From a8aea880d6d9c712f3122560a0c3997f6dcb01ef Mon Sep 17 00:00:00 2001 From: Guillaume Mulocher Date: Fri, 25 Oct 2024 15:23:54 +0200 Subject: [PATCH] Revert(eos_designs): Remove legacy autovpn with new plan for when AutoVPN 2.0 gets out (#4652) --- .../arista/avd/docs/porting-guides/5.x.x.md | 10 -------- .../arista/avd/docs/release-notes/5.x.x.md | 6 ----- ...alid-wan-role-overlay-routing-protocol.yml | 2 +- .../ipv4-acl-in-missing-on-wan-interface.yml | 2 +- ...cfg => autovpn-edge-no-default-policy.cfg} | 12 +++++----- ...gacy-autovpn-edge.cfg => autovpn-edge.cfg} | 18 +++++++------- ...legacy-autovpn-rr1.cfg => autovpn-rr1.cfg} | 8 +++---- ...legacy-autovpn-rr2.cfg => autovpn-rr2.cfg} | 8 +++---- ...yml => autovpn-edge-no-default-policy.yml} | 14 +++++------ ...gacy-autovpn-edge.yml => autovpn-edge.yml} | 24 +++++++++---------- ...legacy-autovpn-rr1.yml => autovpn-rr1.yml} | 10 ++++---- ...legacy-autovpn-rr2.yml => autovpn-rr2.yml} | 10 ++++---- ...CY_AUTOVPN_TESTS.yml => AUTOVPN_TESTS.yml} | 18 +++++++------- ...yml => autovpn-edge-no-default-policy.yml} | 10 ++++---- .../inventory/hosts.yml | 10 ++++---- .../avd/roles/eos_designs/docs/how-to/wan.md | 6 ++--- .../eos_designs/docs/tables/node-type-keys.md | 8 +++---- .../tables/node-type-wan-configuration.md | 16 ++++++------- .../docs/tables/wan-route-servers.md | 4 ++-- .../eos_designs/docs/tables/wan-settings.md | 6 ++--- .../docs/tables/wan-virtual-topologies.md | 4 ++-- .../schema/eos_designs.schema.yml | 20 +++++++--------- .../defs_node_type.schema.yml | 2 +- .../node_type_keys.schema.yml | 2 +- .../schema_fragments/wan_mode.schema.yml | 4 ++-- .../wan_route_servers.schema.yml | 2 +- .../wan_virtual_topologies.schema.yml | 2 +- .../network_services/router_path_selection.py | 10 ++++---- 28 files changed, 115 insertions(+), 133 deletions(-) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/{legacy-autovpn-edge-no-default-policy.cfg => autovpn-edge-no-default-policy.cfg} (94%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/{legacy-autovpn-edge.cfg => autovpn-edge.cfg} (92%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/{legacy-autovpn-rr1.cfg => autovpn-rr1.cfg} (97%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/{legacy-autovpn-rr2.cfg => autovpn-rr2.cfg} (97%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/{legacy-autovpn-edge-no-default-policy.yml => autovpn-edge-no-default-policy.yml} (95%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/{legacy-autovpn-edge.yml => autovpn-edge.yml} (93%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/{legacy-autovpn-rr1.yml => autovpn-rr1.yml} (97%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/{legacy-autovpn-rr2.yml => autovpn-rr2.yml} (97%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/{LEGACY_AUTOVPN_TESTS.yml => AUTOVPN_TESTS.yml} (93%) rename ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/{legacy-autovpn-edge-no-default-policy.yml => autovpn-edge-no-default-policy.yml} (87%) diff --git a/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md b/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md index 3c4e98bcc6b..6d860e6a975 100644 --- a/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md +++ b/ansible_collections/arista/avd/docs/porting-guides/5.x.x.md @@ -851,16 +851,6 @@ The trunk group for MLAG L3 peerings can be reverted if needed: + name: LEAF_PEER_L3 ``` -### `wan_mode: autovpn` renamed to `wan_mode: legacy-autovpn` - -With AVD version 5.0.0, the valid values for the `wan_mode` key have changed. -If using the `autovpn` mode in AVD 4.x, the `wan_mode` key must be updated to `legacy-autovpn`. - -```diff -- wan_mode: autovpn -+ wan_mode: legacy-autovpn -``` - ### custom_structured_configuration_prefix no longer accepts a string Starting AVD 5.0.0, `custom_structured_configuration_prefix` only accepts a list of strings. diff --git a/ansible_collections/arista/avd/docs/release-notes/5.x.x.md b/ansible_collections/arista/avd/docs/release-notes/5.x.x.md index 04e4df119d2..4e063464ed7 100644 --- a/ansible_collections/arista/avd/docs/release-notes/5.x.x.md +++ b/ansible_collections/arista/avd/docs/release-notes/5.x.x.md @@ -235,12 +235,6 @@ This applies to: - `svi_profiles` - `ptp_profiles` -#### `wan_mode: autovpn` renamed `wan_mode: legacy-autovpn` - -With AVD version 5.0.0 the valid values for the `wan_mode` key are now `legacy-autovpn | cv-pathfinder`. - -See the [porting guide](../porting-guides/5.x.x.md#wan-mode-autovpn-renamed-wan-mode-legacy-vpn) for details. - #### Default encapsulation for WAN EVPN iBGP peerings changed to `path-selection` With AVD version 5.0.0, the default encapsulation used for EVPN iBGP peering between WAN routers is `path-selection`. Previously, it was `vxlan`. diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml index 12c81ec9a84..26f78e6f2ce 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/invalid-wan-role-overlay-routing-protocol.yml @@ -1,5 +1,5 @@ --- -wan_mode: legacy-autovpn +wan_mode: autovpn type: wan_router fabric_name: FABRIC_WAN_ROLE_OVERLAY_ROUTING_PROTOCOL diff --git a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml index f538738b46c..0c2656b2281 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/ipv4-acl-in-missing-on-wan-interface.yml @@ -1,6 +1,6 @@ --- type: wan_router -wan_mode: legacy-autovpn +wan_mode: autovpn wan_router: nodes: - bgp_as: 65000 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-edge-no-default-policy.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge-no-default-policy.cfg similarity index 94% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-edge-no-default-policy.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge-no-default-policy.cfg index 557e68ddf24..7a791150dee 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-edge-no-default-policy.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge-no-default-policy.cfg @@ -16,7 +16,7 @@ flow tracking hardware ! service routing protocols model multi-agent ! -hostname legacy-autovpn-edge-no-default-policy +hostname autovpn-edge-no-default-policy ! router path-selection tcp mss ceiling ipv4 ingress @@ -25,12 +25,12 @@ router path-selection ipsec profile AUTOVPN ! local interface Ethernet1 - stun server-profile INET-legacy-autovpn-rr3-Ethernet1 + stun server-profile INET-autovpn-rr3-Ethernet1 ! peer dynamic ! peer static router-ip 2.2.2.2 - name legacy-autovpn-rr3 + name autovpn-rr3 ipv4 address 10.7.7.7 ! load-balance policy LB-DEFAULT-POLICY-CONTROL-PLANE @@ -117,7 +117,7 @@ interface Loopback0 ip address 192.168.30.1/32 ! interface Vxlan1 - description legacy-autovpn-edge-no-default-policy_VTEP + description autovpn-edge-no-default-policy_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -178,7 +178,7 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 2.2.2.2 peer group WAN-OVERLAY-PEERS - neighbor 2.2.2.2 description legacy-autovpn-rr3_Dps1 + neighbor 2.2.2.2 description autovpn-rr3_Dps1 redistribute connected route-map RM-CONN-2-BGP ! address-family evpn @@ -217,7 +217,7 @@ router bgp 65000 ! stun client - server-profile INET-legacy-autovpn-rr3-Ethernet1 + server-profile INET-autovpn-rr3-Ethernet1 ip address 10.7.7.7 ssl profile STUN-DTLS ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-edge.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg similarity index 92% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-edge.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg index 6b478d247a5..daf7e66fb6b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-edge.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge.cfg @@ -16,7 +16,7 @@ flow tracking hardware ! service routing protocols model multi-agent ! -hostname legacy-autovpn-edge +hostname autovpn-edge ! router path-selection tcp mss ceiling ipv4 ingress @@ -25,16 +25,16 @@ router path-selection ipsec profile AUTOVPN ! local interface Ethernet1 - stun server-profile INET-legacy-autovpn-rr1-Ethernet1 INET-legacy-autovpn-rr2-Ethernet1 + stun server-profile INET-autovpn-rr1-Ethernet1 INET-autovpn-rr2-Ethernet1 ! peer dynamic ! peer static router-ip 192.168.131.1 - name legacy-autovpn-rr1 + name autovpn-rr1 ipv4 address 10.7.7.7 ! peer static router-ip 192.168.131.2 - name legacy-autovpn-rr2 + name autovpn-rr2 ipv4 address 10.8.8.8 ! path-group MPLS id 100 @@ -141,7 +141,7 @@ interface Loopback0 ip address 192.168.30.1/32 ! interface Vxlan1 - description legacy-autovpn-edge_VTEP + description autovpn-edge_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -207,9 +207,9 @@ router bgp 65000 neighbor WAN-OVERLAY-PEERS send-community neighbor WAN-OVERLAY-PEERS maximum-routes 0 neighbor 192.168.131.1 peer group WAN-OVERLAY-PEERS - neighbor 192.168.131.1 description legacy-autovpn-rr1_Dps1 + neighbor 192.168.131.1 description autovpn-rr1_Dps1 neighbor 192.168.131.2 peer group WAN-OVERLAY-PEERS - neighbor 192.168.131.2 description legacy-autovpn-rr2_Dps1 + neighbor 192.168.131.2 description autovpn-rr2_Dps1 redistribute connected route-map RM-CONN-2-BGP ! address-family evpn @@ -241,9 +241,9 @@ router bgp 65000 ! stun client - server-profile INET-legacy-autovpn-rr1-Ethernet1 + server-profile INET-autovpn-rr1-Ethernet1 ip address 10.7.7.7 - server-profile INET-legacy-autovpn-rr2-Ethernet1 + server-profile INET-autovpn-rr2-Ethernet1 ip address 10.8.8.8 ! end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-rr1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg similarity index 97% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-rr1.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg index b49770773a0..81ad7865faf 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-rr1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr1.cfg @@ -16,7 +16,7 @@ flow tracking hardware ! service routing protocols model multi-agent ! -hostname legacy-autovpn-rr1 +hostname autovpn-rr1 ! router path-selection peer dynamic source stun @@ -28,7 +28,7 @@ router path-selection local interface Ethernet1 ! peer static router-ip 192.168.131.2 - name legacy-autovpn-rr2 + name autovpn-rr2 ipv4 address 10.8.8.8 ! path-group LTE id 102 @@ -121,7 +121,7 @@ interface Loopback0 ip address 192.168.31.1/32 ! interface Vxlan1 - description legacy-autovpn-rr1_VTEP + description autovpn-rr1_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -189,7 +189,7 @@ router bgp 65000 neighbor WAN-RR-OVERLAY-PEERS send-community neighbor WAN-RR-OVERLAY-PEERS maximum-routes 0 neighbor 192.168.131.2 peer group WAN-RR-OVERLAY-PEERS - neighbor 192.168.131.2 description legacy-autovpn-rr2_Dps1 + neighbor 192.168.131.2 description autovpn-rr2_Dps1 redistribute connected route-map RM-CONN-2-BGP ! address-family evpn diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-rr2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg similarity index 97% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-rr2.cfg rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg index 551e43f1c61..84941e98c10 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/legacy-autovpn-rr2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-rr2.cfg @@ -16,7 +16,7 @@ flow tracking hardware ! service routing protocols model multi-agent ! -hostname legacy-autovpn-rr2 +hostname autovpn-rr2 ! router path-selection peer dynamic source stun @@ -28,7 +28,7 @@ router path-selection local interface Ethernet1 ! peer static router-ip 192.168.131.1 - name legacy-autovpn-rr1 + name autovpn-rr1 ipv4 address 10.7.7.7 ! path-group LTE id 102 @@ -120,7 +120,7 @@ interface Loopback0 ip address 192.168.31.2/32 ! interface Vxlan1 - description legacy-autovpn-rr2_VTEP + description autovpn-rr2_VTEP vxlan source-interface Dps1 vxlan udp-port 4789 vxlan vrf default vni 1 @@ -190,7 +190,7 @@ router bgp 65000 neighbor WAN-RR-OVERLAY-PEERS send-community neighbor WAN-RR-OVERLAY-PEERS maximum-routes 0 neighbor 192.168.131.1 peer group WAN-RR-OVERLAY-PEERS - neighbor 192.168.131.1 description legacy-autovpn-rr1_Dps1 + neighbor 192.168.131.1 description autovpn-rr1_Dps1 redistribute connected route-map RM-CONN-2-BGP ! address-family evpn diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml similarity index 95% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-edge-no-default-policy.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml index b8ef75f605e..57701703d26 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-edge-no-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml @@ -1,4 +1,4 @@ -hostname: legacy-autovpn-edge-no-default-policy +hostname: autovpn-edge-no-default-policy is_deployed: true router_bgp: as: '65000' @@ -50,8 +50,8 @@ router_bgp: neighbors: - ip_address: 2.2.2.2 peer_group: WAN-OVERLAY-PEERS - peer: legacy-autovpn-rr3 - description: legacy-autovpn-rr3_Dps1 + peer: autovpn-rr3 + description: autovpn-rr3_Dps1 vrfs: - name: default rd: 192.168.30.1:1 @@ -220,12 +220,12 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - INET-legacy-autovpn-rr3-Ethernet1 + - INET-autovpn-rr3-Ethernet1 dynamic_peers: enabled: true static_peers: - router_ip: 2.2.2.2 - name: legacy-autovpn-rr3 + name: autovpn-rr3 ipv4_addresses: - 10.7.7.7 ipsec_profile: AUTOVPN @@ -257,7 +257,7 @@ router_path_selection: stun: client: server_profiles: - - name: INET-legacy-autovpn-rr3-Ethernet1 + - name: INET-autovpn-rr3-Ethernet1 ip_address: 10.7.7.7 ssl_profile: STUN-DTLS application_traffic_recognition: @@ -283,7 +283,7 @@ dps_interfaces: hardware: FLOW-TRACKER vxlan_interface: vxlan1: - description: legacy-autovpn-edge-no-default-policy_VTEP + description: autovpn-edge-no-default-policy_VTEP vxlan: udp_port: 4789 source_interface: Dps1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-edge.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml similarity index 93% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-edge.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml index eaae5c0595a..a7408923011 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-edge.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge.yml @@ -1,4 +1,4 @@ -hostname: legacy-autovpn-edge +hostname: autovpn-edge is_deployed: true router_bgp: as: '65000' @@ -50,12 +50,12 @@ router_bgp: neighbors: - ip_address: 192.168.131.1 peer_group: WAN-OVERLAY-PEERS - peer: legacy-autovpn-rr1 - description: legacy-autovpn-rr1_Dps1 + peer: autovpn-rr1 + description: autovpn-rr1_Dps1 - ip_address: 192.168.131.2 peer_group: WAN-OVERLAY-PEERS - peer: legacy-autovpn-rr2 - description: legacy-autovpn-rr2_Dps1 + peer: autovpn-rr2 + description: autovpn-rr2_Dps1 vrfs: - name: default rd: 192.168.30.1:1 @@ -206,17 +206,17 @@ router_path_selection: - name: Ethernet1 stun: server_profiles: - - INET-legacy-autovpn-rr1-Ethernet1 - - INET-legacy-autovpn-rr2-Ethernet1 + - INET-autovpn-rr1-Ethernet1 + - INET-autovpn-rr2-Ethernet1 dynamic_peers: enabled: true static_peers: - router_ip: 192.168.131.1 - name: legacy-autovpn-rr1 + name: autovpn-rr1 ipv4_addresses: - 10.7.7.7 - router_ip: 192.168.131.2 - name: legacy-autovpn-rr2 + name: autovpn-rr2 ipv4_addresses: - 10.8.8.8 ipsec_profile: AUTOVPN @@ -274,9 +274,9 @@ router_path_selection: stun: client: server_profiles: - - name: INET-legacy-autovpn-rr1-Ethernet1 + - name: INET-autovpn-rr1-Ethernet1 ip_address: 10.7.7.7 - - name: INET-legacy-autovpn-rr2-Ethernet1 + - name: INET-autovpn-rr2-Ethernet1 ip_address: 10.8.8.8 application_traffic_recognition: application_profiles: @@ -305,7 +305,7 @@ dps_interfaces: hardware: FLOW-TRACKER vxlan_interface: vxlan1: - description: legacy-autovpn-edge_VTEP + description: autovpn-edge_VTEP vxlan: udp_port: 4789 source_interface: Dps1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-rr1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml similarity index 97% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-rr1.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml index bbd772f18ad..089fa5a660f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-rr1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr1.yml @@ -1,4 +1,4 @@ -hostname: legacy-autovpn-rr1 +hostname: autovpn-rr1 is_deployed: true router_bgp: as: '65000' @@ -76,8 +76,8 @@ router_bgp: neighbors: - ip_address: 192.168.131.2 peer_group: WAN-RR-OVERLAY-PEERS - peer: legacy-autovpn-rr2 - description: legacy-autovpn-rr2_Dps1 + peer: autovpn-rr2 + description: autovpn-rr2_Dps1 vrfs: - name: default rd: 192.168.31.1:1 @@ -189,7 +189,7 @@ router_path_selection: - name: Ethernet1 static_peers: - router_ip: 192.168.131.2 - name: legacy-autovpn-rr2 + name: autovpn-rr2 ipv4_addresses: - 10.8.8.8 ipsec_profile: AUTOVPN @@ -270,7 +270,7 @@ dps_interfaces: hardware: FLOW-TRACKER vxlan_interface: vxlan1: - description: legacy-autovpn-rr1_VTEP + description: autovpn-rr1_VTEP vxlan: udp_port: 4789 source_interface: Dps1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-rr2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml similarity index 97% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-rr2.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml index a967a96b98f..776241bf0ed 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/legacy-autovpn-rr2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-rr2.yml @@ -1,4 +1,4 @@ -hostname: legacy-autovpn-rr2 +hostname: autovpn-rr2 is_deployed: true router_bgp: as: '65000' @@ -76,8 +76,8 @@ router_bgp: neighbors: - ip_address: 192.168.131.1 peer_group: WAN-RR-OVERLAY-PEERS - peer: legacy-autovpn-rr1 - description: legacy-autovpn-rr1_Dps1 + peer: autovpn-rr1 + description: autovpn-rr1_Dps1 vrfs: - name: default rd: 192.168.31.2:1 @@ -191,7 +191,7 @@ router_path_selection: - name: Ethernet1 static_peers: - router_ip: 192.168.131.1 - name: legacy-autovpn-rr1 + name: autovpn-rr1 ipv4_addresses: - 10.7.7.7 ipsec_profile: AUTOVPN @@ -272,7 +272,7 @@ dps_interfaces: hardware: FLOW-TRACKER vxlan_interface: vxlan1: - description: legacy-autovpn-rr2_VTEP + description: autovpn-rr2_VTEP vxlan: udp_port: 4789 source_interface: Dps1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/LEGACY_AUTOVPN_TESTS.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml similarity index 93% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/LEGACY_AUTOVPN_TESTS.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml index 3be354280cf..46d42ebde5d 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/LEGACY_AUTOVPN_TESTS.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/group_vars/AUTOVPN_TESTS.yml @@ -1,6 +1,6 @@ --- -# Testing legacy-autovpn -wan_mode: legacy-autovpn +# Testing autovpn +wan_mode: autovpn # Disabling underlay for tests underlay_routing_protocol: none @@ -16,13 +16,13 @@ wan_stun_dtls_disable: true wan_route_servers: # Testing having the interface configured with DHCP - - hostname: legacy-autovpn-rr1 + - hostname: autovpn-rr1 path_groups: - name: INET interfaces: - name: Ethernet1 public_ip: 10.7.7.7 - - hostname: legacy-autovpn-rr2 + - hostname: autovpn-rr2 wan_ipsec_profiles: control_plane: @@ -34,10 +34,10 @@ wan_ipsec_profiles: default_node_types: - node_type: wan_rr match_hostnames: - - "legacy-autovpn-rr.*" + - "autovpn-rr.*" - node_type: wan_router match_hostnames: - - "legacy-autovpn-edge" + - "autovpn-edge" wan_router: defaults: @@ -47,7 +47,7 @@ wan_router: # TODO find a way to not need this always_include_vrfs_in_tenants: [TenantA] nodes: - - name: legacy-autovpn-edge + - name: autovpn-edge id: 1 l3_interfaces: - name: Ethernet1 @@ -66,7 +66,7 @@ wan_rr: vtep_loopback_ipv4_pool: 192.168.131.0/24 data_plane_cpu_allocation_max: 2 nodes: - - name: legacy-autovpn-rr1 + - name: autovpn-rr1 id: 1 l3_interfaces: - name: Ethernet1 @@ -74,7 +74,7 @@ wan_rr: wan_circuit_id: 777 ip_address: dhcp dhcp_accept_default_route: true - - name: legacy-autovpn-rr2 + - name: autovpn-rr2 id: 2 l3_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/legacy-autovpn-edge-no-default-policy.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml similarity index 87% rename from ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/legacy-autovpn-edge-no-default-policy.yml rename to ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml index ae12dd4a4bf..9c0b58220d7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/legacy-autovpn-edge-no-default-policy.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/autovpn-edge-no-default-policy.yml @@ -1,7 +1,7 @@ --- -# Testing legacy-autovpn edge with no policy in VRF default to make sure the correct +# Testing autovpn edge with no policy in VRF default to make sure the correct # default policy is auto generated by AVD -wan_mode: legacy-autovpn +wan_mode: autovpn # Disabling underlay for tests underlay_routing_protocol: none @@ -14,7 +14,7 @@ bgp_peer_groups: - 192.168.255.0/24 wan_route_servers: - - hostname: legacy-autovpn-rr3 + - hostname: autovpn-rr3 vtep_ip: 2.2.2.2 path_groups: - name: INET @@ -32,7 +32,7 @@ wan_ipsec_profiles: default_node_types: - node_type: wan_router match_hostnames: - - "legacy-autovpn-edge.*" + - "autovpn-edge.*" wan_router: defaults: @@ -42,7 +42,7 @@ wan_router: # TODO find a way to not need this always_include_vrfs_in_tenants: [TenantA] nodes: - - name: legacy-autovpn-edge-no-default-policy + - name: autovpn-edge-no-default-policy id: 1 l3_interfaces: - name: Ethernet1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml index 742139ef69e..ff75d0ed0f6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml @@ -354,11 +354,11 @@ all: TEST-MGMT-GATEWAY-IN-NODE-GROUP: WAN_TESTS: children: - LEGACY_AUTOVPN_TESTS: + AUTOVPN_TESTS: hosts: - legacy-autovpn-rr1: - legacy-autovpn-rr2: - legacy-autovpn-edge: + autovpn-rr1: + autovpn-rr2: + autovpn-edge: CV_PATHFINDER_TESTS: children: SITE_HA_ENABLED: @@ -404,7 +404,7 @@ all: cv-pathfinder-custom-control-plane-policy-edge-3: WAN_UNIT_TESTS: hosts: - legacy-autovpn-edge-no-default-policy: + autovpn-edge-no-default-policy: cv-pathfinder-edge-no-default-policy: cv-pathfinder-edge-custom-default-policy: UPLINK_P2P_VRFS_TESTS: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md b/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md index a58e8ce5dae..9cb69ae6060 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/how-to/wan.md @@ -104,7 +104,7 @@ The following table list the `eos_designs` top level keys used for WAN and how t | Key | Must be the same for all the WAN routers | Comment | | --- | ---------------------------------------- | ------- | -| `wan_mode` | ✅ | Two possible modes, `legacy-autovpn` and `cv-pathfinder` (default). | +| `wan_mode` | ✅ | Two possible modes, `autovpn` and `cv-pathfinder` (default). | | `wan_encapsulation` | ✅ | Two possible encapsulations, `vxlan` and `path-selection` (default). | | `wan_virtual_topologies` | ✅ | to define the Policies and the VRF to policy mappings. | | `wan_path_groups` | ✅ | to define the list of path-groups in the network. | @@ -133,14 +133,14 @@ Additionally, following keys must be set for the WAN route servers for the conne AVD supports two design types for WAN: -- Legacy AutoVPN +- AutoVPN - CV Pathfinder By default the mode is set to `cv-pathfinder` and can be changed using: ```yaml --- -wan_mode: legacy-autovpn | cv-pathfinder # default: cv-pathfinder +wan_mode: autovpn | cv-pathfinder # default: cv-pathfinder ``` #### WAN encapsulation diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md index c6d1aca5cf2..8013f2e4fcf 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-keys.md @@ -19,7 +19,7 @@ | [    default_overlay_address_families](## "custom_node_type_keys.[].default_overlay_address_families") | List, items: String | | | | Set the default overlay address families.
| | [      - <str>](## "custom_node_type_keys.[].default_overlay_address_families.[]") | String | | | Value is converted to lower case.
Valid Values:
- evpn
- vpn-ipv4
- vpn-ipv6 | | | [    default_evpn_encapsulation](## "custom_node_type_keys.[].default_evpn_encapsulation") | String | | | Value is converted to lower case.
Valid Values:
- mpls
- vxlan | Set the default evpn encapsulation.
| - | [    default_wan_role](## "custom_node_type_keys.[].default_wan_role") | String | | | Valid Values:
- client
- server | Set the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`.
| + | [    default_wan_role](## "custom_node_type_keys.[].default_wan_role") | String | | | Valid Values:
- client
- server | Set the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`.
| | [    default_flow_tracker_type](## "custom_node_type_keys.[].default_flow_tracker_type") | String | | `sampled` | Valid Values:
- sampled
- hardware | Set the default flow tracker type. | | [    mlag_support](## "custom_node_type_keys.[].mlag_support") | Boolean | | `False` | | Can this node type support mlag. | | [    network_services](## "custom_node_type_keys.[].network_services") | Dictionary | | | | Will network services be deployed on this node type. | @@ -69,7 +69,7 @@ | [    default_overlay_address_families](## "node_type_keys.[].default_overlay_address_families") | List, items: String | | | | Set the default overlay address families.
| | [      - <str>](## "node_type_keys.[].default_overlay_address_families.[]") | String | | | Value is converted to lower case.
Valid Values:
- evpn
- vpn-ipv4
- vpn-ipv6 | | | [    default_evpn_encapsulation](## "node_type_keys.[].default_evpn_encapsulation") | String | | | Value is converted to lower case.
Valid Values:
- mpls
- vxlan | Set the default evpn encapsulation.
| - | [    default_wan_role](## "node_type_keys.[].default_wan_role") | String | | | Valid Values:
- client
- server | Set the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`.
| + | [    default_wan_role](## "node_type_keys.[].default_wan_role") | String | | | Valid Values:
- client
- server | Set the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`.
| | [    default_flow_tracker_type](## "node_type_keys.[].default_flow_tracker_type") | String | | `sampled` | Valid Values:
- sampled
- hardware | Set the default flow tracker type. | | [    mlag_support](## "node_type_keys.[].mlag_support") | Boolean | | `False` | | Can this node type support mlag. | | [    network_services](## "node_type_keys.[].network_services") | Dictionary | | | | Will network services be deployed on this node type. | @@ -153,7 +153,7 @@ # Set the default WAN role. # # This is used both for AutoVPN and Pathfinder designs. - # That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + # That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. # `server` indicates that the router is a route-reflector. # # Only supported if `overlay_routing_protocol` is set to `ibgp`. @@ -333,7 +333,7 @@ # Set the default WAN role. # # This is used both for AutoVPN and Pathfinder designs. - # That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + # That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. # `server` indicates that the router is a route-reflector. # # Only supported if `overlay_routing_protocol` is set to `ibgp`. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md index 1a1a0a5d0ea..6ead910b46a 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-wan-configuration.md @@ -9,7 +9,7 @@ | -------- | ---- | -------- | ------- | ------------------ | ----------- | | [<node_type_keys.key>](## "") | Dictionary | | | | | | [  defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. | - | [    wan_role](## ".defaults.wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | + | [    wan_role](## ".defaults.wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | | [    cv_pathfinder_transit_mode](## ".defaults.cv_pathfinder_transit_mode") | String | | | Valid Values:
- region
- zone | Configure the transit mode for a WAN client for CV Pathfinder designs
only when the `wan_mode` root key is set to `cv_pathfinder`.

'zone' is currently not supported. | | [    cv_pathfinder_region](## ".defaults.cv_pathfinder_region") | String | | | | The CV Pathfinder region name.
This key is required for WAN routers but optional for pathfinders.
The region name must be defined under 'cv_pathfinder_regions'. | | [    cv_pathfinder_site](## ".defaults.cv_pathfinder_site") | String | | | | The CV Pathfinder site name.
This key is required for WAN routers but optional for pathfinders.
For WAN routers and pathfinders with `cv_pathfinder_region`, the site name must be defined for the relevant region under 'cv_pathfinder_regions'.
For pathfinders without `cv_pathfinder_region` set, the site must be defined under `cv_pathfinder_global_sites`. | @@ -31,7 +31,7 @@ | [    - group](## ".node_groups.[].group") | String | Required, Unique | | | The Node Group Name is used for MLAG domain unless set with 'mlag_domain_id'.
The Node Group Name is also used for peer description on downstream switches' uplinks.
| | [      nodes](## ".node_groups.[].nodes") | List, items: Dictionary | | | | Define variables per node. | | [        - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | - | [          wan_role](## ".node_groups.[].nodes.[].wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | + | [          wan_role](## ".node_groups.[].nodes.[].wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | | [          cv_pathfinder_transit_mode](## ".node_groups.[].nodes.[].cv_pathfinder_transit_mode") | String | | | Valid Values:
- region
- zone | Configure the transit mode for a WAN client for CV Pathfinder designs
only when the `wan_mode` root key is set to `cv_pathfinder`.

'zone' is currently not supported. | | [          cv_pathfinder_region](## ".node_groups.[].nodes.[].cv_pathfinder_region") | String | | | | The CV Pathfinder region name.
This key is required for WAN routers but optional for pathfinders.
The region name must be defined under 'cv_pathfinder_regions'. | | [          cv_pathfinder_site](## ".node_groups.[].nodes.[].cv_pathfinder_site") | String | | | | The CV Pathfinder site name.
This key is required for WAN routers but optional for pathfinders.
For WAN routers and pathfinders with `cv_pathfinder_region`, the site name must be defined for the relevant region under 'cv_pathfinder_regions'.
For pathfinders without `cv_pathfinder_region` set, the site must be defined under `cv_pathfinder_global_sites`. | @@ -49,7 +49,7 @@ | [              enabled](## ".node_groups.[].nodes.[].wan_ha.flow_tracking.enabled") | Boolean | | | | | | [              name](## ".node_groups.[].nodes.[].wan_ha.flow_tracking.name") | String | | | | Flow tracker name as defined in flow_tracking_settings. | | [          dps_mss_ipv4](## ".node_groups.[].nodes.[].dps_mss_ipv4") | String | | `auto` | | IPv4 MSS value configured under "router path-selection" on WAN Devices. | - | [      wan_role](## ".node_groups.[].wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | + | [      wan_role](## ".node_groups.[].wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | | [      cv_pathfinder_transit_mode](## ".node_groups.[].cv_pathfinder_transit_mode") | String | | | Valid Values:
- region
- zone | Configure the transit mode for a WAN client for CV Pathfinder designs
only when the `wan_mode` root key is set to `cv_pathfinder`.

'zone' is currently not supported. | | [      cv_pathfinder_region](## ".node_groups.[].cv_pathfinder_region") | String | | | | The CV Pathfinder region name.
This key is required for WAN routers but optional for pathfinders.
The region name must be defined under 'cv_pathfinder_regions'. | | [      cv_pathfinder_site](## ".node_groups.[].cv_pathfinder_site") | String | | | | The CV Pathfinder site name.
This key is required for WAN routers but optional for pathfinders.
For WAN routers and pathfinders with `cv_pathfinder_region`, the site name must be defined for the relevant region under 'cv_pathfinder_regions'.
For pathfinders without `cv_pathfinder_region` set, the site must be defined under `cv_pathfinder_global_sites`. | @@ -69,7 +69,7 @@ | [      dps_mss_ipv4](## ".node_groups.[].dps_mss_ipv4") | String | | `auto` | | IPv4 MSS value configured under "router path-selection" on WAN Devices. | | [  nodes](## ".nodes") | List, items: Dictionary | | | | Define variables per node. | | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | - | [      wan_role](## ".nodes.[].wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | + | [      wan_role](## ".nodes.[].wan_role") | String | | | Valid Values:
- client
- server | Override the default WAN role.

This is used both for AutoVPN and Pathfinder designs.
That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`.
`server` indicates that the router is a route-reflector.

Only supported if `overlay_routing_protocol` is set to `ibgp`. | | [      cv_pathfinder_transit_mode](## ".nodes.[].cv_pathfinder_transit_mode") | String | | | Valid Values:
- region
- zone | Configure the transit mode for a WAN client for CV Pathfinder designs
only when the `wan_mode` root key is set to `cv_pathfinder`.

'zone' is currently not supported. | | [      cv_pathfinder_region](## ".nodes.[].cv_pathfinder_region") | String | | | | The CV Pathfinder region name.
This key is required for WAN routers but optional for pathfinders.
The region name must be defined under 'cv_pathfinder_regions'. | | [      cv_pathfinder_site](## ".nodes.[].cv_pathfinder_site") | String | | | | The CV Pathfinder site name.
This key is required for WAN routers but optional for pathfinders.
For WAN routers and pathfinders with `cv_pathfinder_region`, the site name must be defined for the relevant region under 'cv_pathfinder_regions'.
For pathfinders without `cv_pathfinder_region` set, the site must be defined under `cv_pathfinder_global_sites`. | @@ -99,7 +99,7 @@ # Override the default WAN role. # # This is used both for AutoVPN and Pathfinder designs. - # That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + # That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. # `server` indicates that the router is a route-reflector. # # Only supported if `overlay_routing_protocol` is set to `ibgp`. @@ -190,7 +190,7 @@ # Override the default WAN role. # # This is used both for AutoVPN and Pathfinder designs. - # That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + # That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. # `server` indicates that the router is a route-reflector. # # Only supported if `overlay_routing_protocol` is set to `ibgp`. @@ -268,7 +268,7 @@ # Override the default WAN role. # # This is used both for AutoVPN and Pathfinder designs. - # That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + # That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. # `server` indicates that the router is a route-reflector. # # Only supported if `overlay_routing_protocol` is set to `ibgp`. @@ -352,7 +352,7 @@ # Override the default WAN role. # # This is used both for AutoVPN and Pathfinder designs. - # That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + # That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. # `server` indicates that the router is a route-reflector. # # Only supported if `overlay_routing_protocol` is set to `ibgp`. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-route-servers.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-route-servers.md index c2af8f11f96..24d5b7e8869 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-route-servers.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-route-servers.md @@ -7,7 +7,7 @@ | Variable | Type | Required | Default | Value Restrictions | Description | | -------- | ---- | -------- | ------- | ------------------ | ----------- | - | [wan_route_servers](## "wan_route_servers") | List, items: Dictionary | | | | List of the AutoVPN RRs when using `wan_mode: legacy-autovpn`, or the Pathfinders
when using `wan_mode: cv-pathfinder`, to which the device should connect to.
This is also used to establish iBGP sessions between WAN route servers.

When the route server is part of the same inventory as the WAN routers,
only the name is required. | + | [wan_route_servers](## "wan_route_servers") | List, items: Dictionary | | | | List of the AutoVPN RRs when using `wan_mode: autovpn`, or the Pathfinders
when using `wan_mode: cv-pathfinder`, to which the device should connect to.
This is also used to establish iBGP sessions between WAN route servers.

When the route server is part of the same inventory as the WAN routers,
only the name is required. | | [  - hostname](## "wan_route_servers.[].hostname") | String | Required, Unique | | | Route-Reflector hostname. | | [    vtep_ip](## "wan_route_servers.[].vtep_ip") | String | | | | Route-Reflector VTEP IP Address. This is usually the IP address under `interface Dps1`. | | [    path_groups](## "wan_route_servers.[].path_groups") | List, items: Dictionary | | | | Path-groups through which the Route Reflector/Pathfinder is reached. | @@ -19,7 +19,7 @@ === "YAML" ```yaml - # List of the AutoVPN RRs when using `wan_mode: legacy-autovpn`, or the Pathfinders + # List of the AutoVPN RRs when using `wan_mode: autovpn`, or the Pathfinders # when using `wan_mode: cv-pathfinder`, to which the device should connect to. # This is also used to establish iBGP sessions between WAN route servers. # diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md index 5e6cb5c6206..62c30505a48 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-settings.md @@ -21,7 +21,7 @@ | [    sa_policy_name](## "wan_ipsec_profiles.data_plane.sa_policy_name") | String | | `DP-SA-POLICY` | | Name of the SA policy. | | [    profile_name](## "wan_ipsec_profiles.data_plane.profile_name") | String | | `DP-PROFILE` | | Name of the IPSec profile. | | [    shared_key](## "wan_ipsec_profiles.data_plane.shared_key") | String | Required | | | The type 7 encrypted IPSec shared key.
This variable is sensitive and should be configured using some vault mechanism. | - | [wan_mode](## "wan_mode") | String | | `cv-pathfinder` | Valid Values:
- legacy-autovpn
- cv-pathfinder | Select if the WAN should be run using CV Pathfinder or Legacy AutoVPN only. | + | [wan_mode](## "wan_mode") | String | | `cv-pathfinder` | Valid Values:
- autovpn
- cv-pathfinder | Select if the WAN should be run using CV Pathfinder or AutoVPN only. | | [wan_stun_dtls_disable](## "wan_stun_dtls_disable") | Boolean | | `False` | | WAN STUN connections are authenticated and secured with DTLS by default.
For CV Pathfinder deployments CloudVision will automatically deploy certificates on the devices.
In case of AutoVPN the certificates must be deployed manually to all devices.

For LAB environments this can be disabled, if there are no certificates available.
This should NOT be disabled for a WAN network connected to the internet, since it will leave the STUN service exposed with no authentication. | | [wan_stun_dtls_profile_name](## "wan_stun_dtls_profile_name") | String | | `STUN-DTLS` | | Name of the SSL profile used for DTLS on WAN STUN connections.
When using automatic ceritficate deployment via CloudVision this name must be the same on all WAN routers. | @@ -71,8 +71,8 @@ # This variable is sensitive and should be configured using some vault mechanism. shared_key: - # Select if the WAN should be run using CV Pathfinder or Legacy AutoVPN only. - wan_mode: + # Select if the WAN should be run using CV Pathfinder or AutoVPN only. + wan_mode: # WAN STUN connections are authenticated and secured with DTLS by default. # For CV Pathfinder deployments CloudVision will automatically deploy certificates on the devices. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-virtual-topologies.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-virtual-topologies.md index 89023d0012f..8cfdbda184d 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-virtual-topologies.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/wan-virtual-topologies.md @@ -28,7 +28,7 @@ | [        preference](## "wan_virtual_topologies.control_plane_virtual_topology.path_groups.[].preference") | String | | | | Valid values are 1-65535 | "preferred" | "alternate".

"preferred" is converted to priority 1.
"alternate" is converted to priority 2.

If not set, each path-group in `names` will be attributed its `default_preference`. | | [    internet_exit](## "wan_virtual_topologies.control_plane_virtual_topology.internet_exit") | Dictionary | | | | | | [      policy](## "wan_virtual_topologies.control_plane_virtual_topology.internet_exit.policy") | String | | | | PREVIEW: This key is in preview mode.

Internet-exit policy name associated with this virtual_topology.
The policy must be defined under `cv_pathfinder_internet_exit_policies`. | - | [  policies](## "wan_virtual_topologies.policies") | List, items: Dictionary | | | | List of virtual toplogies policies.

For Legacy AutoVPN, each item in the list creates:
* one policy with:
* one `match` entry per `application_virtual_topologies` item
they are indexed using `10 * ` where `list_index` starts at `1`.
* one `default-match`
* one load-balance policy per `application_virtual_topologies` and one for the `default_virtual_topology`.
* if the policy is associated with the default VRF, a special control-plane rule is injected
in the policy with index `1` referring to a control-plane load-balance policy as defined under
`control_plane_virtual_topology` or if not set, the default one.

For CV Pathfinder, each item in the list creates:
* one policy with:
* one `match` entry per `application_virtual_topologies` item ordered as in the data.
* one last match entry for the `default` application-profile using `default_virtual_topology` information.
* one profile per `application_virtual_topologies` item.
* one profile for the `default_virtual_topology`.
* one load-balance policy per `application_virtual_topologies`.
* one load_balance policy for the `default_virtual_topology`.
* if the policy is associated with the default VRF, a special control-plane profile is configured
and injected first in the policy assigned to the `default` VRF. This profile points to a
control-plane load-balance policy as defined under `control_plane_virtual_topology` or if not set, the default one. | + | [  policies](## "wan_virtual_topologies.policies") | List, items: Dictionary | | | | List of virtual toplogies policies.

For AutoVPN, each item in the list creates:
* one policy with:
* one `match` entry per `application_virtual_topologies` item
they are indexed using `10 * ` where `list_index` starts at `1`.
* one `default-match`
* one load-balance policy per `application_virtual_topologies` and one for the `default_virtual_topology`.
* if the policy is associated with the default VRF, a special control-plane rule is injected
in the policy with index `1` referring to a control-plane load-balance policy as defined under
`control_plane_virtual_topology` or if not set, the default one.

For CV Pathfinder, each item in the list creates:
* one policy with:
* one `match` entry per `application_virtual_topologies` item ordered as in the data.
* one last match entry for the `default` application-profile using `default_virtual_topology` information.
* one profile per `application_virtual_topologies` item.
* one profile for the `default_virtual_topology`.
* one load-balance policy per `application_virtual_topologies`.
* one load_balance policy for the `default_virtual_topology`.
* if the policy is associated with the default VRF, a special control-plane profile is configured
and injected first in the policy assigned to the `default` VRF. This profile points to a
control-plane load-balance policy as defined under `control_plane_virtual_topology` or if not set, the default one. | | [    - name](## "wan_virtual_topologies.policies.[].name") | String | Required, Unique | | | Name of the AVT policy. | | [      application_virtual_topologies](## "wan_virtual_topologies.policies.[].application_virtual_topologies") | List, items: Dictionary | | | | List of application specific virtual topologies. | | [        - application_profile](## "wan_virtual_topologies.policies.[].application_virtual_topologies.[].application_profile") | String | Required, Unique | | | The application profile to use for this virtual topology. It must be a defined `application_classification.application_profile`. | @@ -154,7 +154,7 @@ # List of virtual toplogies policies. # - # For Legacy AutoVPN, each item in the list creates: + # For AutoVPN, each item in the list creates: # * one policy with: # * one `match` entry per `application_virtual_topologies` item # they are indexed using `10 * ` where `list_index` starts at `1`. diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml index 1568bf980e5..aebad72bb98 100644 --- a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml @@ -2466,7 +2466,7 @@ keys: This is used both for AutoVPN and Pathfinder designs. - That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. `server` indicates that the router is a route-reflector. @@ -4606,12 +4606,11 @@ keys: wan_mode: documentation_options: table: wan-settings - description: Select if the WAN should be run using CV Pathfinder or Legacy AutoVPN - only. + description: Select if the WAN should be run using CV Pathfinder or AutoVPN only. type: str default: cv-pathfinder valid_values: - - legacy-autovpn + - autovpn - cv-pathfinder wan_path_groups: documentation_options: @@ -4711,8 +4710,7 @@ keys: convert_types: - str wan_route_servers: - description: 'List of the AutoVPN RRs when using `wan_mode: legacy-autovpn`, or - the Pathfinders + description: 'List of the AutoVPN RRs when using `wan_mode: autovpn`, or the Pathfinders when using `wan_mode: cv-pathfinder`, to which the device should connect to. @@ -4875,10 +4873,10 @@ keys: or destined to the WAN route servers.' policies: type: list - description: "List of virtual toplogies policies.\n\nFor Legacy AutoVPN, each - item in the list creates:\n * one policy with:\n * one `match` entry - per `application_virtual_topologies` item\n they are indexed using - `10 * ` where `list_index` starts at `1`.\n * one `default-match`\n + description: "List of virtual toplogies policies.\n\nFor AutoVPN, each item + in the list creates:\n * one policy with:\n * one `match` entry per + `application_virtual_topologies` item\n they are indexed using `10 + * ` where `list_index` starts at `1`.\n * one `default-match`\n \ * one load-balance policy per `application_virtual_topologies` and one for the `default_virtual_topology`.\n * if the policy is associated with the default VRF, a special control-plane rule is injected\n in the policy @@ -9077,7 +9075,7 @@ $defs: This is used both for AutoVPN and Pathfinder designs. - That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. `server` indicates that the router is a route-reflector. diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml index 95bf96d54ff..f4ecb733760 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_node_type.schema.yml @@ -1254,7 +1254,7 @@ $defs: Override the default WAN role. This is used both for AutoVPN and Pathfinder designs. - That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. `server` indicates that the router is a route-reflector. Only supported if `overlay_routing_protocol` is set to `ibgp`. diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/node_type_keys.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/node_type_keys.schema.yml index c3fb5c3b9cc..f2771b0ad21 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/node_type_keys.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/node_type_keys.schema.yml @@ -119,7 +119,7 @@ keys: Set the default WAN role. This is used both for AutoVPN and Pathfinder designs. - That means if `wan_mode` root key is set to `legacy-autovpn` or `cv-pathfinder`. + That means if `wan_mode` root key is set to `autovpn` or `cv-pathfinder`. `server` indicates that the router is a route-reflector. Only supported if `overlay_routing_protocol` is set to `ibgp`. diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_mode.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_mode.schema.yml index 84c0259456d..6da45150462 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_mode.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_mode.schema.yml @@ -9,9 +9,9 @@ keys: wan_mode: documentation_options: table: wan-settings - description: Select if the WAN should be run using CV Pathfinder or Legacy AutoVPN only. + description: Select if the WAN should be run using CV Pathfinder or AutoVPN only. type: str default: cv-pathfinder valid_values: - - legacy-autovpn + - autovpn - cv-pathfinder diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_route_servers.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_route_servers.schema.yml index 04aef5ef5cd..4413a56d02b 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_route_servers.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_route_servers.schema.yml @@ -8,7 +8,7 @@ type: dict keys: wan_route_servers: description: |- - List of the AutoVPN RRs when using `wan_mode: legacy-autovpn`, or the Pathfinders + List of the AutoVPN RRs when using `wan_mode: autovpn`, or the Pathfinders when using `wan_mode: cv-pathfinder`, to which the device should connect to. This is also used to establish iBGP sessions between WAN route servers. diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_virtual_topologies.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_virtual_topologies.schema.yml index e11a22833bc..eaebab180fc 100644 --- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_virtual_topologies.schema.yml +++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/wan_virtual_topologies.schema.yml @@ -84,7 +84,7 @@ keys: description: |- List of virtual toplogies policies. - For Legacy AutoVPN, each item in the list creates: + For AutoVPN, each item in the list creates: * one policy with: * one `match` entry per `application_virtual_topologies` item they are indexed using `10 * ` where `list_index` starts at `1`. diff --git a/python-avd/pyavd/_eos_designs/structured_config/network_services/router_path_selection.py b/python-avd/pyavd/_eos_designs/structured_config/network_services/router_path_selection.py index a4fb65343ec..7c08ecdfaea 100644 --- a/python-avd/pyavd/_eos_designs/structured_config/network_services/router_path_selection.py +++ b/python-avd/pyavd/_eos_designs/structured_config/network_services/router_path_selection.py @@ -32,13 +32,13 @@ def router_path_selection(self: AvdStructuredConfigNetworkServices) -> dict | No } # When running CV Pathfinder, only load balance policies are configured - # for Legacy AutoVPN, need also vrfs and policies. - if self.shared_utils.wan_mode == "legacy-autovpn": + # for AutoVPN, need also vrfs and policies. + if self.shared_utils.wan_mode == "autovpn": vrfs = [{"name": vrf["name"], "path_selection_policy": vrf["policy"]} for vrf in self._filtered_wan_vrfs] router_path_selection.update( { - "policies": self._legacy_autovpn_policies(), + "policies": self._autovpn_policies(), "vrfs": vrfs, }, ) @@ -68,8 +68,8 @@ def _wan_load_balance_policies(self: AvdStructuredConfigNetworkServices) -> list return load_balance_policies - def _legacy_autovpn_policies(self: AvdStructuredConfigNetworkServices) -> list: - """Return a list of policies for Legacy AutoVPN.""" + def _autovpn_policies(self: AvdStructuredConfigNetworkServices) -> list: + """Return a list of policies for AutoVPN.""" policies = [] for policy in self._filtered_wan_policies: autovpn_policy = {"name": policy["name"], "rules": []}