shutdown
+ no switchport
+ ip address 192.168.1.105/31
+ service-policy type qos input TEST_POLICY
+ service-profile TEST-QOS-PROFILE1
+ ! TEST RAW_EOS_CLI
+
+!
+interface Port-Channel5.100
+ description ExtremeCable_105_peer2_Port-Channel15
+ no shutdown
+ encapsulation dot1q vlan 108
+ flow tracker hardware FLOW-TRACKER
+ ip address 192.168.100.115/31
+ service-profile TEST-QOS-PROFILE2
+!
+interface Port-Channel5.105
+ description peer2_Port-Channel16
+ no shutdown
+ encapsulation dot1q vlan 105
+ flow tracker hardware FLOW-TRACKER
+ ip address 192.168.100.116/31
+ service-profile TEST-QOS-PROFILE2
+!
+interface Port-Channel8
+ description BlizzardFast_peerDevice3_Port-Channel18
+ no shutdown
+ no switchport
+ flow tracker hardware FLOW-TRACKER
+ ip address dhcp
+ dhcp client accept default-route
+ service-profile TEST-QOS-PROFILE3
+ ! TEST RAW_EOS_CLI 123
+
+!
+interface Port-Channel19
+ description BlizzardFast_peerDevice4_Port-Channel20
+ shutdown
+ no switchport
+ ip address 192.168.1.19
+!
+interface Dps1
+ description DPS Interface
+ mtu 9194
+ flow tracker hardware FLOW-TRACKER
+ ip address 192.168.142.1/32
+!
+interface Ethernet1
+ description Cybercast_101_peerDevice1_Ethernet11
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 2 mode active
+!
+interface Ethernet1/4
+ description StreamFast_102_peerDevice2_Ethernet1/12
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 5 mode passive
+!
+interface Ethernet1/5
+ description StreamFast_102_peer2
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 5 mode passive
+!
+interface Ethernet1/10
+ description BlizzardFast_peerDevice3_Ethernet1/10
+ no shutdown
+ speed forced 1000full
+ no switchport
+ channel-group 8 mode on
+!
+interface Ethernet1/19
+ description BlizzardFast_peerDevice4_Ethernet1/19
+ shutdown
+ no switchport
+ channel-group 19 mode active
+!
+interface Ethernet1/20
+ description BlizzardFast_peerDevice4_Ethernet1/20
+ shutdown
+ no switchport
+ channel-group 19 mode active
+!
+interface Ethernet2
+ description Cybercast_101_peer1
+ no shutdown
+ speed forced 10000full
+ no switchport
+ channel-group 2 mode active
+!
+interface Ethernet3
+ description Custom eth3 description
+ no shutdown
+ no switchport
+ channel-group 2 mode active
+!
+interface Loopback0
+ description ROUTER_ID
+ no shutdown
+ ip address 192.168.255.1/32
+!
+interface Vxlan1
+ description node-type-l3-port-channels_VTEP
+ vxlan source-interface Dps1
+ vxlan udp-port 4789
+ vxlan vrf default vni 1
+!
+application traffic recognition
+ !
+ application ipv4 APP-CONTROL-PLANE
+ destination prefix field-set PFX-PATHFINDERS
+ !
+ application-profile APP-PROFILE-CONTROL-PLANE
+ application APP-CONTROL-PLANE
+ !
+ field-set ipv4 prefix PFX-PATHFINDERS
+!
+ip routing
+no ip routing vrf MGMT
+!
+ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.255.1:511
+!
+ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ seq 10 permit 192.168.255.0/24 eq 32
+!
+ip route 0.0.0.0/0 192.168.1.10
+!
+route-map RM-CONN-2-BGP permit 10
+ match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ set extcommunity soo 192.168.255.1:511 additive
+!
+route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10
+ match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN deny 10
+ match extcommunity ECL-EVPN-SOO
+!
+route-map RM-EVPN-SOO-IN permit 20
+!
+route-map RM-EVPN-SOO-OUT permit 10
+ set extcommunity soo 192.168.255.1:511 additive
+!
+router bfd
+ multihop interval 300 min-rx 300 multiplier 3
+!
+router bgp 65005
+ router-id 192.168.255.1
+ update wait-install
+ no bgp default ipv4-unicast
+ maximum-paths 16
+ neighbor WAN-OVERLAY-PEERS peer group
+ neighbor WAN-OVERLAY-PEERS remote-as 65005
+ neighbor WAN-OVERLAY-PEERS update-source Dps1
+ neighbor WAN-OVERLAY-PEERS bfd
+ neighbor WAN-OVERLAY-PEERS bfd interval 1000 min-rx 1000 multiplier 10
+ neighbor WAN-OVERLAY-PEERS ttl maximum-hops 1
+ neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
+ neighbor WAN-OVERLAY-PEERS send-community
+ neighbor WAN-OVERLAY-PEERS maximum-routes 0
+ redistribute connected route-map RM-CONN-2-BGP
+ !
+ address-family evpn
+ neighbor WAN-OVERLAY-PEERS activate
+ neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-IN in
+ neighbor WAN-OVERLAY-PEERS route-map RM-EVPN-SOO-OUT out
+ neighbor WAN-OVERLAY-PEERS encapsulation path-selection
+ !
+ address-family ipv4
+ no neighbor WAN-OVERLAY-PEERS activate
+ !
+ address-family ipv4 sr-te
+ neighbor WAN-OVERLAY-PEERS activate
+ !
+ address-family link-state
+ neighbor WAN-OVERLAY-PEERS activate
+ path-selection
+ !
+ address-family path-selection
+ bgp additional-paths receive
+ bgp additional-paths send any
+ neighbor WAN-OVERLAY-PEERS activate
+ !
+ vrf default
+ rd 192.168.255.1:1
+ route-target import evpn 1:1
+ route-target export evpn 1:1
+ route-target export evpn route-map RM-EVPN-EXPORT-VRF-DEFAULT
+!
+router traffic-engineering
+!
+end
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml
index 5d5afc6d38f..dc24869f3ae 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml
@@ -483,6 +483,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-POLICY-DEFAULT
@@ -506,6 +508,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -537,6 +541,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -638,6 +644,10 @@ router_path_selection:
- name: LB-PROD-AVT-POLICY-MPLS-ONLY
path_groups:
- name: MPLS
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -675,6 +685,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -691,6 +704,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -706,6 +724,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml
index de3888f213d..958b30960be 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge1.yml
@@ -22,6 +22,16 @@ router_bgp:
- ip_address: 172.28.0.14
remote_as: '64520'
route_map_out: RM-BGP-172.28.0.14-OUT
+ - ip_address: 172.31.0.1
+ remote_as: '64520'
+ description: ATT_404_peerDeviceA_Port-Channel2
+ route_map_in: RM-BGP-172.31.0.1-IN
+ route_map_out: RM-BGP-172.31.0.1-OUT
+ - ip_address: 172.31.0.10
+ remote_as: '64520'
+ description: Orange_peerDevice10_Port-Channel455
+ route_map_in: RM-BGP-172.31.0.10-IN
+ route_map_out: RM-BGP-172.31.0.10-OUT
- ip_address: 172.17.0.2
peer_group: IPv4-UNDERLAY-PEERS
remote_as: '65199'
@@ -41,6 +51,10 @@ router_bgp:
activate: true
- ip_address: 172.28.0.14
activate: true
+ - ip_address: 172.31.0.1
+ activate: true
+ - ip_address: 172.31.0.10
+ activate: true
peer_groups:
- name: IPv4-UNDERLAY-PEERS
activate: true
@@ -196,7 +210,7 @@ prefix_lists:
- sequence: 10
action: permit 5.0.0.0/0
- sequence: 20
- action: deny 10.00.0.0/24
+ action: deny 10.0.0.0/24
- name: ALLOW-DEFAULT
sequence_numbers:
- sequence: 10
@@ -228,6 +242,34 @@ route_maps:
- ip address prefix-list PL2
- sequence: 20
type: deny
+- name: RM-BGP-172.31.0.1-IN
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - ip address prefix-list PL2
+ set:
+ - community no-advertise additive
+- name: RM-BGP-172.31.0.1-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - ip address prefix-list ALLOW-DEFAULT
+ - sequence: 20
+ type: deny
+- name: RM-BGP-172.31.0.10-IN
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - ip address prefix-list PL2
+ set:
+ - community no-advertise additive
+- name: RM-BGP-172.31.0.10-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: deny
- name: RM-CONN-2-BGP
sequence_numbers:
- sequence: 10
@@ -352,11 +394,125 @@ ethernet_interfaces:
enabled: false
peer_type: l3_interface
shutdown: false
+- name: Ethernet6
+ description: ATT_404_peerDevice1_PeerDevIntf1
+ peer_type: l3_port_channel_member
+ peer: peerDevice1
+ peer_interface: PeerDevIntf1
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 1
+ mode: active
+- name: Ethernet7
+ description: ATT_404_peerDeviceA
+ peer_type: l3_port_channel_member
+ peer: peerDeviceA
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 1
+ mode: active
+- name: Ethernet1/10
+ description: Orange_peerDevice10
+ peer_type: l3_port_channel_member
+ peer: peerDevice10
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 450
+ mode: 'on'
+- name: Ethernet1/16
+ description: Comcast_peerDevice11
+ peer_type: l3_port_channel_member
+ peer: peerDevice11
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: auto 10000full
+ channel_group:
+ id: 540
+ mode: active
+- name: Ethernet1/17
+ description: Comcast_peerDevice11
+ peer_type: l3_port_channel_member
+ peer: peerDevice11
+ shutdown: false
+ switchport:
+ enabled: false
+ channel_group:
+ id: 540
+ mode: active
+- name: Ethernet1/18
+ description: Comcast_peerDevice11
+ peer_type: l3_port_channel_member
+ peer: peerDevice11
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: 1000full
+ channel_group:
+ id: 540
+ mode: active
+port_channel_interfaces:
+- name: Port-Channel1
+ peer_type: l3_port_channel
+ peer: peerDeviceA
+ peer_interface: Port-Channel2
+ ip_address: 172.15.5.7/31
+ shutdown: false
+ switchport:
+ enabled: false
+ description: ATT_404_peerDeviceA_Port-Channel2
+ flow_tracker:
+ hardware: FLOW-TRACKER
+- name: Port-Channel450
+ peer_type: l3_port_channel
+ peer: peerDevice10
+ peer_interface: Port-Channel455
+ ip_address: 172.15.5.8/31
+ shutdown: false
+ switchport:
+ enabled: false
+ description: Orange_peerDevice10_Port-Channel455
+- name: Port-Channel540
+ peer_type: l3_port_channel
+ peer: peerDevice11
+ peer_interface: Port-Channel545
+ ip_address: 172.15.6.9/31
+ shutdown: false
+ switchport:
+ enabled: false
+ description: Comcast_peerDevice11_Port-Channel545
+ access_group_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540
+ access_group_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540
loopback_interfaces:
- name: Loopback0
description: ROUTER_ID
shutdown: false
ip_address: 192.168.42.2/32
+static_routes:
+- destination_address_prefix: 172.16.0.0/16
+ gateway: 172.31.0.1
+- destination_address_prefix: 172.17.0.0/16
+ gateway: 172.31.0.10
+- destination_address_prefix: 172.18.0.0/16
+ gateway: 172.31.0.11
+- destination_address_prefix: 10.37.121.1/32
+ name: IE-ZSCALER-PRI
+ gateway: 172.31.0.1
+- destination_address_prefix: 10.39.77.1/32
+ name: IE-ZSCALER-SEC
+ gateway: 172.31.0.1
+- destination_address_prefix: 10.50.9.1/32
+ name: IE-ZSCALER-TER
+ gateway: 172.31.0.1
agents:
- name: KernelFib
environment_variables:
@@ -374,6 +530,24 @@ ip_access_lists:
destination: 172.24.49.3
action: permit
protocol: ip
+- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Port-Channel540
+ entries:
+ - source: any
+ destination: 172.15.6.9
+ sequence: 15
+ action: deny
+ protocol: ip
+ - source: 172.31.0.11
+ destination: 172.15.6.9
+ action: permit
+ protocol: ip
+- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Port-Channel540
+ entries:
+ - remark: Some remark will not require source and destination fields.
+ - source: 172.15.6.9
+ destination: any
+ action: permit
+ protocol: ip
- name: ACL-NAT-IE-DIRECT
entries:
- source: any
@@ -417,6 +591,11 @@ ip_security:
ike_lifetime: 24
encryption: aes256
dh_group: 24
+ - name: IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY
+ local_id_fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-3@test.local
+ ike_lifetime: 24
+ encryption: aes256
+ dh_group: 24
sa_policies:
- name: DP-SA-POLICY
esp:
@@ -440,6 +619,13 @@ ip_security:
esp:
integrity: sha256
encryption: aes256
+ - name: IE-ZSCALER-EXIT-POLICY-3-SA-POLICY
+ pfs_dh_group: 24
+ sa_lifetime:
+ value: 8
+ esp:
+ integrity: sha256
+ encryption: aes256
profiles:
- name: DP-PROFILE
sa_policy: DP-SA-POLICY
@@ -478,6 +664,15 @@ ip_security:
time: 60
action: clear
connection: start
+ - name: IE-ZSCALER-EXIT-POLICY-3-PROFILE
+ ike_policy: IE-ZSCALER-EXIT-POLICY-3-IKE-POLICY
+ sa_policy: IE-ZSCALER-EXIT-POLICY-3-SA-POLICY
+ shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0A67637B7B666B3873293274733B31233B6D2A332315696A
+ dpd:
+ interval: 10
+ time: 60
+ action: clear
+ connection: start
key_controller:
profile: DP-PROFILE
management_security:
@@ -515,6 +710,9 @@ router_adaptive_virtual_topology:
- name: PROD-AVT-POLICY-VIDEO
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
internet_exit_policy: ZSCALER-EXIT-POLICY-2
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
+ internet_exit_policy: ZSCALER-EXIT-POLICY-3
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-POLICY-DEFAULT
@@ -536,6 +734,8 @@ router_adaptive_virtual_topology:
id: 2
- name: PROD-AVT-POLICY-VIDEO
id: 4
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -565,6 +765,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VOICE
- application_profile: VIDEO
avt_profile: PROD-AVT-POLICY-VIDEO
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -610,6 +812,21 @@ router_path_selection:
server_profiles:
- INET-cv-pathfinder-pathfinder1-Ethernet1
- INET-cv-pathfinder-pathfinder2-Ethernet1
+ - name: Port-Channel1
+ stun:
+ server_profiles:
+ - INET-cv-pathfinder-pathfinder1-Ethernet1
+ - INET-cv-pathfinder-pathfinder2-Ethernet1
+ - name: Port-Channel450
+ stun:
+ server_profiles:
+ - INET-cv-pathfinder-pathfinder1-Ethernet1
+ - INET-cv-pathfinder-pathfinder2-Ethernet1
+ - name: Port-Channel540
+ stun:
+ server_profiles:
+ - INET-cv-pathfinder-pathfinder1-Ethernet1
+ - INET-cv-pathfinder-pathfinder2-Ethernet1
dynamic_peers:
enabled: true
static_peers:
@@ -645,6 +862,12 @@ router_path_selection:
- name: INET
priority: 2
loss_rate: '42.0'
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: AWS
+ priority: 2
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -678,6 +901,9 @@ application_traffic_recognition:
- name: VOICE
applications:
- name: CUSTOM-VOICE-APPLICATION
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -694,6 +920,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -709,6 +940,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
@@ -746,16 +983,6 @@ ip_nat:
ranges:
- first_port: 1500
last_port: 65535
-static_routes:
-- destination_address_prefix: 10.37.121.1/32
- name: IE-ZSCALER-PRI
- gateway: 172.31.0.1
-- destination_address_prefix: 10.39.77.1/32
- name: IE-ZSCALER-SEC
- gateway: 172.31.0.1
-- destination_address_prefix: 10.50.9.1/32
- name: IE-ZSCALER-TER
- gateway: 172.31.0.1
router_service_insertion:
enabled: true
connections:
@@ -788,6 +1015,18 @@ router_service_insertion:
monitor_connectivity_host: IE-Tunnel112
tunnel_interface:
primary: Tunnel112
+ - name: IE-Tunnel200
+ monitor_connectivity_host: IE-Tunnel200
+ tunnel_interface:
+ primary: Tunnel200
+ - name: IE-Tunnel201
+ monitor_connectivity_host: IE-Tunnel201
+ tunnel_interface:
+ primary: Tunnel201
+ - name: IE-Tunnel202
+ monitor_connectivity_host: IE-Tunnel202
+ tunnel_interface:
+ primary: Tunnel202
router_internet_exit:
exit_groups:
- name: DIRECT-EXIT-POLICY-1
@@ -811,6 +1050,15 @@ router_internet_exit:
- name: ZSCALER-EXIT-POLICY-2_TER
local_connections:
- name: IE-Tunnel112
+ - name: ZSCALER-EXIT-POLICY-3_PRI
+ local_connections:
+ - name: IE-Tunnel200
+ - name: ZSCALER-EXIT-POLICY-3_SEC
+ local_connections:
+ - name: IE-Tunnel201
+ - name: ZSCALER-EXIT-POLICY-3_TER
+ local_connections:
+ - name: IE-Tunnel202
policies:
- name: DIRECT-EXIT-POLICY-1
exit_groups:
@@ -826,6 +1074,11 @@ router_internet_exit:
- name: ZSCALER-EXIT-POLICY-2_PRI
- name: ZSCALER-EXIT-POLICY-2_SEC
- name: ZSCALER-EXIT-POLICY-2_TER
+ - name: ZSCALER-EXIT-POLICY-3
+ exit_groups:
+ - name: ZSCALER-EXIT-POLICY-3_PRI
+ - name: ZSCALER-EXIT-POLICY-3_SEC
+ - name: ZSCALER-EXIT-POLICY-3_TER
dps_interfaces:
- name: Dps1
description: DPS Interface
@@ -903,6 +1156,33 @@ tunnel_interfaces:
destination: 10.50.9.1
ipsec_profile: IE-ZSCALER-EXIT-POLICY-2-PROFILE
nat_profile: NAT-IE-ZSCALER
+- name: Tunnel200
+ description: Internet Exit ZSCALER-EXIT-POLICY-3 PRI
+ mtu: 1394
+ ip_address: unnumbered Loopback0
+ tunnel_mode: ipsec
+ source_interface: Port-Channel1
+ destination: 10.37.121.1
+ ipsec_profile: IE-ZSCALER-EXIT-POLICY-3-PROFILE
+ nat_profile: NAT-IE-ZSCALER
+- name: Tunnel201
+ description: Internet Exit ZSCALER-EXIT-POLICY-3 SEC
+ mtu: 1394
+ ip_address: unnumbered Loopback0
+ tunnel_mode: ipsec
+ source_interface: Port-Channel1
+ destination: 10.39.77.1
+ ipsec_profile: IE-ZSCALER-EXIT-POLICY-3-PROFILE
+ nat_profile: NAT-IE-ZSCALER
+- name: Tunnel202
+ description: Internet Exit ZSCALER-EXIT-POLICY-3 TER
+ mtu: 1394
+ ip_address: unnumbered Loopback0
+ tunnel_mode: ipsec
+ source_interface: Port-Channel1
+ destination: 10.50.9.1
+ ipsec_profile: IE-ZSCALER-EXIT-POLICY-3-PROFILE
+ nat_profile: NAT-IE-ZSCALER
monitor_connectivity:
interface_sets:
- name: SET-Ethernet3
@@ -919,6 +1199,12 @@ monitor_connectivity:
interfaces: Tunnel111
- name: SET-Tunnel112
interfaces: Tunnel112
+ - name: SET-Tunnel200
+ interfaces: Tunnel200
+ - name: SET-Tunnel201
+ interfaces: Tunnel201
+ - name: SET-Tunnel202
+ interfaces: Tunnel202
hosts:
- name: IE-Ethernet3
description: Internet Exit DIRECT-EXIT-POLICY-1
@@ -961,6 +1247,24 @@ monitor_connectivity:
local_interfaces: SET-Tunnel112
address_only: false
url: http://gateway.zscalerbeta.net/vpntest
+ - name: IE-Tunnel200
+ description: Internet Exit ZSCALER-EXIT-POLICY-3 PRI
+ ip: 10.37.121.1
+ local_interfaces: SET-Tunnel200
+ address_only: false
+ url: http://gateway.zscalerbeta.net/vpntest
+ - name: IE-Tunnel201
+ description: Internet Exit ZSCALER-EXIT-POLICY-3 SEC
+ ip: 10.39.77.1
+ local_interfaces: SET-Tunnel201
+ address_only: false
+ url: http://gateway.zscalerbeta.net/vpntest
+ - name: IE-Tunnel202
+ description: Internet Exit ZSCALER-EXIT-POLICY-3 TER
+ ip: 10.50.9.1
+ local_interfaces: SET-Tunnel202
+ address_only: false
+ url: http://gateway.zscalerbeta.net/vpntest
shutdown: false
metadata:
cv_pathfinder:
@@ -1049,6 +1353,48 @@ metadata:
region: eu-west1
latitude: '50'
longitude: '9'
+ - name: ZSCALER-EXIT-POLICY-3
+ type: zscaler
+ city: Santa Clara, CA
+ country: United States
+ firewall: false
+ ips_control: false
+ acceptable_use_policy: false
+ vpn_credentials:
+ - fqdn: cv-pathfinder-edge1_ZSCALER-EXIT-POLICY-3@test.local
+ vpn_type: UFQDN
+ pre_shared_key: 0007054B145A1F0E0928424A0C0B4812160C09551511170B121907214A333B286214687C782720215B0A67637B7B666B3873293274733B31233B6D2A332315696A
+ tunnels:
+ - name: Tunnel200
+ preference: Preferred
+ endpoint:
+ ip_address: 10.37.121.1
+ datacenter: FMT1
+ city: Fremont, CA
+ country: United States
+ region: us-west1
+ latitude: '37'
+ longitude: '-121'
+ - name: Tunnel201
+ preference: Alternate
+ endpoint:
+ ip_address: 10.39.77.1
+ datacenter: WAS1
+ city: Washington, DC
+ country: United States
+ region: us-east1
+ latitude: '39'
+ longitude: '-77'
+ - name: Tunnel202
+ preference: Alternate
+ endpoint:
+ ip_address: 10.50.9.1
+ datacenter: FRA4
+ city: Frankfurt
+ country: Germany
+ region: eu-west1
+ latitude: '50'
+ longitude: '9'
role: edge
ssl_profile: profileA
vtep_ip: 192.168.142.2
@@ -1068,6 +1414,16 @@ metadata:
carrier: ATT
circuit_id: '404'
pathgroup: INET
+ - name: Port-Channel1
+ carrier: ATT
+ circuit_id: '404'
+ pathgroup: INET
+ - name: Port-Channel450
+ carrier: Orange
+ pathgroup: INET
+ - name: Port-Channel540
+ carrier: Comcast
+ pathgroup: INET
pathfinders:
- vtep_ip: 192.168.144.2
- vtep_ip: 192.168.144.3
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml
index e5b55b5cdaa..a767e6f3c0a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml
@@ -499,6 +499,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-POLICY-DEFAULT
@@ -522,6 +524,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -553,6 +557,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -633,6 +639,11 @@ router_path_selection:
- name: LB-PROD-AVT-POLICY-MPLS-ONLY
path_groups:
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -666,6 +677,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -682,6 +696,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -697,6 +716,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml
index 13d4ac9ac68..614c8c24ebe 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml
@@ -482,6 +482,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-POLICY-DEFAULT
@@ -505,6 +507,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -536,6 +540,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -617,6 +623,10 @@ router_path_selection:
path_groups:
- name: MPLS
- name: CUSTOM_LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: CUSTOM_LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: MPLS
@@ -648,6 +658,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -664,6 +677,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -679,6 +697,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml
index effa2d4a8b3..9cda7bf959c 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3A.yml
@@ -334,6 +334,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
vrfs:
@@ -355,6 +357,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -381,6 +385,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -455,6 +461,11 @@ router_path_selection:
- name: LB-PROD-AVT-POLICY-MPLS-ONLY
path_groups:
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -484,6 +495,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -500,6 +514,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -515,6 +534,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml
index 451caef49c9..22ee556e080 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge3B.yml
@@ -333,6 +333,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
vrfs:
@@ -354,6 +356,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -380,6 +384,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -455,6 +461,10 @@ router_path_selection:
path_groups:
- name: MPLS
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: MPLS
@@ -482,6 +492,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -498,6 +511,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -513,6 +531,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml
index 84006493a56..35c30339251 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4A.yml
@@ -358,6 +358,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
vrfs:
@@ -379,6 +381,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -405,6 +409,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -478,6 +484,11 @@ router_path_selection:
- name: LB-PROD-AVT-POLICY-MPLS-ONLY
path_groups:
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -507,6 +518,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -523,6 +537,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -538,6 +557,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml
index cfa89076411..5b71f6ee3f1 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge4B.yml
@@ -358,6 +358,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
vrfs:
@@ -379,6 +381,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -405,6 +409,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -478,6 +484,11 @@ router_path_selection:
- name: LB-PROD-AVT-POLICY-MPLS-ONLY
path_groups:
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -507,6 +518,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -523,6 +537,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -538,6 +557,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
index a16d246a099..7c2e6ddd943 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml
@@ -215,6 +215,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: CUSTOM-VOICE-PROFILE-NAME
@@ -242,6 +244,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -280,6 +284,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -377,6 +383,13 @@ router_path_selection:
path_groups:
- name: MPLS
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: AWS
+ priority: 2
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -428,6 +441,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -444,6 +460,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -459,6 +480,12 @@ application_traffic_recognition:
src_prefix_set_name: PFX-LOCAL-VTEP-IP
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
@@ -517,6 +544,9 @@ metadata:
builtin_applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ user_defined_applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
user_defined_applications:
- name: APP-CONTROL-PLANE
@@ -692,6 +722,19 @@ metadata:
preference: preferred
application_profiles:
- MPLS-ONLY
+ - constraints:
+ lossrate: 45.0
+ id: 6
+ name: PROD-AVT-POLICY-CRITICAL-APP
+ pathgroups:
+ - name: INET
+ preference: preferred
+ - name: AWS
+ preference: alternate
+ - name: LAN_HA
+ preference: preferred
+ application_profiles:
+ - CRITICAL-APP
- id: 1
name: PROD-AVT-POLICY-DEFAULT
pathgroups:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
index fb494dc1aca..5d5117bc84d 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml
@@ -231,6 +231,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: CUSTOM-VOICE-PROFILE-NAME
@@ -258,6 +260,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -296,6 +300,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -396,6 +402,13 @@ router_path_selection:
path_groups:
- name: MPLS
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: AWS
+ priority: 2
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -445,6 +458,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -461,6 +477,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -476,6 +497,12 @@ application_traffic_recognition:
src_prefix_set_name: PFX-LOCAL-VTEP-IP
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
@@ -534,6 +561,9 @@ metadata:
builtin_applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ user_defined_applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
user_defined_applications:
- name: APP-CONTROL-PLANE
@@ -700,6 +730,19 @@ metadata:
preference: preferred
application_profiles:
- MPLS-ONLY
+ - constraints:
+ lossrate: 45.0
+ id: 6
+ name: PROD-AVT-POLICY-CRITICAL-APP
+ pathgroups:
+ - name: INET
+ preference: preferred
+ - name: AWS
+ preference: alternate
+ - name: LAN_HA
+ preference: preferred
+ application_profiles:
+ - CRITICAL-APP
- id: 1
name: PROD-AVT-POLICY-DEFAULT
pathgroups:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
index 6da01081346..396e4e4fd53 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml
@@ -238,6 +238,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: CUSTOM-VOICE-PROFILE-NAME
@@ -265,6 +267,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -303,6 +307,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -413,6 +419,13 @@ router_path_selection:
path_groups:
- name: MPLS
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: AWS
+ priority: 2
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -463,6 +476,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -479,6 +495,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -494,6 +515,12 @@ application_traffic_recognition:
src_prefix_set_name: PFX-LOCAL-VTEP-IP
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
@@ -552,6 +579,9 @@ metadata:
builtin_applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ user_defined_applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
user_defined_applications:
- name: APP-CONTROL-PLANE
@@ -721,6 +751,19 @@ metadata:
preference: preferred
application_profiles:
- MPLS-ONLY
+ - constraints:
+ lossrate: 45.0
+ id: 6
+ name: PROD-AVT-POLICY-CRITICAL-APP
+ pathgroups:
+ - name: INET
+ preference: preferred
+ - name: AWS
+ preference: alternate
+ - name: LAN_HA
+ preference: preferred
+ application_profiles:
+ - CRITICAL-APP
- id: 1
name: PROD-AVT-POLICY-DEFAULT
pathgroups:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
index b42ca1cd3e3..1710d303e3c 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1A.yml
@@ -477,6 +477,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: CUSTOM-VOICE-PROFILE-NAME
@@ -505,6 +507,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -543,6 +547,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -651,6 +657,11 @@ router_path_selection:
path_groups:
- name: MPLS
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -702,6 +713,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -718,6 +732,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -733,6 +752,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml
index 4b42d7cbaa8..977abd30a51 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-transit1B.yml
@@ -475,6 +475,8 @@ router_adaptive_virtual_topology:
load_balance_policy: LB-PROD-AVT-POLICY-VIDEO
- name: PROD-AVT-POLICY-MPLS-ONLY
load_balance_policy: LB-PROD-AVT-POLICY-MPLS-ONLY
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ load_balance_policy: LB-PROD-AVT-POLICY-CRITICAL-APP
- name: PROD-AVT-POLICY-DEFAULT
load_balance_policy: LB-PROD-AVT-POLICY-DEFAULT
- name: CUSTOM-VOICE-PROFILE-NAME
@@ -502,6 +504,8 @@ router_adaptive_virtual_topology:
id: 4
- name: PROD-AVT-POLICY-MPLS-ONLY
id: 5
+ - name: PROD-AVT-POLICY-CRITICAL-APP
+ id: 6
- name: PROD-AVT-POLICY-DEFAULT
id: 1
- name: IT
@@ -540,6 +544,8 @@ router_adaptive_virtual_topology:
avt_profile: PROD-AVT-POLICY-VIDEO
- application_profile: MPLS-ONLY
avt_profile: PROD-AVT-POLICY-MPLS-ONLY
+ - application_profile: CRITICAL-APP
+ avt_profile: PROD-AVT-POLICY-CRITICAL-APP
- application_profile: default
avt_profile: PROD-AVT-POLICY-DEFAULT
- name: DEFAULT-AVT-POLICY
@@ -648,6 +654,11 @@ router_path_selection:
path_groups:
- name: MPLS
- name: LAN_HA
+ - name: LB-PROD-AVT-POLICY-CRITICAL-APP
+ path_groups:
+ - name: INET
+ - name: LAN_HA
+ loss_rate: '45.0'
- name: LB-PROD-AVT-POLICY-DEFAULT
path_groups:
- name: INET
@@ -699,6 +710,9 @@ application_traffic_recognition:
applications:
- name: CUSTOM-VOICE-APPLICATION
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ - name: CUSTOM-APPLICATION-3
- name: APP-PROFILE-CONTROL-PLANE
applications:
- name: APP-CONTROL-PLANE
@@ -715,6 +729,11 @@ application_traffic_recognition:
dest_prefix_set_name: CUSTOM-DEST-PREFIX-1
protocols:
- tcp
+ - name: CUSTOM-APPLICATION-3
+ protocols:
+ - tcp
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-APPLICATION-2
protocols:
- tcp
@@ -730,6 +749,12 @@ application_traffic_recognition:
dest_prefix_set_name: PFX-PATHFINDERS
field_sets:
l4_ports:
+ - name: TCP-SRC-3
+ port_values:
+ - '400'
+ - name: TCP-DEST-3
+ port_values:
+ - '880'
- name: TCP-SRC-2
port_values:
- '42'
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml
new file mode 100644
index 00000000000..c41d30a289c
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/node-type-l3-port-channels.yml
@@ -0,0 +1,495 @@
+hostname: node-type-l3-port-channels
+is_deployed: true
+router_bgp:
+ as: '65005'
+ router_id: 192.168.255.1
+ bgp:
+ default:
+ ipv4_unicast: false
+ maximum_paths:
+ paths: 16
+ redistribute:
+ connected:
+ enabled: true
+ route_map: RM-CONN-2-BGP
+ updates:
+ wait_install: true
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ type: wan
+ update_source: Dps1
+ bfd: true
+ password: htm4AZe9mIQOO1uiMuGgYQ==
+ send_community: all
+ maximum_routes: 0
+ remote_as: '65005'
+ ttl_maximum_hops: 1
+ bfd_timers:
+ interval: 1000
+ min_rx: 1000
+ multiplier: 10
+ address_family_evpn:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ encapsulation: path-selection
+ route_map_in: RM-EVPN-SOO-IN
+ route_map_out: RM-EVPN-SOO-OUT
+ address_family_ipv4:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: false
+ address_family_ipv4_sr_te:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ address_family_link_state:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ path_selection:
+ roles:
+ producer: true
+ address_family_path_selection:
+ peer_groups:
+ - name: WAN-OVERLAY-PEERS
+ activate: true
+ bgp:
+ additional_paths:
+ receive: true
+ send: any
+ vrfs:
+ - name: default
+ rd: 192.168.255.1:1
+ route_targets:
+ import:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ export:
+ - address_family: evpn
+ route_targets:
+ - '1:1'
+ - route-map RM-EVPN-EXPORT-VRF-DEFAULT
+service_routing_protocols_model: multi-agent
+ip_routing: true
+aaa_root:
+ disabled: true
+config_end: true
+enable_password:
+ disabled: true
+transceiver_qsfp_default_mode_4x10: false
+spanning_tree:
+ mode: none
+vrfs:
+- name: MGMT
+ ip_routing: false
+management_api_http:
+ enable_vrfs:
+ - name: MGMT
+ enable_https: true
+ethernet_interfaces:
+- name: Ethernet1
+ description: Cybercast_101_peerDevice1_Ethernet11
+ peer_type: l3_port_channel_member
+ peer: peerDevice1
+ peer_interface: Ethernet11
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 2
+ mode: active
+- name: Ethernet2
+ description: Cybercast_101_peer1
+ peer_type: l3_port_channel_member
+ peer: peer1
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 2
+ mode: active
+- name: Ethernet3
+ description: Custom eth3 description
+ peer_type: l3_port_channel_member
+ peer: peer1
+ shutdown: false
+ switchport:
+ enabled: false
+ channel_group:
+ id: 2
+ mode: active
+- name: Ethernet1/4
+ description: StreamFast_102_peerDevice2_Ethernet1/12
+ peer_type: l3_port_channel_member
+ peer: peerDevice2
+ peer_interface: Ethernet1/12
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 5
+ mode: passive
+- name: Ethernet1/5
+ description: StreamFast_102_peer2
+ peer_type: l3_port_channel_member
+ peer: peer2
+ shutdown: false
+ switchport:
+ enabled: false
+ speed: forced 10000full
+ channel_group:
+ id: 5
+ mode: passive
+- name: Ethernet1/10
+ description: BlizzardFast_peerDevice3_Ethernet1/10
+ peer_type: l3_port_channel_member
+ peer: peerDevice3
+ peer_interface: Ethernet1/10
+ shutdown: false
+ switchport:
+ enabled: false
+ channel_group:
+ id: 8
+ mode: 'on'
+ speed: forced 1000full
+- name: Ethernet1/19
+ description: BlizzardFast_peerDevice4_Ethernet1/19
+ peer_type: l3_port_channel_member
+ peer: peerDevice4
+ peer_interface: Ethernet1/19
+ shutdown: true
+ switchport:
+ enabled: false
+ channel_group:
+ id: 19
+ mode: active
+- name: Ethernet1/20
+ description: BlizzardFast_peerDevice4_Ethernet1/20
+ peer_type: l3_port_channel_member
+ peer: peerDevice4
+ peer_interface: Ethernet1/20
+ shutdown: true
+ switchport:
+ enabled: false
+ channel_group:
+ id: 19
+ mode: active
+port_channel_interfaces:
+- name: Port-Channel2
+ peer_type: l3_port_channel
+ peer: peer1
+ peer_interface: Port-Channel10
+ ip_address: 192.168.1.102/31
+ shutdown: false
+ switchport:
+ enabled: false
+ description: Cybercast_101_peer1_Port-Channel10
+ service_profile: TEST-QOS-PROFILE1
+ flow_tracker:
+ hardware: FLOW-TRACKER
+- name: Port-Channel5
+ peer_type: l3_port_channel
+ peer: peer2
+ peer_interface: Port-Channel15
+ ip_address: 192.168.1.105/31
+ shutdown: false
+ switchport:
+ enabled: false
+ description: StreamFast_102_peer2_Port-Channel15
+ service_profile: TEST-QOS-PROFILE1
+ eos_cli: '! TEST RAW_EOS_CLI
+
+ '
+ service_policy:
+ qos:
+ input: TEST_POLICY
+- name: Port-Channel5.100
+ peer_type: l3_port_channel
+ peer: peer2
+ peer_interface: Port-Channel15
+ ip_address: 192.168.100.115/31
+ shutdown: false
+ description: ExtremeCable_105_peer2_Port-Channel15
+ service_profile: TEST-QOS-PROFILE2
+ flow_tracker:
+ hardware: FLOW-TRACKER
+ encapsulation_dot1q:
+ vlan: 108
+- name: Port-Channel5.105
+ peer_type: l3_port_channel
+ peer: peer2
+ peer_interface: Port-Channel16
+ ip_address: 192.168.100.116/31
+ shutdown: false
+ description: peer2_Port-Channel16
+ service_profile: TEST-QOS-PROFILE2
+ flow_tracker:
+ hardware: FLOW-TRACKER
+ encapsulation_dot1q:
+ vlan: 105
+- name: Port-Channel8
+ peer_type: l3_port_channel
+ peer: peerDevice3
+ peer_interface: Port-Channel18
+ ip_address: dhcp
+ shutdown: false
+ switchport:
+ enabled: false
+ description: BlizzardFast_peerDevice3_Port-Channel18
+ service_profile: TEST-QOS-PROFILE3
+ eos_cli: '! TEST RAW_EOS_CLI 123
+
+ '
+ flow_tracker:
+ hardware: FLOW-TRACKER
+ dhcp_client_accept_default_route: true
+- name: Port-Channel19
+ peer_type: l3_port_channel
+ peer: peerDevice4
+ peer_interface: Port-Channel20
+ ip_address: 192.168.1.19
+ shutdown: true
+ switchport:
+ enabled: false
+ description: BlizzardFast_peerDevice4_Port-Channel20
+loopback_interfaces:
+- name: Loopback0
+ description: ROUTER_ID
+ shutdown: false
+ ip_address: 192.168.255.1/32
+prefix_lists:
+- name: PL-LOOPBACKS-EVPN-OVERLAY
+ sequence_numbers:
+ - sequence: 10
+ action: permit 192.168.255.0/24 eq 32
+route_maps:
+- name: RM-CONN-2-BGP
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
+ set:
+ - extcommunity soo 192.168.255.1:511 additive
+- name: RM-EVPN-SOO-IN
+ sequence_numbers:
+ - sequence: 10
+ type: deny
+ match:
+ - extcommunity ECL-EVPN-SOO
+ - sequence: 20
+ type: permit
+- name: RM-EVPN-SOO-OUT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ set:
+ - extcommunity soo 192.168.255.1:511 additive
+- name: RM-EVPN-EXPORT-VRF-DEFAULT
+ sequence_numbers:
+ - sequence: 10
+ type: permit
+ match:
+ - extcommunity ECL-EVPN-SOO
+static_routes:
+- destination_address_prefix: 0.0.0.0/0
+ gateway: 192.168.1.10
+agents:
+- name: KernelFib
+ environment_variables:
+ - name: KERNELFIB_PROGRAM_ALL_ECMP
+ value: '1'
+ip_extcommunity_lists:
+- name: ECL-EVPN-SOO
+ entries:
+ - type: permit
+ extcommunities: soo 192.168.255.1:511
+ip_security:
+ ike_policies:
+ - name: CP-IKE-POLICY
+ local_id: 192.168.142.1
+ sa_policies:
+ - name: DP-SA-POLICY
+ esp:
+ encryption: aes256gcm128
+ pfs_dh_group: 14
+ - name: CP-SA-POLICY
+ esp:
+ encryption: aes256gcm128
+ pfs_dh_group: 14
+ profiles:
+ - name: DP-PROFILE
+ sa_policy: DP-SA-POLICY
+ connection: start
+ shared_key: ABCDEF1234567890666
+ dpd:
+ interval: 10
+ time: 50
+ action: clear
+ mode: transport
+ - name: CP-PROFILE
+ ike_policy: CP-IKE-POLICY
+ sa_policy: CP-SA-POLICY
+ connection: start
+ shared_key: ABCDEF1234567890
+ dpd:
+ interval: 10
+ time: 50
+ action: clear
+ mode: transport
+ key_controller:
+ profile: DP-PROFILE
+management_security:
+ ssl_profiles:
+ - name: STUN-DTLS
+ certificate:
+ file: STUN-DTLS.crt
+ key: STUN-DTLS.key
+ trust_certificate:
+ certificates:
+ - aristaDeviceCertProvisionerDefaultRootCA.crt
+ tls_versions: '1.2'
+router_adaptive_virtual_topology:
+ topology_role: edge
+ region:
+ name: AVD_Land_East
+ id: 43
+ zone:
+ name: AVD_Land_East-ZONE
+ id: 1
+ site:
+ name: Site511
+ id: 511
+ profiles:
+ - name: DEFAULT-POLICY-CONTROL-PLANE
+ load_balance_policy: LB-DEFAULT-POLICY-CONTROL-PLANE
+ - name: DEFAULT-POLICY-DEFAULT
+ load_balance_policy: LB-DEFAULT-POLICY-DEFAULT
+ vrfs:
+ - name: default
+ policy: DEFAULT-POLICY-WITH-CP
+ profiles:
+ - name: DEFAULT-POLICY-CONTROL-PLANE
+ id: 254
+ - name: DEFAULT-POLICY-DEFAULT
+ id: 1
+ policies:
+ - name: DEFAULT-POLICY-WITH-CP
+ matches:
+ - application_profile: APP-PROFILE-CONTROL-PLANE
+ avt_profile: DEFAULT-POLICY-CONTROL-PLANE
+ - application_profile: default
+ avt_profile: DEFAULT-POLICY-DEFAULT
+router_bfd:
+ multihop:
+ interval: 300
+ min_rx: 300
+ multiplier: 3
+router_path_selection:
+ tcp_mss_ceiling:
+ ipv4_segment_size: auto
+ path_groups:
+ - name: INET
+ id: 101
+ local_interfaces:
+ - name: Port-Channel2
+ - name: Port-Channel5
+ - name: Port-Channel5.100
+ - name: Port-Channel8
+ - name: Port-Channel19
+ dynamic_peers:
+ enabled: true
+ ipsec_profile: CP-PROFILE
+ load_balance_policies:
+ - name: LB-DEFAULT-POLICY-CONTROL-PLANE
+ path_groups:
+ - name: INET
+ - name: LB-DEFAULT-POLICY-DEFAULT
+ path_groups:
+ - name: INET
+router_traffic_engineering:
+ enabled: true
+application_traffic_recognition:
+ application_profiles:
+ - name: APP-PROFILE-CONTROL-PLANE
+ applications:
+ - name: APP-CONTROL-PLANE
+ applications:
+ ipv4_applications:
+ - name: APP-CONTROL-PLANE
+ dest_prefix_set_name: PFX-PATHFINDERS
+ field_sets:
+ ipv4_prefixes:
+ - name: PFX-PATHFINDERS
+dps_interfaces:
+- name: Dps1
+ description: DPS Interface
+ mtu: 9194
+ ip_address: 192.168.142.1/32
+ flow_tracker:
+ hardware: FLOW-TRACKER
+vxlan_interface:
+ vxlan1:
+ description: node-type-l3-port-channels_VTEP
+ vxlan:
+ udp_port: 4789
+ source_interface: Dps1
+ vrfs:
+ - name: default
+ vni: 1
+flow_tracking:
+ hardware:
+ trackers:
+ - name: FLOW-TRACKER
+ record_export:
+ on_inactive_timeout: 70000
+ on_interval: 300000
+ exporters:
+ - name: CV-TELEMETRY
+ collector:
+ host: 127.0.0.1
+ local_interface: Loopback0
+ template_interval: 3600000
+ shutdown: false
+metadata:
+ cv_tags:
+ device_tags:
+ - name: Role
+ value: edge
+ - name: Region
+ value: AVD_Land_East
+ - name: Zone
+ value: AVD_Land_East-ZONE
+ - name: Site
+ value: Site511
+ cv_pathfinder:
+ role: edge
+ ssl_profile: STUN-DTLS
+ vtep_ip: 192.168.142.1
+ region: AVD_Land_East
+ zone: AVD_Land_East-ZONE
+ site: Site511
+ interfaces:
+ - name: Port-Channel2
+ carrier: Cybercast
+ circuit_id: '101'
+ pathgroup: INET
+ - name: Port-Channel5
+ carrier: StreamFast
+ circuit_id: '102'
+ pathgroup: INET
+ - name: Port-Channel5.100
+ carrier: ExtremeCable
+ circuit_id: '105'
+ pathgroup: INET
+ - name: Port-Channel8
+ carrier: BlizzardFast
+ pathgroup: INET
+ - name: Port-Channel19
+ carrier: BlizzardFast
+ pathgroup: INET
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
index d68dd43849a..5a77e31d3ca 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/CV_PATHFINDER_TESTS.yml
@@ -15,7 +15,7 @@ ipv4_prefix_list_catalog:
- sequence: 10
action: permit 5.0.0.0/0
- sequence: 20
- action: deny 10.00.0.0/24
+ action: deny 10.0.0.0/24
cv_pathfinder_regions:
- name: AVD_Land_West
@@ -212,6 +212,81 @@ wan_router:
bgp:
peer_as: 64520
ipv4_prefix_list_out: PL2
+ l3_port_channels:
+ - # Port-Channel with 2 member ports
+ name: Port-Channel1
+ mode: active
+ member_interfaces:
+ - name: Ethernet6
+ peer: peerDevice1
+ peer_interface: PeerDevIntf1
+ speed: "forced 10000full"
+ - # peer, peer_interface not set, use peer from parent L3 Port-Channel
+ name: Ethernet7
+ speed: "forced 10000full"
+ ip_address: 172.15.5.7/31
+ # Using peer_ip same as the one specified for Ethernet3 under l3_interfaces above.
+ # This will cause identical nexthop for Zscaler tunnel destinations to be configured via ip route.
+ # instead of multiple routes to same Zscaler destination via different nexthops.
+ peer: peerDeviceA
+ peer_ip: 172.31.0.1
+ peer_port_channel: Port-Channel2
+ wan_carrier: ATT
+ wan_circuit_id: 404
+ static_routes:
+ - prefix: 172.16.0.0/16
+ bgp:
+ peer_as: 64520
+ ipv4_prefix_list_in: PL2
+ ipv4_prefix_list_out: ALLOW-DEFAULT
+ cv_pathfinder_internet_exit:
+ policies:
+ - name: ZSCALER-EXIT-POLICY-3
+ tunnel_interface_numbers: 200-202
+ flow_tracking:
+ enabled: true
+ - # Port-Channel with 1 member ports
+ name: Port-Channel450
+ mode: 'on'
+ member_interfaces:
+ - name: Ethernet1/10
+ speed: "forced 10000full"
+ ip_address: 172.15.5.8/31
+ peer: peerDevice10
+ peer_ip: 172.31.0.10
+ peer_port_channel: Port-Channel455
+ wan_carrier: Orange
+ connected_to_pathfinder: false
+ static_routes:
+ - prefix: 172.17.0.0/16
+ bgp:
+ peer_as: 64520
+ ipv4_prefix_list_in: PL2
+ flow_tracking:
+ enabled: false
+ - # Port-Channel with 3 member ports
+ name: Port-Channel540
+ # use default mode
+ member_interfaces:
+ - name: Ethernet1/16
+ speed: "auto 10000full"
+ - name: Ethernet1/17
+ # interface speed not specified
+ - name: Ethernet1/18
+ speed: "1000full"
+ ip_address: 172.15.6.9/31
+ public_ip: 10.36.36.100
+ peer: peerDevice11
+ peer_ip: 172.31.0.11
+ peer_port_channel: Port-Channel545
+ wan_carrier: Comcast
+ connected_to_pathfinder: true
+ static_routes:
+ - prefix: 172.18.0.0/16
+ # flow_tracking not set, hence not configured
+ ipv4_acl_in: TEST-IPV4-ACL-WITH-IP-FIELDS-IN
+ ipv4_acl_out: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT
+
# SITE_HA_ENABLED
# Because HA is enabled, this allow to test that MPLS-ONLY, present on
# cv-pathfinder-edge2B (because of Colt) is being configured on cv-pathfinder-edge2A
@@ -607,6 +682,17 @@ wan_virtual_topologies:
- names: [MPLS]
preference: preferred
id: 5
+ - application_profile: CRITICAL-APP
+ path_groups:
+ - names: [INET]
+ preference: preferred
+ - names: [AWS]
+ preference: alternate
+ constraints:
+ loss_rate: 45.0
+ internet_exit:
+ policy: ZSCALER-EXIT-POLICY-3
+ id: 6
- name: DEFAULT-AVT-POLICY
default_virtual_topology:
path_groups:
@@ -659,6 +745,10 @@ application_classification:
- rtp
- name: IT
- name: MPLS-ONLY
+ - name: CRITICAL-APP
+ applications:
+ # Testing applications in application-profiles filtering
+ - name: CUSTOM-APPLICATION-3
- name: VOICE
applications:
# Testing applications in application-profiles filtering
@@ -688,6 +778,10 @@ application_classification:
protocols: [tcp]
tcp_src_port_set_name: TCP-SRC-2
tcp_dest_port_set_name: TCP-DEST-2
+ - name: CUSTOM-APPLICATION-3
+ protocols: [tcp]
+ tcp_src_port_set_name: TCP-SRC-3
+ tcp_dest_port_set_name: TCP-DEST-3
- name: CUSTOM-voice-APPLICATION
protocols: [udp]
udp_src_port_set_name: UDP-SRC-VOICE
@@ -714,10 +808,16 @@ application_classification:
- name: TCP-SRC-2
port_values:
- 42
+ - name: TCP-SRC-3
+ port_values:
+ - 400
- name: TCP-DEST-2
port_values:
- 666
- 777
+ - name: TCP-DEST-3
+ port_values:
+ - 880
- name: UDP-SRC-VOICE
port_values:
- 42000-42999
@@ -738,6 +838,12 @@ cv_pathfinder_internet_exit_policies:
zscaler:
domain_name: test.local
ipsec_key_salt: THIS_SHOULD_BE_VAULTED
+ - name: ZSCALER-EXIT-POLICY-3
+ fallback_to_system_default: false
+ type: zscaler
+ zscaler:
+ domain_name: test.local
+ ipsec_key_salt: THIS_SHOULD_BE_VAULTED
- name: DIRECT-EXIT-POLICY-1
fallback_to_system_default: false
type: direct
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml
index 85aa8d95d2c..a052889692f 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/cv-pathfinder-edge1.yml
@@ -21,6 +21,13 @@ ipv4_acls:
protocol: ip
source: peer_ip
destination: interface_ip
+ - name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT
+ entries:
+ - remark: Some remark will not require source and destination fields.
+ - action: permit
+ protocol: ip
+ source: interface_ip
+ destination: any
- name: ACL-NAT-IE-ZSCALER
entries:
- sequence: 10
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml
new file mode 100644
index 00000000000..99d061c09ec
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/node-type-l3-port-channels.yml
@@ -0,0 +1,169 @@
+---
+# This yml file is being used to test the various supported schema attributes for L3 Port-Channel
+# for cv-pathfinder deployment use-case.
+type: wan_router
+
+cv_pathfinder_regions:
+ - name: AVD_Land_East
+ id: 43
+ description: AVD Region
+ sites:
+ - name: Site511
+ id: 511
+ location: Miami
+
+bgp_peer_groups:
+ wan_overlay_peers:
+ password: "htm4AZe9mIQOO1uiMuGgYQ=="
+ listen_range_prefixes:
+ - 192.168.142.0/24
+ - 192.168.143.0/24
+
+wan_ipsec_profiles:
+ control_plane:
+ shared_key: ABCDEF1234567890
+ data_plane:
+ shared_key: ABCDEF1234567890666
+
+wan_router:
+ node_groups:
+ - group: Site511
+ uplink_type: p2p-vrfs
+ cv_pathfinder_region: AVD_Land_East
+ cv_pathfinder_site: Site511
+ nodes:
+ - name: node-type-l3-port-channels
+ id: 1
+ loopback_ipv4_pool: 192.168.255.0/24
+ vtep_loopback_ipv4_pool: 192.168.142.0/24
+ bgp_as: 65005
+ l3_port_channels:
+ - # Port-Channel with 3 member ports
+ name: Port-Channel2
+ mode: active
+ member_interfaces:
+ - name: Ethernet1
+ peer: peerDevice1
+ peer_interface: Ethernet11
+ speed: "forced 10000full"
+ - # if peer not set, use one from parent L3 Port-Channel
+ name: Ethernet2
+ speed: "forced 10000full"
+ - # one with structured config for member port (TO ADD)
+ name: Ethernet3
+ description: "Custom eth3 description"
+ ip_address: 192.168.1.102/31
+ peer: peer1
+ peer_port_channel: Port-Channel10
+ peer_ip: 192.168.1.10
+ static_routes:
+ - prefix: 0.0.0.0/0
+ qos_profile: TEST-QOS-PROFILE1
+ wan_carrier: Cybercast
+ wan_circuit_id: 101
+ flow_tracking:
+ enabled: true
+ - # Port-Channel with 2 member ports
+ name: Port-Channel5
+ mode: passive
+ member_interfaces:
+ - name: Ethernet1/4
+ peer: peerDevice2
+ peer_interface: Ethernet1/12
+ speed: "forced 10000full"
+ - # if peer not set, use one from parent L3 Port-Channel
+ name: Ethernet1/5
+ speed: "forced 10000full"
+ ip_address: 192.168.1.105/31
+ peer: peer2
+ peer_port_channel: Port-Channel15
+ peer_ip: 192.168.1.15
+ qos_profile: TEST-QOS-PROFILE1
+ wan_carrier: StreamFast
+ wan_circuit_id: 102
+ flow_tracking:
+ enabled: false
+ structured_config:
+ service_policy:
+ qos:
+ input: TEST_POLICY
+ raw_eos_cli: |
+ ! TEST RAW_EOS_CLI
+ - # sub-interface for Port-Channel
+ # with user-specfied encapsulation_dot1q_vlan
+ name: Port-Channel5.100
+ encapsulation_dot1q_vlan: 108
+ ip_address: 192.168.100.115/31
+ peer: peer2
+ peer_port_channel: Port-Channel15
+ peer_ip: 192.168.1.15
+ qos_profile: TEST-QOS-PROFILE2
+ wan_carrier: ExtremeCable
+ wan_circuit_id: 105
+ flow_tracking:
+ enabled: true
+ - # sub-interface for Port-Channel
+ # Does not have wan_carrier set
+ name: Port-Channel5.105
+ ip_address: 192.168.100.116/31
+ peer: peer2
+ peer_port_channel: Port-Channel16
+ peer_ip: 192.168.1.16
+ qos_profile: TEST-QOS-PROFILE2
+ flow_tracking:
+ enabled: true
+ - # Port-Channel with 1 member port
+ name: Port-Channel8
+ mode: 'on'
+ member_interfaces:
+ - name: Ethernet1/10
+ peer: peerDevice3
+ peer_interface: Ethernet1/10
+ structured_config:
+ # specify interface speed via structured_config
+ speed: "forced 1000full"
+ peer: peerDevice3
+ peer_port_channel: Port-Channel18
+ peer_ip: 192.168.1.18
+ qos_profile: TEST-QOS-PROFILE3
+ wan_carrier: BlizzardFast
+ ip_address: dhcp
+ dhcp_ip: 10.15.16.17
+ dhcp_accept_default_route: true
+ flow_tracking:
+ enabled: true
+ raw_eos_cli: |
+ ! TEST RAW_EOS_CLI 123
+ - # Port-Channel interface is not enabled, member ports to inherit this
+ name: Port-Channel19
+ # mode not specified, use default
+ enabled: false
+ ip_address: 192.168.1.19
+ member_interfaces:
+ - name: Ethernet1/19
+ peer_interface: Ethernet1/19
+ - name: Ethernet1/20
+ peer_interface: Ethernet1/20
+ peer: peerDevice4
+ peer_port_channel: Port-Channel20
+ peer_ip: 192.168.2.19
+ wan_carrier: BlizzardFast
+wan_carriers:
+ - name: Cybercast
+ path_group: INET
+ trusted: true
+ - name: StreamFast
+ path_group: INET
+ trusted: true
+ - name: ExtremeCable
+ path_group: INET
+ trusted: true
+ - name: BlizzardFast
+ path_group: INET
+ trusted: true
+
+wan_path_groups:
+ - name: INET
+ id: 101
+ - name: LTE
+ id: 102
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
index 19c15c67bbb..5f0b402a846 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml
@@ -51,6 +51,7 @@ all:
spanning-tree-mode-rapid-pvst:
node-type-l3-interfaces:
node-type-l3-interfaces-bgp:
+ node-type-l3-port-channels:
ipv4-acls:
only-connected-endpoints:
platform_settings:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md
index 5eddb2ca443..27281796fe2 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/management-flow-tracking-settings.md
@@ -29,6 +29,9 @@
| [ l3_interfaces](## "fabric_flow_tracking.l3_interfaces") | Dictionary | | | | Enable flow-tracking on all node.l3_interfaces and network-services tenants.vrfs.l3_interfaces. |
| [ enabled](## "fabric_flow_tracking.l3_interfaces.enabled") | Boolean | | `False` | | |
| [ name](## "fabric_flow_tracking.l3_interfaces.name") | String | | `FLOW-TRACKER` | | Flow tracker name as defined in flow_tracking_settings. |
+ | [ l3_port_channels](## "fabric_flow_tracking.l3_port_channels") | Dictionary | | | | Enable flow-tracking on all node.l3_port_channels. |
+ | [ enabled](## "fabric_flow_tracking.l3_port_channels.enabled") | Boolean | | `False` | | |
+ | [ name](## "fabric_flow_tracking.l3_port_channels.name") | String | | `FLOW-TRACKER` | | Flow tracker name as defined in flow_tracking_settings. |
| [ dps_interfaces](## "fabric_flow_tracking.dps_interfaces") | Dictionary | | | | Enable flow-tracking on all dps_interfaces. |
| [ enabled](## "fabric_flow_tracking.dps_interfaces.enabled") | Boolean | | `True` | | |
| [ name](## "fabric_flow_tracking.dps_interfaces.name") | String | | `FLOW-TRACKER` | | Flow tracker name as defined in flow_tracking_settings. |
@@ -124,6 +127,13 @@
# Flow tracker name as defined in flow_tracking_settings.
name:
+ # Enable flow-tracking on all node.l3_port_channels.
+ l3_port_channels:
+ enabled:
+
+ # Flow tracker name as defined in flow_tracking_settings.
+ name:
+
# Enable flow-tracking on all dps_interfaces.
dps_interfaces:
enabled:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md
index 8c5ff47281d..0c16c173c87 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md
@@ -9,7 +9,7 @@
| -------- | ---- | -------- | ------- | ------------------ | ----------- |
| [<node_type_keys.key>](## "") | Dictionary | | | | |
| [ defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. |
- | [ l3_interfaces](## ".defaults.l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_interfaces](## ".defaults.l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. |
| [ - profile](## ".defaults.l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
|
| [ name](## ".defaults.l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. |
| [ description](## ".defaults.l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
@@ -48,7 +48,7 @@
| [ - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
|
| [ nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. |
| [ - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". |
- | [ l3_interfaces](## ".node_groups.[].nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_interfaces](## ".node_groups.[].nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. |
| [ - profile](## ".node_groups.[].nodes.[].l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
|
| [ name](## ".node_groups.[].nodes.[].l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. |
| [ description](## ".node_groups.[].nodes.[].l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
@@ -83,7 +83,7 @@
| [ enabled](## ".node_groups.[].nodes.[].l3_interfaces.[].flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".node_groups.[].nodes.[].l3_interfaces.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
| [ structured_config](## ".node_groups.[].nodes.[].l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. |
- | [ l3_interfaces](## ".node_groups.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_interfaces](## ".node_groups.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. |
| [ - profile](## ".node_groups.[].l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
|
| [ name](## ".node_groups.[].l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. |
| [ description](## ".node_groups.[].l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
@@ -120,7 +120,7 @@
| [ structured_config](## ".node_groups.[].l3_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the Ethernet interface. |
| [ nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. |
| [ - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". |
- | [ l3_interfaces](## ".nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_interfaces](## ".nodes.[].l3_interfaces") | List, items: Dictionary | | | | L3 Interfaces to configure on the node. |
| [ - profile](## ".nodes.[].l3_interfaces.[].profile") | String | | | | L3 interface profile name. Profile defined under `l3_interface_profiles`.
|
| [ name](## ".nodes.[].l3_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+(.[\d]+)?` | Ethernet interface name like 'Ethernet2' or subinterface name like 'Ethernet2.42'.
For a subinterface, the parent physical interface is automatically created. |
| [ description](## ".nodes.[].l3_interfaces.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
@@ -200,7 +200,6 @@
defaults:
# L3 Interfaces to configure on the node.
- # Used to define the node for WAN interfaces when `wan_carrier` is set.
l3_interfaces:
# L3 interface profile name. Profile defined under `l3_interface_profiles`.
@@ -341,7 +340,6 @@
- name:
# L3 Interfaces to configure on the node.
- # Used to define the node for WAN interfaces when `wan_carrier` is set.
l3_interfaces:
# L3 interface profile name. Profile defined under `l3_interface_profiles`.
@@ -469,7 +467,6 @@
structured_config:
# L3 Interfaces to configure on the node.
- # Used to define the node for WAN interfaces when `wan_carrier` is set.
l3_interfaces:
# L3 interface profile name. Profile defined under `l3_interface_profiles`.
@@ -603,7 +600,6 @@
- name:
# L3 Interfaces to configure on the node.
- # Used to define the node for WAN interfaces when `wan_carrier` is set.
l3_interfaces:
# L3 interface profile name. Profile defined under `l3_interface_profiles`.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md
index 00496f9888a..c4227f4c18c 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-port-channels-configuration.md
@@ -9,16 +9,17 @@
| -------- | ---- | -------- | ------- | ------------------ | ----------- |
| [<node_type_keys.key>](## "") | Dictionary | | | | |
| [ defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. |
- | [ l3_port_channels](## ".defaults.l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_port_channels](## ".defaults.l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. |
| [ - name](## ".defaults.l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. |
- | [ description](## ".defaults.l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
- | [ mode](## ".defaults.l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
+ | [ description](## ".defaults.l3_port_channels.[].description") | String | | | | Interface description.
If not set, a default description will be configured with '[[ ]]'. |
+ | [ mode](## ".defaults.l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
| [ member_interfaces](## ".defaults.l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. |
| [ - name](## ".defaults.l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. |
- | [ description](## ".defaults.l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. |
+ | [ description](## ".defaults.l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set, a default description will be configured with '[[ ]]'. |
| [ peer](## ".defaults.l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. |
| [ peer_interface](## ".defaults.l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ speed](## ".defaults.l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. |
+ | [ structured_config](## ".defaults.l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. |
| [ ip_address](## ".defaults.l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. |
| [ dhcp_ip](## ".defaults.l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. |
| [ public_ip](## ".defaults.l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).
This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`
The determined Public IP is used by WAN routers when peering with this interface. |
@@ -35,7 +36,7 @@
| [ ipv4_acl_in](## ".defaults.l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
| [ ipv4_acl_out](## ".defaults.l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".defaults.l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
- | [ - prefix](## ".defaults.l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
+ | [ - prefix](## ".defaults.l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. |
| [ qos_profile](## ".defaults.l3_port_channels.[].qos_profile") | String | | | | QOS service profile. |
| [ wan_carrier](## ".defaults.l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. |
| [ wan_circuit_id](## ".defaults.l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. |
@@ -44,8 +45,8 @@
| [ policies](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. |
| [ - name](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. |
| [ tunnel_interface_numbers](## ".defaults.l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' |
- | [ raw_eos_cli](## ".defaults.l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. |
- | [ flow_tracking](## ".defaults.l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. |
+ | [ raw_eos_cli](## ".defaults.l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. |
+ | [ flow_tracking](## ".defaults.l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. |
| [ enabled](## ".defaults.l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".defaults.l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
| [ structured_config](## ".defaults.l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. |
@@ -53,16 +54,17 @@
| [ - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
|
| [ nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. |
| [ - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". |
- | [ l3_port_channels](## ".node_groups.[].nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_port_channels](## ".node_groups.[].nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. |
| [ - name](## ".node_groups.[].nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. |
- | [ description](## ".node_groups.[].nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
- | [ mode](## ".node_groups.[].nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
+ | [ description](## ".node_groups.[].nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set, a default description will be configured with '[[ ]]'. |
+ | [ mode](## ".node_groups.[].nodes.[].l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
| [ member_interfaces](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. |
| [ - name](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. |
- | [ description](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. |
+ | [ description](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set, a default description will be configured with '[[ ]]'. |
| [ peer](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. |
| [ peer_interface](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ speed](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. |
+ | [ structured_config](## ".node_groups.[].nodes.[].l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. |
| [ ip_address](## ".node_groups.[].nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. |
| [ dhcp_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. |
| [ public_ip](## ".node_groups.[].nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).
This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`
The determined Public IP is used by WAN routers when peering with this interface. |
@@ -79,7 +81,7 @@
| [ ipv4_acl_in](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
| [ ipv4_acl_out](## ".node_groups.[].nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
- | [ - prefix](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
+ | [ - prefix](## ".node_groups.[].nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. |
| [ qos_profile](## ".node_groups.[].nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. |
| [ wan_carrier](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. |
| [ wan_circuit_id](## ".node_groups.[].nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. |
@@ -88,21 +90,22 @@
| [ policies](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. |
| [ - name](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. |
| [ tunnel_interface_numbers](## ".node_groups.[].nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' |
- | [ raw_eos_cli](## ".node_groups.[].nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. |
- | [ flow_tracking](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. |
+ | [ raw_eos_cli](## ".node_groups.[].nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. |
+ | [ flow_tracking](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. |
| [ enabled](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".node_groups.[].nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
| [ structured_config](## ".node_groups.[].nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. |
- | [ l3_port_channels](## ".node_groups.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_port_channels](## ".node_groups.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. |
| [ - name](## ".node_groups.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. |
- | [ description](## ".node_groups.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
- | [ mode](## ".node_groups.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
+ | [ description](## ".node_groups.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set, a default description will be configured with '[[ ]]'. |
+ | [ mode](## ".node_groups.[].l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
| [ member_interfaces](## ".node_groups.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. |
| [ - name](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. |
- | [ description](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. |
+ | [ description](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set, a default description will be configured with '[[ ]]'. |
| [ peer](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. |
| [ peer_interface](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ speed](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. |
+ | [ structured_config](## ".node_groups.[].l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. |
| [ ip_address](## ".node_groups.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. |
| [ dhcp_ip](## ".node_groups.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. |
| [ public_ip](## ".node_groups.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).
This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`
The determined Public IP is used by WAN routers when peering with this interface. |
@@ -119,7 +122,7 @@
| [ ipv4_acl_in](## ".node_groups.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
| [ ipv4_acl_out](## ".node_groups.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".node_groups.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
- | [ - prefix](## ".node_groups.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
+ | [ - prefix](## ".node_groups.[].l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. |
| [ qos_profile](## ".node_groups.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. |
| [ wan_carrier](## ".node_groups.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. |
| [ wan_circuit_id](## ".node_groups.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. |
@@ -128,23 +131,24 @@
| [ policies](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. |
| [ - name](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. |
| [ tunnel_interface_numbers](## ".node_groups.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' |
- | [ raw_eos_cli](## ".node_groups.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. |
- | [ flow_tracking](## ".node_groups.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. |
+ | [ raw_eos_cli](## ".node_groups.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. |
+ | [ flow_tracking](## ".node_groups.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. |
| [ enabled](## ".node_groups.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".node_groups.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
| [ structured_config](## ".node_groups.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. |
| [ nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. |
| [ - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". |
- | [ l3_port_channels](## ".nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node.
Used to define the node for WAN interfaces when `wan_carrier` is set. |
+ | [ l3_port_channels](## ".nodes.[].l3_port_channels") | List, items: Dictionary | | | | L3 Port-Channel interfaces to configure on the node. |
| [ - name](## ".nodes.[].l3_port_channels.[].name") | String | Required, Unique | | Pattern: `Port-Channel[\d/]+(.[\d]+)?` | Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
For a Port-Channel subinterface, the parent Port-Channel interface must be defined as well. |
- | [ description](## ".nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set a default description will be configured with '[[ ]]'. |
- | [ mode](## ".nodes.[].l3_port_channels.[].mode") | String | | `on` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
+ | [ description](## ".nodes.[].l3_port_channels.[].description") | String | | | | Interface description.
If not set, a default description will be configured with '[[ ]]'. |
+ | [ mode](## ".nodes.[].l3_port_channels.[].mode") | String | | `active` | Valid Values:
- active
- passive
- on
| Port-Channel mode.
Should not be set on Port-Channel subinterfaces. |
| [ member_interfaces](## ".nodes.[].l3_port_channels.[].member_interfaces") | List, items: Dictionary | | | | Port-Channel member interfaces.
Should not be set on Port-Channel subinterfaces. |
| [ - name](## ".nodes.[].l3_port_channels.[].member_interfaces.[].name") | String | Required, Unique | | Pattern: `Ethernet[\d/]+` | Ethernet interface name like 'Ethernet2'.
Member interface cannot be subinterface. |
- | [ description](## ".nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set a default description will be configured with '[[ ]]'. |
+ | [ description](## ".nodes.[].l3_port_channels.[].member_interfaces.[].description") | String | | | | Interface description for this member.
If not set, a default description will be configured with '[[ ]]'. |
| [ peer](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation.
If not set, this inherits the peer setting on the port-channel interface. |
| [ peer_interface](## ".nodes.[].l3_port_channels.[].member_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ speed](## ".nodes.[].l3_port_channels.[].member_interfaces.[].speed") | String | | | | Speed should be set in the format `` or `forced ` or `auto `. |
+ | [ structured_config](## ".nodes.[].l3_port_channels.[].member_interfaces.[].structured_config") | Dictionary | | | | Custom structured config for the member ethernet interface. |
| [ ip_address](## ".nodes.[].l3_port_channels.[].ip_address") | String | | | | Node IPv4 address/Mask or 'dhcp'. |
| [ dhcp_ip](## ".nodes.[].l3_port_channels.[].dhcp_ip") | String | | | | When the `ip_address` is `dhcp`, this optional field allows to indicate the expected
IPv4 address (without mask) to be allocated on the interface if known.
This is not rendered in the configuration but can be used for substitution of 'interface_ip' in the Access-list
set under `ipv4_acl_in` and `ipv4_acl_out`. |
| [ public_ip](## ".nodes.[].l3_port_channels.[].public_ip") | String | | | | Node IPv4 address (no mask).
This is used to get the public IP (if known) when the device is behind NAT.
This is only used for `wan_rr` routers (AutoVPN RRs and Pathfinders) to determine the Public IP
with the following preference:
`wan_route_servers.path_groups.interfaces.ip_address`
-> `l3_port_channels.public_ip`
-> `l3_port_channels.ip_address`
The determined Public IP is used by WAN routers when peering with this interface. |
@@ -161,7 +165,7 @@
| [ ipv4_acl_in](## ".nodes.[].l3_port_channels.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
| [ ipv4_acl_out](## ".nodes.[].l3_port_channels.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".nodes.[].l3_port_channels.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
- | [ - prefix](## ".nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
+ | [ - prefix](## ".nodes.[].l3_port_channels.[].static_routes.[].prefix") | String | Required, Unique | | | IPv4_network/Mask. |
| [ qos_profile](## ".nodes.[].l3_port_channels.[].qos_profile") | String | | | | QOS service profile. |
| [ wan_carrier](## ".nodes.[].l3_port_channels.[].wan_carrier") | String | | | | The WAN carrier this interface is connected to.
This is used to infer the path-groups in which this interface should be configured.
Unless the carrier is marked as 'trusted' under `wan_carriers`, `ipv4_acl_in` is also required on all WAN interfaces. |
| [ wan_circuit_id](## ".nodes.[].l3_port_channels.[].wan_circuit_id") | String | | | | The WAN circuit ID for this interface.
This is not rendered in the configuration but used for WAN designs. |
@@ -170,8 +174,8 @@
| [ policies](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies") | List, items: Dictionary | | | | List of Internet-exit policies using this interface as exit. |
| [ - name](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].name") | String | Required, Unique | | | Internet-exit policy name. |
| [ tunnel_interface_numbers](## ".nodes.[].l3_port_channels.[].cv_pathfinder_internet_exit.policies.[].tunnel_interface_numbers") | String | | | | Number range to use for Tunnel interfaces to an internet-exit service provider using this local interface.
Examples: '1-3' or '100,200,300' |
- | [ raw_eos_cli](## ".nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the interface in the final EOS configuration. |
- | [ flow_tracking](## ".nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_interfaces` setting. |
+ | [ raw_eos_cli](## ".nodes.[].l3_port_channels.[].raw_eos_cli") | String | | | | EOS CLI rendered directly on the Port-Channel interface in the final EOS configuration. |
+ | [ flow_tracking](## ".nodes.[].l3_port_channels.[].flow_tracking") | Dictionary | | | | Configures flow-tracking on the interface. Overrides `fabric_flow_tracking.l3_port_channels` setting. |
| [ enabled](## ".nodes.[].l3_port_channels.[].flow_tracking.enabled") | Boolean | | | | |
| [ name](## ".nodes.[].l3_port_channels.[].flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. |
| [ structured_config](## ".nodes.[].l3_port_channels.[].structured_config") | Dictionary | | | | Custom structured config for the Port-Channel interface. |
@@ -185,7 +189,6 @@
defaults:
# L3 Port-Channel interfaces to configure on the node.
- # Used to define the node for WAN interfaces when `wan_carrier` is set.
l3_port_channels:
# Port-Channel interface name like 'Port-Channel2' or subinterface name like 'Port-Channel2.42'.
@@ -193,12 +196,12 @@
- name:
# Interface description.
- # If not set a default description will be configured with '[[ ]]'.
+ # If not set, a default description will be configured with '[[ ]]'.
description:
# Port-Channel mode.
# Should not be set on Port-Channel subinterfaces.
- mode:
+ mode:
# Port-Channel member interfaces.
# Should not be set on Port-Channel subinterfaces.
@@ -209,7 +212,7 @@
- name:
# Interface description for this member.
- # If not set a default description will be configured with '[[ ]]'.
+ # If not set, a default description will be configured with '[[ ]]'.
description: