Feat(eos_designs): Add flowtracking on WAN Router LAN uplinks

aristanetworks · Feb 29, 2024 · a0ff738 · a0ff738
1 parent ba7f522
commit a0ff738
Show file tree

Hide file tree

Showing 9 changed files with 364 additions and 82 deletions.
diff --git a/...ns/arista/avd/molecule/eos_designs_unit_tests/intended/configs/uplink_lan_wan_router1.cfg b/...ns/arista/avd/molecule/eos_designs_unit_tests/intended/configs/uplink_lan_wan_router1.cfg
@@ -1,31 +1,61 @@
 !RANCID-CONTENT-TYPE: arista
 !
+flow tracking hardware
+   tracker WAN-FLOW-TRACKER
+      record export on inactive timeout 70000
+      record export on interval 5000
+      exporter DPI-EXPORTER
+         collector 127.0.0.1
+         local interface Loopback0
+         template interval 5000
+   no shutdown
+!
 service routing protocols model multi-agent
 !
+ip as-path access-list ASPATH-WAN permit 65100 any
+!
 hostname uplink_lan_wan_router1
 !
-router path-selection
-   tcp mss ceiling ipv4 ingress
-   !
-   load-balance policy LB-CONTROL-PLANE-PROFILE
-   !
-   load-balance policy LB-DEFAULT-POLICY-DEFAULT
+router adaptive-virtual-topology
+   topology role edge
+   region region1 id 1
+   zone DEFAULT-ZONE id 1
+   site site1 id 1
    !
    policy DEFAULT-POLICY
-      default-match
-         load-balance LB-DEFAULT-POLICY-DEFAULT
+      !
+      match application-profile default
+         avt profile DEFAULT-POLICY-DEFAULT
    !
    policy DEFAULT-POLICY-WITH-CP
-      default-match
-         load-balance LB-DEFAULT-POLICY-DEFAULT
-      10 application-profile CONTROL-PLANE-APPLICATION-PROFILE
-         load-balance LB-CONTROL-PLANE-PROFILE
+      !
+      match application-profile CONTROL-PLANE-APPLICATION-PROFILE
+         avt profile CONTROL-PLANE-PROFILE
+      !
+      match application-profile default
+         avt profile DEFAULT-POLICY-DEFAULT
+   !
+   profile CONTROL-PLANE-PROFILE
+      path-selection load-balance LB-CONTROL-PLANE-PROFILE
+   !
+   profile DEFAULT-POLICY-DEFAULT
+      path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
    !
    vrf default
-      path-selection-policy DEFAULT-POLICY-WITH-CP
+      avt policy DEFAULT-POLICY-WITH-CP
+      avt profile DEFAULT-POLICY-DEFAULT id 1
+      avt profile CONTROL-PLANE-PROFILE id 254
    !
    vrf VRF1
-      path-selection-policy DEFAULT-POLICY
+      avt policy DEFAULT-POLICY
+      avt profile DEFAULT-POLICY-DEFAULT id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   load-balance policy LB-CONTROL-PLANE-PROFILE
+   !
+   load-balance policy LB-DEFAULT-POLICY-DEFAULT
 !
 spanning-tree mode none
 !
@@ -42,6 +72,8 @@ ip security
       local-id 192.168.2.1
    !
    sa policy CP-SA-POLICY
+      esp encryption aes256gcm128
+      pfs dh-group 14
    !
    profile CP-PROFILE
       ike-policy CP-IKE-POLICY
@@ -57,20 +89,23 @@ ip security
 interface Dps1
    description DPS Interface
    mtu 9214
+   flow tracker hardware WAN-FLOW-TRACKER
    ip address 192.168.2.1/32
 !
 interface Ethernet2
    description UPLINK_LAN_L2LEAF_Ethernet1
    no shutdown
    mtu 9214
    no switchport
+   flow tracker hardware WAN-FLOW-TRACKER
    vrf VRF1
    ip address 10.0.10.1/24
 !
 interface Ethernet2.100
    description My vlan 100
    no shutdown
    encapsulation dot1q vlan 100
+   flow tracker hardware WAN-FLOW-TRACKER
    vrf VRF1
    ip address 10.0.100.1/24
    ipv6 enable
@@ -104,14 +139,14 @@ no ip routing vrf MGMT
 ip routing vrf VRF1
 ipv6 unicast-routing vrf VRF1
 !
-ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.1.1:0
+ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.1.1:1
 !
 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
    seq 10 permit 192.168.1.0/24 eq 32
 !
 route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
    description Mark prefixes originated from the LAN
-   set extcommunity soo 192.168.1.1:0 additive
+   set extcommunity soo 192.168.1.1:1 additive
 !
 route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10
    description Advertise local routes towards LAN
@@ -123,7 +158,7 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20
 !
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
-   set extcommunity soo 192.168.1.1:0 additive
+   set extcommunity soo 192.168.1.1:1 additive
 !
 route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10
    match extcommunity ECL-EVPN-SOO
@@ -134,7 +169,7 @@ route-map RM-EVPN-SOO-IN deny 10
 route-map RM-EVPN-SOO-IN permit 20
 !
 route-map RM-EVPN-SOO-OUT permit 10
-   set extcommunity soo 192.168.1.1:0 additive
+   set extcommunity soo 192.168.1.1:1 additive
 !
 router bfd
    multihop interval 300 min-rx 300 multiplier 3
@@ -162,6 +197,13 @@ router bgp 65100
    address-family ipv4
       no neighbor WAN-OVERLAY-PEERS activate
    !
+   address-family ipv4 sr-te
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   address-family link-state
+      neighbor WAN-OVERLAY-PEERS activate
+      path-selection
+   !
    address-family path-selection
       bgp additional-paths receive
       bgp additional-paths send any
@@ -180,6 +222,8 @@ router bgp 65100
       router-id 192.168.1.1
       redistribute connected
 !
+router traffic-engineering
+!
 management api http-commands
    protocol https
    no shutdown

diff --git a/...ns/arista/avd/molecule/eos_designs_unit_tests/intended/configs/uplink_lan_wan_router2.cfg b/...ns/arista/avd/molecule/eos_designs_unit_tests/intended/configs/uplink_lan_wan_router2.cfg
@@ -1,31 +1,61 @@
 !RANCID-CONTENT-TYPE: arista
 !
+flow tracking hardware
+   tracker WAN-FLOW-TRACKER
+      record export on inactive timeout 70000
+      record export on interval 5000
+      exporter DPI-EXPORTER
+         collector 127.0.0.1
+         local interface Loopback0
+         template interval 5000
+   no shutdown
+!
 service routing protocols model multi-agent
 !
+ip as-path access-list ASPATH-WAN permit 65100 any
+!
 hostname uplink_lan_wan_router2
 !
-router path-selection
-   tcp mss ceiling ipv4 ingress
-   !
-   load-balance policy LB-CONTROL-PLANE-PROFILE
-   !
-   load-balance policy LB-DEFAULT-POLICY-DEFAULT
+router adaptive-virtual-topology
+   topology role edge
+   region region1 id 1
+   zone DEFAULT-ZONE id 1
+   site site2 id 2
    !
    policy DEFAULT-POLICY
-      default-match
-         load-balance LB-DEFAULT-POLICY-DEFAULT
+      !
+      match application-profile default
+         avt profile DEFAULT-POLICY-DEFAULT
    !
    policy DEFAULT-POLICY-WITH-CP
-      default-match
-         load-balance LB-DEFAULT-POLICY-DEFAULT
-      10 application-profile CONTROL-PLANE-APPLICATION-PROFILE
-         load-balance LB-CONTROL-PLANE-PROFILE
+      !
+      match application-profile CONTROL-PLANE-APPLICATION-PROFILE
+         avt profile CONTROL-PLANE-PROFILE
+      !
+      match application-profile default
+         avt profile DEFAULT-POLICY-DEFAULT
+   !
+   profile CONTROL-PLANE-PROFILE
+      path-selection load-balance LB-CONTROL-PLANE-PROFILE
+   !
+   profile DEFAULT-POLICY-DEFAULT
+      path-selection load-balance LB-DEFAULT-POLICY-DEFAULT
    !
    vrf default
-      path-selection-policy DEFAULT-POLICY-WITH-CP
+      avt policy DEFAULT-POLICY-WITH-CP
+      avt profile DEFAULT-POLICY-DEFAULT id 1
+      avt profile CONTROL-PLANE-PROFILE id 254
    !
    vrf VRF1
-      path-selection-policy DEFAULT-POLICY
+      avt policy DEFAULT-POLICY
+      avt profile DEFAULT-POLICY-DEFAULT id 1
+!
+router path-selection
+   tcp mss ceiling ipv4 ingress
+   !
+   load-balance policy LB-CONTROL-PLANE-PROFILE
+   !
+   load-balance policy LB-DEFAULT-POLICY-DEFAULT
 !
 spanning-tree mode none
 !
@@ -42,6 +72,8 @@ ip security
       local-id 192.168.2.2
    !
    sa policy CP-SA-POLICY
+      esp encryption aes256gcm128
+      pfs dh-group 14
    !
    profile CP-PROFILE
       ike-policy CP-IKE-POLICY
@@ -57,6 +89,7 @@ ip security
 interface Dps1
    description DPS Interface
    mtu 9214
+   flow tracker hardware WAN-FLOW-TRACKER
    ip address 192.168.2.2/32
 !
 interface Ethernet2
@@ -70,13 +103,15 @@ interface Ethernet2.10
    no shutdown
    mtu 9214
    encapsulation dot1q vlan 10
+   flow tracker hardware WAN-FLOW-TRACKER
    vrf VRF1
    ip address 10.0.10.1/24
 !
 interface Ethernet2.100
    description My vlan 100
    no shutdown
    encapsulation dot1q vlan 100
+   flow tracker hardware WAN-FLOW-TRACKER
    vrf VRF1
    ip address 10.0.100.1/24
    ipv6 enable
@@ -110,14 +145,14 @@ no ip routing vrf MGMT
 ip routing vrf VRF1
 ipv6 unicast-routing vrf VRF1
 !
-ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.1.2:0
+ip extcommunity-list ECL-EVPN-SOO permit soo 192.168.1.2:2
 !
 ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
    seq 10 permit 192.168.1.0/24 eq 32
 !
 route-map RM-BGP-UNDERLAY-PEERS-IN permit 40
    description Mark prefixes originated from the LAN
-   set extcommunity soo 192.168.1.2:0 additive
+   set extcommunity soo 192.168.1.2:2 additive
 !
 route-map RM-BGP-UNDERLAY-PEERS-OUT permit 10
    description Advertise local routes towards LAN
@@ -129,7 +164,7 @@ route-map RM-BGP-UNDERLAY-PEERS-OUT permit 20
 !
 route-map RM-CONN-2-BGP permit 10
    match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY
-   set extcommunity soo 192.168.1.2:0 additive
+   set extcommunity soo 192.168.1.2:2 additive
 !
 route-map RM-EVPN-EXPORT-VRF-DEFAULT permit 10
    match extcommunity ECL-EVPN-SOO
@@ -140,7 +175,7 @@ route-map RM-EVPN-SOO-IN deny 10
 route-map RM-EVPN-SOO-IN permit 20
 !
 route-map RM-EVPN-SOO-OUT permit 10
-   set extcommunity soo 192.168.1.2:0 additive
+   set extcommunity soo 192.168.1.2:2 additive
 !
 router bfd
    multihop interval 300 min-rx 300 multiplier 3
@@ -168,6 +203,13 @@ router bgp 65100
    address-family ipv4
       no neighbor WAN-OVERLAY-PEERS activate
    !
+   address-family ipv4 sr-te
+      neighbor WAN-OVERLAY-PEERS activate
+   !
+   address-family link-state
+      neighbor WAN-OVERLAY-PEERS activate
+      path-selection
+   !
    address-family path-selection
       bgp additional-paths receive
       bgp additional-paths send any
@@ -186,6 +228,8 @@ router bgp 65100
       router-id 192.168.1.2
       redistribute connected
 !
+router traffic-engineering
+!
 management api http-commands
    protocol https
    no shutdown