Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat(eos_cli_config_gen): Add support for ipv4/ipv6 access group ingress default in system.control_plane #4710

Merged
merged 2 commits into from
Nov 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
- [IP Domain-list](#ip-domain-list)
- [Clock Settings](#clock-settings)
- [NTP](#ntp)
- [System Control-Plane](#system-control-plane)
- [Management SSH](#management-ssh)
- [Management Tech-Support](#management-tech-support)
- [CVX](#cvx)
Expand Down Expand Up @@ -150,6 +151,9 @@
- [VRF Instances](#vrf-instances)
- [VRF Instances Summary](#vrf-instances-summary)
- [VRF Instances Device Configuration](#vrf-instances-device-configuration)
- [System L1](#system-l1)
- [Unsupported Interface Configurations](#unsupported-interface-configurations)
- [System L1 Device Configuration](#system-l1-device-configuration)
- [Application Traffic Recognition](#application-traffic-recognition)
- [Applications](#applications)
- [Application Profiles](#application-profiles)
Expand Down Expand Up @@ -328,6 +332,48 @@ ntp server 20.20.20.1 key <removed>
ntp server ie.pool.ntp.org iburst key <removed>
```

### System Control-Plane

#### TCP MSS Ceiling

| Protocol | Segment Size |
| -------- | -------------|
| IPv4 | 1344 |
| IPv6 | 1366 |

#### Control-Plane Access-Groups

| Protocol | VRF | Access-list |
| -------- | --- | ------------|
| IPv4 Ingress default | All | ingress_ipv4_acl |
| IPv4 | default | acl4_1 |
| IPv4 | red | acl4_2 |
| IPv4 | red_1 | acl4_2 |
| IPv4 | default | acl4_3 |
| IPv6 Ingress default | All | ingress_ipv6_acl |
| IPv6 | default | acl6_1 |
| IPv6 | blue | acl6_2 |
| IPv6 | blue_1 | acl6_2 |
| IPv6 | default | acl6_3 |

#### System Control-Plane Device Configuration

```eos
!
system control-plane
tcp mss ceiling ipv4 1344 ipv6 1366
ip access-group ingress default ingress_ipv4_acl
ip access-group acl4_1 in
ip access-group acl4_3 vrf default in
ip access-group acl4_2 vrf red in
ip access-group acl4_2 vrf red_1 in
ipv6 access-group ingress default ingress_ipv6_acl
ipv6 access-group acl6_1 in
ipv6 access-group acl6_3 vrf default in
ipv6 access-group acl6_2 vrf blue in
ipv6 access-group acl6_2 vrf blue_1 in
```

### Management SSH

#### Authentication Settings
Expand Down Expand Up @@ -6098,6 +6144,24 @@ vrf instance TENANT_A_PROJECT01
vrf instance TENANT_A_PROJECT02
```

## System L1

### Unsupported Interface Configurations

| Unsupported Configuration | action |
| ---------------- | -------|
| Speed | warn |
| Error correction | error |

### System L1 Device Configuration

```eos
!
system l1
unsupported speed action warn
unsupported error-correction action error
```

## Application Traffic Recognition

### Applications
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -500,6 +500,10 @@ no sflow hardware acceleration module Linecard3
!
service unsupported-transceiver test dsafDSFfvadskjh3424
!
system l1
unsupported speed action warn
unsupported error-correction action error
!
tap aggregation
mode exclusive profile tap-aggregation-extended
encapsulation dot1br strip
Expand Down Expand Up @@ -3065,6 +3069,19 @@ mac access-list TEST4
permit any 02:00:00:12:34:56 00:00:00:00:00:00
deny any 02:00:00:ab:cd:ef 00:00:00:00:00:00
!
system control-plane
tcp mss ceiling ipv4 1344 ipv6 1366
ip access-group ingress default ingress_ipv4_acl
ip access-group acl4_1 in
ip access-group acl4_3 vrf default in
alexeygorbunov marked this conversation as resolved.
Show resolved Hide resolved
ip access-group acl4_2 vrf red in
ip access-group acl4_2 vrf red_1 in
ipv6 access-group ingress default ingress_ipv6_acl
ipv6 access-group acl6_1 in
ipv6 access-group acl6_3 vrf default in
ipv6 access-group acl6_2 vrf blue in
ipv6 access-group acl6_2 vrf blue_1 in
!
mac address-table notification host-flap logging
mac address-table notification host-flap detection window 10
mac address-table notification host-flap detection moves 2
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ system:
tcp_mss:
ipv4: 1344
ipv6: 1366
ipv4_access_group_ingress_default: ingress_ipv4_acl
ipv4_access_groups:
- acl_name: "acl4_1"
- acl_name: "acl4_2"
Expand All @@ -11,6 +12,7 @@ system:
vrf: red_1
- acl_name: "acl4_3"
vrf: default
ipv6_access_group_ingress_default: ingress_ipv6_acl
ipv6_access_groups:
- acl_name: "acl6_1"
- acl_name: "acl6_2"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@ test_hosts:
spanning-tree-rapid-pvst:
sync-e:
tcam-profile:
system:
terminattr-cloud:
terminattr-extra-flags:
terminattr-multi-cluster-certs:
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,24 @@
| IPv6 | {{ system.control_plane.tcp_mss.ipv6 }} |
{% endif %}
{% endif %}
{% if system.control_plane.ipv4_access_groups is arista.avd.defined or system.control_plane.ipv6_access_groups is arista.avd.defined %}
{% if system.control_plane.ipv4_access_groups is arista.avd.defined or system.control_plane.ipv6_access_groups is arista.avd.defined or system.control_plane.ipv4_access_group_ingress_default is arista.avd.defined or system.control_plane.ipv6_access_group_ingress_default is arista.avd.defined %}

#### Control-Plane Access-Groups

| Protocol | VRF | Access-list |
| -------- | --- | ------------|
{# IPv4 Access-groups Ingress Default #}
{% if system.control_plane.ipv4_access_group_ingress_default is arista.avd.defined %}
| IPv4 Ingress default | All | {{ system.control_plane.ipv4_access_group_ingress_default }} |
{% endif %}
{# IPv4 Access-groups #}
{% for acl_set in system.control_plane.ipv4_access_groups | arista.avd.natural_sort %}
| IPv4 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} |
{% endfor %}
{# IPv6 Access-groups Ingress Default #}
{% if system.control_plane.ipv6_access_group_ingress_default is arista.avd.defined %}
| IPv6 Ingress default | All | {{ system.control_plane.ipv6_access_group_ingress_default }} |
{% endif %}
{# IPv6 Access-groups #}
{% for acl_set in system.control_plane.ipv6_access_groups | arista.avd.natural_sort %}
| IPv6 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ system control-plane
{{ cp_mss_cli }}
{% endif %}
{# control_plane access_groups ipv4 #}
{% if system.control_plane.ipv4_access_group_ingress_default is arista.avd.defined %}
ip access-group ingress default {{ system.control_plane.ipv4_access_group_ingress_default }}
{% endif %}
{% if system.control_plane.ipv4_access_groups is arista.avd.defined %}
{% set with_vrf_non_default = system.control_plane.ipv4_access_groups | selectattr('vrf', 'arista.avd.defined') | rejectattr('vrf', 'equalto', 'default') | arista.avd.natural_sort | arista.avd.natural_sort('vrf') %}
{% set without_vrf = system.control_plane.ipv4_access_groups | rejectattr('vrf', 'arista.avd.defined') | arista.avd.natural_sort %}
Expand All @@ -34,6 +37,9 @@ system control-plane
{{ cp_ipv4_access_grp }}
{% endfor %}
{# control_plane access_groups ipv6 #}
{% if system.control_plane.ipv6_access_group_ingress_default is arista.avd.defined %}
ipv6 access-group ingress default {{ system.control_plane.ipv6_access_group_ingress_default }}
{% endif %}
{% if system.control_plane.ipv6_access_groups is arista.avd.defined %}
{% set with_vrf_non_default = system.control_plane.ipv6_access_groups | selectattr('vrf', 'arista.avd.defined') | rejectattr('vrf', 'equalto', 'default') | arista.avd.natural_sort | arista.avd.natural_sort('vrf') %}
{% set without_vrf = system.control_plane.ipv6_access_groups | rejectattr('vrf', 'arista.avd.defined') | arista.avd.natural_sort %}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ keys:
ipv6:
type: int
description: Segment size.
ipv4_access_group_ingress_default:
type: str
description: ACL name to be used as the default CP ACL for all VRFs.
ipv4_access_groups:
type: list
unique_keys:
Expand All @@ -36,6 +39,9 @@ keys:
type: str
convert_types:
- int
ipv6_access_group_ingress_default:
type: str
description: ACL name to be used as the default CP ACL for all VRFs.
ipv6_access_groups:
type: list
unique_keys:
Expand Down
Loading